diff --git a/test/blackbox/common/BlackboxTestsSecurity.cpp b/test/blackbox/common/BlackboxTestsSecurity.cpp index 75cac4cd1b1..61ec04f8ec2 100644 --- a/test/blackbox/common/BlackboxTestsSecurity.cpp +++ b/test/blackbox/common/BlackboxTestsSecurity.cpp @@ -45,8 +45,13 @@ using namespace eprosima::fastdds::rtps; enum communication_type { TRANSPORT, - INTRAPROCESS, - DATASHARING + INTRAPROCESS +}; + +enum reliability +{ + TEST_BEST_EFFORT, + TEST_RELIABLE }; // A LogConsumer that just counts the number of entries consumed @@ -135,50 +140,244 @@ static void fill_sub_auth( } } -class Security : public testing::TestWithParam +static void fill_access( + PropertyPolicy& policy, + const std::string& governance_file = "governance_only_auth.smime", + const std::string& permissions_file = "permissions.smime", + const std::string& permissions_ca_file = "maincacert.pem") +{ + policy.properties().emplace_back("dds.sec.access.plugin", "builtin.Access-Permissions"); + policy.properties().emplace_back("dds.sec.access.builtin.Access-Permissions.permissions_ca", + "file://" + std::string(certs_path) + "/" + permissions_ca_file); + policy.properties().emplace_back("dds.sec.access.builtin.Access-Permissions.governance", + "file://" + std::string(certs_path) + "/" + governance_file); + policy.properties().emplace_back("dds.sec.access.builtin.Access-Permissions.permissions", + "file://" + std::string(certs_path) + "/" + permissions_file); +} + +static void fill_crypto( + PropertyPolicy& policy) +{ + policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); +} + +static void CommonPermissionsConfigureWriter( + PubSubWriter& writer, + const std::string& governance_file, + const std::string& permissions_file, + const PropertyPolicy& extra_properties) +{ + PropertyPolicy pub_property_policy(extra_properties); + fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, governance_file, permissions_file); + fill_crypto(pub_property_policy); + + writer.property_policy(pub_property_policy); +} + +static void CommonPermissionsConfigureReader( + PubSubReader& reader, + const std::string& governance_file, + const std::string& permissions_file, + const PropertyPolicy& extra_properties) +{ + PropertyPolicy sub_property_policy(extra_properties); + fill_sub_auth(sub_property_policy); + fill_access(sub_property_policy, governance_file, permissions_file); + fill_crypto(sub_property_policy); + + reader.property_policy(sub_property_policy); +} + +static void CommonPermissionsConfigure( + PubSubReader& reader, + PubSubWriter& writer, + const std::string& governance_file, + const std::string& permissions_file, + const PropertyPolicy& extra_properties = PropertyPolicy()) +{ + CommonPermissionsConfigureReader(reader, governance_file, permissions_file, extra_properties); + CommonPermissionsConfigureWriter(writer, governance_file, permissions_file, extra_properties); +} + +static void CommonPermissionsConfigureWriter( + PubSubWriter& writer, + const std::string& governance_file, + const std::string& permissions_file, + const PropertyPolicy& extra_properties) +{ + PropertyPolicy pub_property_policy(extra_properties); + + fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, governance_file, permissions_file); + fill_crypto(pub_property_policy); + + writer.property_policy(pub_property_policy); +} + +static void CommonPermissionsConfigureReader( + PubSubReader& reader, + const std::string& governance_file, + const std::string& permissions_file, + const PropertyPolicy& extra_properties) +{ + PropertyPolicy sub_property_policy(extra_properties); + fill_sub_auth(sub_property_policy); + fill_access(sub_property_policy, governance_file, permissions_file); + fill_crypto(sub_property_policy); + + reader.property_policy(sub_property_policy); +} + +static void CommonPermissionsConfigure( + PubSubReader& reader, + PubSubWriter& writer, + const std::string& governance_file, + const std::string& permissions_file, + const PropertyPolicy& extra_properties = PropertyPolicy()) +{ + CommonPermissionsConfigureReader(reader, governance_file, permissions_file, extra_properties); + CommonPermissionsConfigureWriter(writer, governance_file, permissions_file, extra_properties); +} + +class Security : public testing::TestWithParam> { public: void SetUp() override { eprosima::fastdds::LibrarySettings library_settings; - switch (GetParam()) + switch (std::get<0>(GetParam())) { case INTRAPROCESS: library_settings.intraprocess_delivery = eprosima::fastdds::IntraprocessDeliveryType::INTRAPROCESS_FULL; eprosima::fastdds::dds::DomainParticipantFactory::get_instance()->set_library_settings( library_settings); break; - case DATASHARING: - enable_datasharing = true; - break; case TRANSPORT: default: break; } + reliability_ = (std::get<1>(GetParam()) == TEST_RELIABLE) ? + eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS : + eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS; } void TearDown() override { eprosima::fastdds::LibrarySettings library_settings; - switch (GetParam()) + switch (std::get<0>(GetParam())) { + // Only need to tear down transports case INTRAPROCESS: library_settings.intraprocess_delivery = eprosima::fastdds::IntraprocessDeliveryType::INTRAPROCESS_OFF; eprosima::fastdds::dds::DomainParticipantFactory::get_instance()->set_library_settings( library_settings); break; - case DATASHARING: - enable_datasharing = false; - break; case TRANSPORT: default: break; } } + eprosima::fastdds::dds::ReliabilityQosPolicyKind reliability_; }; +// Per-type default data generator dispatch for test_basic_secure_communication. +inline std::list default_secure_data_generator( + HelloWorldPubSubType*) +{ + return default_helloworld_data_generator(); +} + +inline std::list default_secure_data_generator( + Data1mbPubSubType*) +{ + return default_data300kb_data_generator(); +} + +// This method tests basic reliable communication with security plugins configured +template +void test_basic_secure_communication( + PubSubReader& reader, + PubSubWriter& writer, + bool is_best_effort = false) +{ + ASSERT_TRUE(reader.isInitialized()); + ASSERT_TRUE(writer.isInitialized()); + + // Wait for authorization + reader.wait_authorized(); + writer.wait_authorized(); + + // Wait for discovery. + writer.wait_discovery(); + reader.wait_discovery(); + + auto data = default_secure_data_generator(static_cast(nullptr)); + + reader.startReception(data); + + // Send data + writer.send(data); + // In this test all data should be sent. + ASSERT_TRUE(data.empty()); + + if (is_best_effort) + { + // For best effort, samples may be lost if the security crypto context was not + // fully established on the reader side before the initial burst arrived. + // Retry sending once if fewer than 2 samples were received within the timeout. + if (reader.block_for_all(std::chrono::seconds(2)) < 2) + { + auto retry_data = default_secure_data_generator(static_cast(nullptr)); + reader.startReception(retry_data); + writer.send(retry_data); + reader.block_for_at_least(2); + } + } + else + { + // Block reader until reception finished or timeout. + reader.block_for_all(); + } +} + +// This method tests basic reliable communication with security plugins configured +void SecurityPlugins_Permissions_validation_ok_common( + PubSubReader& reader, + PubSubWriter& writer, + const std::string& governance_file, + eprosima::fastdds::dds::ReliabilityQosPolicyKind reliability = eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS) +{ + CommonPermissionsConfigure(reader, writer, governance_file, "permissions.smime"); + + reader.history_depth(10).reliability(reliability).init(); + writer.history_depth(10).reliability(reliability).init(); + test_basic_secure_communication(reader, writer, + reliability == eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS); +} + +// This method tests basic reliable communication with large data with security plugins configured +void SecurityPlugins_Permissions_validation_ok_large_data( + PubSubReader& reader, + PubSubWriter& writer, + const std::string& governance_file, + eprosima::fastdds::dds::ReliabilityQosPolicyKind reliability = eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS) +{ + // Large-data fragmentation is not exercised under best-effort + if (reliability == eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS) + { + return; + } + + CommonPermissionsConfigure(reader, writer, governance_file, "permissions.smime"); + + reader.history_depth(10).reliability(reliability).init(); + writer.history_depth(10).reliability(reliability).init(); + test_basic_secure_communication(reader, writer, false); +} + class SecurityPkcs : public ::testing::Test { public: @@ -324,56 +523,25 @@ const char* const SecurityPkcs::hsm_token_id_no_pin = "testing_token_no_pin"; const char* const SecurityPkcs::hsm_token_id_url_pin = "testing_token_url_pin"; const char* const SecurityPkcs::hsm_token_id_env_pin = "testing_token_env_pin"; -TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_validation_ok) +// This test is used to check that the security plugins are correctly loaded. Governance with minimal configuration is used +TEST(Security, SecurityPlugins_basic_configuration) { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - PropertyPolicy pub_property_policy, sub_property_policy; - - fill_sub_auth(sub_property_policy); - - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_property_policy).init(); - - ASSERT_TRUE(reader.isInitialized()); - - fill_pub_auth(pub_property_policy); - - writer.history_depth(10). - property_policy(pub_property_policy).init(); - - ASSERT_TRUE(writer.isInitialized()); - - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); - - auto data = default_helloworld_data_generator(); - - reader.startReception(data); - - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, "governance_only_auth.smime"); } // Used to detect Github issue #106 -TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_validation_ok_same_participant) +TEST(Security, SecurityPlugins_basic_configuration_same_participant) { PubSubWriterReader wreader(TEST_TOPIC_NAME); PropertyPolicy property_policy; fill_pub_auth(property_policy); + fill_access(property_policy, "governance_only_auth.smime", "permissions.smime"); + fill_crypto(property_policy); wreader.sub_history_depth(10).sub_reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS); wreader.pub_history_depth(10); @@ -396,7 +564,7 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_validation_ok_same_participan wreader.block_for_all(); } -TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_validation_fail) +TEST(Security, SecurityPlugins_basic_configuration_validation_fail) { { PubSubReader reader(TEST_TOPIC_NAME); @@ -410,6 +578,8 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_validation_fail) ASSERT_TRUE(reader.isInitialized()); fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, "governance_only_auth.smime", "permissions.smime"); + fill_crypto(pub_property_policy); writer.history_depth(10). property_policy(pub_property_policy).init(); @@ -425,6 +595,8 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_validation_fail) PropertyPolicy sub_property_policy; fill_sub_auth(sub_property_policy); + fill_access(sub_property_policy, "governance_only_auth.smime", "permissions.smime"); + fill_crypto(sub_property_policy); reader.history_depth(10). reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). @@ -441,7 +613,7 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_validation_fail) } } -TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_lossy_conditions) +TEST(Security, SecurityPlugins_basic_configuration_lossy_conditions) { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); @@ -449,6 +621,8 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_lossy_conditions) PropertyPolicy pub_property_policy, sub_property_policy; fill_sub_auth(sub_property_policy); + fill_access(sub_property_policy, "governance_only_auth.smime", "permissions.smime"); + fill_crypto(sub_property_policy); reader.history_depth(10). reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). @@ -466,6 +640,8 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_lossy_conditions) writer.add_user_transport_to_pparams(testTransport); fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, "governance_only_auth.smime", "permissions.smime"); + fill_crypto(pub_property_policy); writer.history_depth(10). property_policy(pub_property_policy).init(); @@ -482,7 +658,7 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_lossy_conditions) } // Regresion test for Refs #13295, github #2362 -TEST(Security, BuiltinAuthenticationPlugin_second_participant_creation_loop) +TEST(Security, SecurityPlugins_basic_configuration_second_participant_creation_loop) { constexpr size_t n_loops = 101; @@ -557,13 +733,19 @@ TEST(Security, BuiltinAuthenticationPlugin_second_participant_creation_loop) }; // Prepare participant properties - PropertyPolicy property_policy; - fill_pub_auth(property_policy); + PropertyPolicy pub_property_policy, sub_property_policy; + fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, "governance_only_auth.smime", "permissions.smime"); + fill_crypto(pub_property_policy); + + fill_sub_auth(sub_property_policy); + fill_access(sub_property_policy, "governance_only_auth.smime", "permissions.smime"); + fill_crypto(sub_property_policy); // Create the participant being checked PubSubReader main_participant("HelloWorldTopic"); main_participant.disable_builtin_transport().add_user_transport_to_pparams(transport); - main_participant.property_policy(property_policy).init(); + main_participant.property_policy(pub_property_policy).init(); EXPECT_TRUE(main_participant.isInitialized()); // Perform a loop in which we create another participant, and destroy it just after it has been discovered. @@ -579,7 +761,7 @@ TEST(Security, BuiltinAuthenticationPlugin_second_participant_creation_loop) // Create another participant with authentication enabled PubSubParticipant other_participant(0, 0, 0, 0); - EXPECT_TRUE(other_participant.property_policy(property_policy).init_participant()); + EXPECT_TRUE(other_participant.property_policy(sub_property_policy).init_participant()); // Wait for the main participant to send an authentication message to the other participant auth_message_send_status.wait(); @@ -592,7 +774,7 @@ TEST(Security, BuiltinAuthenticationPlugin_second_participant_creation_loop) EXPECT_EQ(0u, n_logs); } -TEST_P(Security, BuiltinAuthenticationPlugin_ensure_same_guid_reconnection) +TEST(Security, SecurityPlugins_basic_configuration_ensure_same_guid_reconnection) { constexpr size_t n_loops = 10; @@ -609,12 +791,18 @@ TEST_P(Security, BuiltinAuthenticationPlugin_ensure_same_guid_reconnection) Log::RegisterConsumer(std::unique_ptr(new TestConsumer(n_logs))); // Prepare participant properties - PropertyPolicy property_policy; - fill_pub_auth(property_policy); + PropertyPolicy pub_property_policy, sub_property_policy; + fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, "governance_only_auth.smime", "permissions.smime"); + fill_crypto(pub_property_policy); + + fill_sub_auth(sub_property_policy); + fill_access(sub_property_policy, "governance_only_auth.smime", "permissions.smime"); + fill_crypto(sub_property_policy); // Create the participant being checked PubSubWriter main_participant("HelloWorldTopic"); - main_participant.property_policy(property_policy).init(); + main_participant.property_policy(pub_property_policy).init(); EXPECT_TRUE(main_participant.isInitialized()); eprosima::fastdds::rtps::GuidPrefix_t guid_prefix; @@ -632,7 +820,7 @@ TEST_P(Security, BuiltinAuthenticationPlugin_ensure_same_guid_reconnection) // Create another participant with authentication enabled and custom GUID PubSubReader other_participant("HelloWorldTopic"); - other_participant.property_policy(property_policy).guid_prefix(guid_prefix).init(); + other_participant.property_policy(sub_property_policy).guid_prefix(guid_prefix).init(); EXPECT_TRUE(other_participant.isInitialized()); // Wait for mutual discovery and authentication @@ -647,3399 +835,3522 @@ TEST_P(Security, BuiltinAuthenticationPlugin_ensure_same_guid_reconnection) EXPECT_EQ(0u, n_logs); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_rtps_ok) +TEST_P(Security, SecurityPlugins_governance_rule_order) { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); - - PropertyPolicy pub_property_policy, sub_property_policy; - - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - - reader.history_depth(10). - property_policy(sub_property_policy).init(); + { + // Governance rule for topic *HelloWorldTopic* with enable_read/write_access_contrl set to false + // Governance rule for topic * with enable_read/write_access_contrl set to true + // Permission denied for topic HelloWorldTopic + // Creation of reader and writer is allowed + PubSubReader reader("HelloWorldTopic"); + PubSubWriter writer("HelloWorldTopic"); + std::string governance_file("governance_rule_order_test.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); + } - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); + { + // Governance rule for topic * with enable_read/write_access_contrl set to true + // Governance rule for topic *HelloWorldTopic* with enable_read/write_access_contrl set to false + // Permission denied for topic HelloWorldTopic + // Creation of reader and writer is denied + PubSubReader reader("HelloWorldTopic"); + PubSubWriter writer("HelloWorldTopic"); + std::string governance_file("governance_rule_order_test_inverse.smime"); - writer.history_depth(10). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - property_policy(pub_property_policy).init(); + PropertyPolicy pub_property_policy, sub_property_policy; - ASSERT_TRUE(writer.isInitialized()); + fill_sub_auth(sub_property_policy); + fill_access(sub_property_policy, governance_file); + fill_crypto(sub_property_policy); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); + reader.property_policy(sub_property_policy).init(); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + ASSERT_FALSE(reader.isInitialized()); - auto data = default_helloworld_data_generator(); + fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, governance_file); + fill_crypto(pub_property_policy); - reader.startReception(data); + writer.property_policy(pub_property_policy).init(); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); + ASSERT_FALSE(writer.isInitialized()); + } } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_shm_transport_ok) +TEST_P(Security, SecurityPlugins_multiple_endpoints_matching) { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + { + std::string governance_file("governance_helloworld_all_enable.smime"); + std::string permissions_file("permissions_helloworld.smime"); - auto shm_transport = std::make_shared(); - auto udp_transport = std::make_shared(); - const uint32_t segment_size = 1024 * 1024; - shm_transport->segment_size(segment_size); - shm_transport->max_message_size(segment_size); - reader.disable_builtin_transport(); - reader.add_user_transport_to_pparams(shm_transport); - writer.disable_builtin_transport(); - writer.add_user_transport_to_pparams(shm_transport); + PropertyPolicy pub_property_policy; + fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, governance_file, permissions_file); + fill_crypto(pub_property_policy); - PropertyPolicy pub_property_policy, sub_property_policy; + PubSubParticipant publishers(3u, 0u, 9u, 0u); + publishers.property_policy(pub_property_policy) + .pub_topic_name("HelloWorldTopic"); + ASSERT_TRUE(publishers.init_participant()); - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); + // Initializing two publishers in the same participant + ASSERT_TRUE(publishers.init_publisher(0u)); + ASSERT_TRUE(publishers.init_publisher(1u)); - reader.history_depth(10). - property_policy(sub_property_policy).init(); + PropertyPolicy sub_property_policy; + fill_sub_auth(sub_property_policy); + fill_access(sub_property_policy, governance_file, permissions_file); + fill_crypto(sub_property_policy); - ASSERT_TRUE(reader.isInitialized()); + PubSubParticipant subscribers(0u, 3u, 0u, 9u); + subscribers.property_policy(sub_property_policy) + .sub_topic_name("HelloWorldTopic"); + ASSERT_TRUE(subscribers.init_participant()); - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); + // Initializing two subscribers in the same participant + ASSERT_TRUE(subscribers.init_subscriber(0u)); + ASSERT_TRUE(subscribers.init_subscriber(1u)); - writer.history_depth(10). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - property_policy(pub_property_policy).init(); - - ASSERT_TRUE(writer.isInitialized()); - - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); - - auto data = default_helloworld_data_generator(); + // Wait for discovery: 2 subs x 2 pubs + publishers.pub_wait_discovery(4u); + subscribers.sub_wait_discovery(4u); - reader.startReception(data); + // Initializing one late joiner in the participants + ASSERT_TRUE(subscribers.init_subscriber(2u)); + ASSERT_TRUE(publishers.init_publisher(2u)); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); + // Wait for discovery: 3 subs x 3 pubs + publishers.pub_wait_discovery(); + subscribers.sub_wait_discovery(); + } } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_shm_udp_transport_ok) +// Regression test of Refs #5346, Github #441. +TEST_P(Security, SecurityPlugins_Permissions_validation_fail_on_topic_wildcards) { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); - - auto shm_transport = std::make_shared(); - auto udp_transport = std::make_shared(); - const uint32_t segment_size = 1024 * 1024; - shm_transport->segment_size(segment_size); - shm_transport->max_message_size(segment_size); - reader.disable_builtin_transport(); - reader.add_user_transport_to_pparams(shm_transport); - reader.add_user_transport_to_pparams(udp_transport); - writer.disable_builtin_transport(); - writer.add_user_transport_to_pparams(shm_transport); - writer.add_user_transport_to_pparams(udp_transport); - - PropertyPolicy pub_property_policy, sub_property_policy; - - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - - reader.history_depth(10). - property_policy(sub_property_policy).init(); - - ASSERT_TRUE(reader.isInitialized()); - - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - - writer.history_depth(10). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - property_policy(pub_property_policy).init(); - - ASSERT_TRUE(writer.isInitialized()); - - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); - - auto data = default_helloworld_data_generator(); - - reader.startReception(data); - - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); -} + std::string governance_file("governance_helloworld_all_enable.smime"); + std::string permissions_file("permissions_helloworld.smime"); + { + // Wildcards are only considered on PERMISSIONS, Topic values should be treated as plain strings + PubSubReader reader("*"); + PubSubWriter writer("*"); -TEST(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_rtps_ok) -{ - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + PropertyPolicy pub_property_policy, sub_property_policy; - PropertyPolicy pub_property_policy, sub_property_policy; + fill_sub_auth(sub_property_policy); + fill_access(sub_property_policy, governance_file, permissions_file); + fill_crypto(sub_property_policy); - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); + reader.setManualTopicName("*"). + property_policy(sub_property_policy).init(); + ASSERT_FALSE(reader.isInitialized()); - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_property_policy).init(); + fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, governance_file, permissions_file); + fill_crypto(pub_property_policy); - ASSERT_TRUE(reader.isInitialized()); + writer.setManualTopicName("*"). + property_policy(pub_property_policy).init(); - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); + ASSERT_FALSE(writer.isInitialized()); + } - writer.history_depth(10). - property_policy(pub_property_policy).init(); + { + // Wildcards are only considered on PERMISSIONS, Topic values should be treated as plain strings + PubSubReader reader("HelloWorldTopic"); + PubSubWriter writer("HelloWorldTopic"); - ASSERT_TRUE(writer.isInitialized()); + PropertyPolicy pub_property_policy, sub_property_policy; - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); + fill_sub_auth(sub_property_policy); + fill_access(sub_property_policy, governance_file, permissions_file); + fill_crypto(sub_property_policy); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + reader.history_depth(10). + reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). + property_policy(sub_property_policy).init(); - auto data = default_helloworld_data_generator(); + fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, governance_file, permissions_file); + fill_crypto(pub_property_policy); - reader.startReception(data); + writer.history_depth(10). + property_policy(pub_property_policy).init(); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); + test_basic_secure_communication(reader, writer); + } } -// Used to detect Github issue #106 -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_rtps_ok_same_participant) +// Regression test of Refs #5346, Github #441. +TEST_P(Security, SecurityPlugins_Permissions_validation_fail_on_partition_wildcards) { - PubSubWriterReader wreader(TEST_TOPIC_NAME); - - PropertyPolicy property_policy; - - fill_pub_auth(property_policy); - property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - - wreader.pub_history_depth(10).sub_history_depth(10).sub_reliability( - eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS) - .sub_durability_kind(eprosima::fastdds::dds::DurabilityQosPolicyKind::TRANSIENT_LOCAL_DURABILITY_QOS); - wreader.property_policy(property_policy).init(); - - ASSERT_TRUE(wreader.isInitialized()); - - // Wait for discovery. - wreader.wait_discovery(); - - auto data = default_helloworld_data_generator(); - - wreader.startReception(data); - - // Send data - wreader.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - wreader.block_for_all(); -} + std::string governance_file("governance_helloworld_all_enable.smime"); + std::string permissions_file("permissions_helloworld_partitions.smime"); + { + // Wildcards are only considered on PERMISSIONS, partition values should be treated as plain strings + PubSubReader reader("HelloWorldTopic"); + PubSubWriter writer("HelloWorldTopic"); -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_large_string) -{ - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + PropertyPolicy pub_property_policy, sub_property_policy; - PropertyPolicy pub_property_policy, sub_property_policy; + fill_sub_auth(sub_property_policy); + fill_access(sub_property_policy, governance_file, permissions_file); + fill_crypto(sub_property_policy); - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); + reader.partition("*"). + property_policy(sub_property_policy).init(); + ASSERT_FALSE(reader.isInitialized()); - reader.history_depth(10). - property_policy(sub_property_policy).init(); + fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, governance_file, permissions_file); + fill_crypto(pub_property_policy); - ASSERT_TRUE(reader.isInitialized()); + writer.partition("*"). + property_policy(pub_property_policy).init(); - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); + ASSERT_FALSE(writer.isInitialized()); + } - writer.history_depth(10). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - property_policy(pub_property_policy).init(); + { + // Wildcards are only considered on PERMISSIONS, partition values should be treated as plain strings + PubSubReader reader("HelloWorldTopic"); + PubSubWriter writer("HelloWorldTopic"); - ASSERT_TRUE(writer.isInitialized()); + PropertyPolicy pub_property_policy, sub_property_policy; - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); + fill_sub_auth(sub_property_policy); + fill_access(sub_property_policy, governance_file, permissions_file); + fill_crypto(sub_property_policy); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + reader.history_depth(10). + reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). + property_policy(sub_property_policy). + partition("Partition1").init(); - auto data = default_large_string_data_generator(); + fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, governance_file, permissions_file); + fill_crypto(pub_property_policy); - reader.startReception(data); + writer.history_depth(10). + property_policy(pub_property_policy). + partition("Partition*").init(); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); + test_basic_secure_communication(reader, writer); + } } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_rtps_large_string) +// Regression test of Refs #20658, Github #4553. +TEST_P(Security, SecurityPlugins_Permissions_validation_toggle_partition) { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + PubSubWriter writer("HelloWorldTopic"); + PubSubReader reader_p_1("HelloWorldTopic"); + PubSubReader reader_p_2("HelloWorldTopic"); - PropertyPolicy pub_property_policy, sub_property_policy; + std::string governance_file("governance_helloworld_all_enable.smime"); + std::string permissions_file("permissions_helloworld_partitions.smime"); + // Prepare subscriptions security properties + PropertyPolicy sub_property_policy; fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); + fill_access(sub_property_policy, governance_file, permissions_file); + fill_crypto(sub_property_policy); - reader.history_depth(10). + // Initialize one reader on each partition + reader_p_1.partition("Partition1"). reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_property_policy).init(); + property_policy(sub_property_policy). + init(); + ASSERT_TRUE(reader_p_1.isInitialized()); - ASSERT_TRUE(reader.isInitialized()); + reader_p_2.partition("Partition2"). + reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). + property_policy(sub_property_policy). + init(); + ASSERT_TRUE(reader_p_2.isInitialized()); + // Prepare publication security properties + PropertyPolicy pub_property_policy; fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - - writer.history_depth(10). - property_policy(pub_property_policy).init(); + fill_access(pub_property_policy, governance_file, permissions_file); + fill_crypto(pub_property_policy); + // Initialize a writer on both partitions + writer.partition("Partition1").partition("Partition2"). + property_policy(pub_property_policy). + init(); ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); - - auto data = default_large_string_data_generator(); - - reader.startReception(data); - - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); -} - -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_rtps_data300kb) -{ - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); - - PropertyPolicy pub_property_policy, sub_property_policy; - - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - - reader.history_depth(5). - property_policy(sub_property_policy).init(); - - ASSERT_TRUE(reader.isInitialized()); - - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - - // When doing fragmentation, it is necessary to have some degree of - // flow control not to overrun the receive buffer. - uint32_t bytesPerPeriod = 65536; - uint32_t periodInMs = 500; - - writer.history_depth(5). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - asynchronously(eprosima::fastdds::dds::ASYNCHRONOUS_PUBLISH_MODE). - add_flow_controller_descriptor_to_pparams( - eprosima::fastdds::rtps::FlowControllerSchedulerPolicy::FIFO, bytesPerPeriod, periodInMs). - property_policy(pub_property_policy).init(); - - ASSERT_TRUE(writer.isInitialized()); + // Wait for all entities to discover each other + reader_p_1.wait_discovery(); + reader_p_2.wait_discovery(); + writer.wait_discovery(2u); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); + constexpr size_t num_samples = 100; + auto data = default_helloworld_data_generator(num_samples); + reader_p_1.startReception(data); + reader_p_2.startReception(data); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + for (size_t i = 0; i < num_samples; ++i) + { + // Switch to third partition and wait for all entities to unmatch + writer.update_partition("Partition3"); + reader_p_1.wait_writer_undiscovery(); + reader_p_2.wait_writer_undiscovery(); + writer.wait_discovery(0u); - auto data = default_data300kb_data_generator(5); + // Switch partition and wait for the corresponding reader to discover the writer + if (0 == i % 2) + { + writer.update_partition("Partition1"); + reader_p_1.wait_discovery(); + } + else + { + writer.update_partition("Partition2"); + reader_p_2.wait_discovery(); + } - reader.startReception(data); + // Ensure the writer matches the reader before sending the sample + writer.wait_discovery(1u); + writer.send_sample(data.front()); + data.pop_front(); + writer.waitForAllAcked(std::chrono::milliseconds(100)); + } - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); + EXPECT_EQ(num_samples / 2u, reader_p_1.getReceivedCount()); + EXPECT_EQ(num_samples / 2u, reader_p_2.getReceivedCount()); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_rtps_data300kb) +template +void prepare_pkcs11_nodes( + PubSubReader& reader, + PubSubWriter& writer, + const std::string& reader_private_key_url, + const std::string& writer_private_key_url) { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_helloworld_all_enable.smime"); + std::string permissions_file("permissions_helloworld.smime"); - PropertyPolicy pub_property_policy, sub_property_policy; + // With no PIN, the load of the private key fails + PropertyPolicy pub_property_policy; + PropertyPolicy sub_property_policy; - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); + sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", + "builtin.PKI-DH")); + sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", + "file://" + std::string(certs_path) + "/maincacert.pem")); + sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", + "file://" + std::string(certs_path) + "/mainsubcert.pem")); + sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", + reader_private_key_url)); + fill_access(sub_property_policy, governance_file, permissions_file); + fill_crypto(sub_property_policy); - reader.history_depth(5). + reader.history_depth(10). reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). property_policy(sub_property_policy).init(); - ASSERT_TRUE(reader.isInitialized()); + pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", + "builtin.PKI-DH")); + pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", + "file://" + std::string(certs_path) + "/maincacert.pem")); + pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", + "file://" + std::string(certs_path) + "/mainpubcert.pem")); + pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", + writer_private_key_url)); + fill_access(pub_property_policy, governance_file, permissions_file); + fill_crypto(pub_property_policy); - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - - // When doing fragmentation, it is necessary to have some degree of - // flow control not to overrun the receive buffer. - uint32_t bytesPerPeriod = 65536; - uint32_t periodInMs = 50; - - writer.history_depth(5). - asynchronously(eprosima::fastdds::dds::ASYNCHRONOUS_PUBLISH_MODE). - add_flow_controller_descriptor_to_pparams( - eprosima::fastdds::rtps::FlowControllerSchedulerPolicy::FIFO, bytesPerPeriod, periodInMs). + writer.history_depth(10). property_policy(pub_property_policy).init(); +} - ASSERT_TRUE(writer.isInitialized()); +TEST_F(SecurityPkcs, SecurityPlugins_pkcs11_key) +{ + { + PubSubReader reader("HelloWorldTopic"); + PubSubWriter writer("HelloWorldTopic"); + prepare_pkcs11_nodes(reader, writer, + tokens[hsm_token_id_no_pin].urls[hsm_mainsubkey_label], + tokens[hsm_token_id_no_pin].urls[hsm_mainpubkey_label]); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); + ASSERT_FALSE(reader.isInitialized()); + ASSERT_FALSE(writer.isInitialized()); + } + { + PubSubReader reader("HelloWorldTopic"); + PubSubWriter writer("HelloWorldTopic"); + prepare_pkcs11_nodes(reader, writer, + tokens[hsm_token_id_url_pin].urls[hsm_mainsubkey_label] + "?pin-value=" + hsm_token_pin, + tokens[hsm_token_id_url_pin].urls[hsm_mainpubkey_label] + "?pin-value=" + hsm_token_pin); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + test_basic_secure_communication(reader, writer); + } + { + // Set the PIN on the environment variable +#ifdef _WIN32 + _putenv_s("FASTDDS_PKCS11_PIN", "1234"); +#else + setenv("FASTDDS_PKCS11_PIN", "1234", 1); +#endif // ifdef _WIN32 - auto data = default_data300kb_data_generator(5); + PubSubReader reader("HelloWorldTopic"); + PubSubWriter writer("HelloWorldTopic"); + prepare_pkcs11_nodes(reader, writer, + tokens[hsm_token_id_env_pin].urls[hsm_mainsubkey_label], + tokens[hsm_token_id_env_pin].urls[hsm_mainpubkey_label]); - reader.startReception(data); + test_basic_secure_communication(reader, writer); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); + // unset the PIN environment variable for the next round +#ifdef _WIN32 + _putenv_s("FASTDDS_PKCS11_PIN", ""); +#else + unsetenv("FASTDDS_PKCS11_PIN"); +#endif // ifdef _WIN32 + } } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_submessage_ok) +// Regression test of Refs #16168, Github #3102. +TEST_P(Security, RemoveParticipantProxyDataonSecurityManagerLeaseExpired_validation_no_deadlock) { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_helloworld_disable_liveliness.smime"); + std::string permissions_file("permissions_helloworld.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + //!Lambda for configuring publisher participant qos and security properties + auto secure_participant_pub_configurator = [&governance_file, + &permissions_file](const std::shared_ptr>& part, + const std::shared_ptr& transport_interface) + { + part->lease_duration(3, 1); + part->disable_builtin_transport().add_user_transport_to_pparams(transport_interface); - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + PropertyPolicy property_policy; - reader.history_depth(10). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); + fill_pub_auth(property_policy); + fill_access(property_policy, governance_file, permissions_file); + fill_crypto(property_policy); - ASSERT_TRUE(reader.isInitialized()); + std::cout << " Configuring Publisher Participant Properties " << std::endl; - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + part->property_policy(property_policy); - writer.history_depth(10). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); + }; + //!Lambda for configuring subscriber participant qos and security properties + auto secure_participant_sub_configurator = [&governance_file, + &permissions_file](const std::shared_ptr>& part, + const std::shared_ptr& transport_interface) + { + part->lease_duration(3, 1); + part->disable_builtin_transport().add_user_transport_to_pparams(transport_interface); - ASSERT_TRUE(writer.isInitialized()); + PropertyPolicy property_policy; - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); + fill_sub_auth(property_policy); + fill_access(property_policy, governance_file, permissions_file); + fill_crypto(property_policy); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + std::cout << " Configuring Subscriber Participant Properties " << std::endl; - auto data = default_helloworld_data_generator(); + part->property_policy(property_policy); - reader.startReception(data); + }; - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); -} + //! 1.Spawn a couple of participants writer/reader + std::string topic_name = "HelloWorldTopic"; + auto pubsub_writer = std::make_shared>(topic_name); + auto pubsub_reader = std::make_shared>(topic_name); -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_submessage_ok) -{ - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + // Initialization of all the participants + std::cout << "Initializing PubSubs for topic " << topic_name << std::endl; - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + auto test_udptransport = std::make_shared(); + auto udp_transport = std::make_shared(); - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + // 2.Configure the participants + secure_participant_pub_configurator(pubsub_writer, test_udptransport); + pubsub_writer->init(); + ASSERT_EQ(pubsub_writer->isInitialized(), true); - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); + secure_participant_sub_configurator(pubsub_reader, udp_transport); + pubsub_reader->init(); + ASSERT_EQ(pubsub_reader->isInitialized(), true); - ASSERT_TRUE(reader.isInitialized()); + std::cout << std::endl << "Waiting discovery between participants." << std::endl; - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + // 3.Wait for authorization + pubsub_reader->wait_authorized(); + pubsub_writer->wait_authorized(); - writer.history_depth(10). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); + // 4.Wait for discovery. + pubsub_reader->wait_discovery(); + pubsub_writer->wait_discovery(); - ASSERT_TRUE(writer.isInitialized()); + auto data = default_helloworld_data_generator(); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); + pubsub_reader->startReception(data); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + // 5.Send data + pubsub_writer->send(data); - auto data = default_helloworld_data_generator(); + // 6.Block reader until reception finished or timeout. + pubsub_reader->block_for_at_least(2); - reader.startReception(data); + std::cout << "Reader received at least two samples, shutting down publisher " << std::endl; - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); -} + //! 7.Simulate a force-quit (cntrl+c) on the publisher by dropping connection + test_udptransport->test_transport_options->test_UDPv4Transport_ShutdownAllNetwork = true; -// Used to detect Github issue #106 -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_submessage_ok_same_participant) -{ - PubSubWriterReader wreader(TEST_TOPIC_NAME); + bool pubsub_writer_undiscovered; - PropertyPolicy pub_property_policy, sub_property_policy, - property_policy; + //! 8.Wait reader to remove writer participant + //! Writer participant lease duration will expire in 3 secs + //! Check if deadlock is produced when accessing ResourceEvent collection + //! to unregister a TimedEvent() in ResourceEvent + pubsub_writer_undiscovered = pubsub_reader->wait_participant_undiscovery(std::chrono::seconds(6)); - fill_pub_auth(pub_property_policy); - property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + //! 9.Assert if last operation timed out + ASSERT_TRUE(pubsub_writer_undiscovered); - wreader.pub_history_depth(10).sub_history_depth(10).sub_reliability( - eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS) - .sub_durability_kind(eprosima::fastdds::dds::DurabilityQosPolicyKind::TRANSIENT_LOCAL_DURABILITY_QOS); - wreader.property_policy(property_policy). - pub_property_policy(pub_property_policy). - sub_property_policy(sub_property_policy).init(); +} - ASSERT_TRUE(wreader.isInitialized()); +TEST(Security, AllowUnauthenticatedParticipants_EntityCreationFailsIfRTPSProtectionIsNotNONE) +{ + PubSubReader reader("HelloWorldTopic"); + std::string governance_file("governance_allow_unauth_rtps_encrypt.smime"); - // Wait for discovery. - wreader.wait_discovery(); + PropertyPolicy property_policy; - auto data = default_helloworld_data_generator(); + fill_sub_auth(property_policy); + fill_access(property_policy, governance_file, "permissions_helloworld.smime"); + fill_crypto(property_policy); - wreader.startReception(data); + reader.property_policy(property_policy).init(); - // Send data - wreader.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - wreader.block_for_all(); + //! If allow_unauthenticated_participants TRUE and rtps_protection is not NONE + //! Entity creation must fail + ASSERT_FALSE(reader.isInitialized()); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_submessage_large_string) + +TEST(Security, AllowUnauthenticatedParticipants_TwoSecureParticipantsWithDifferentCertificatesAreAbleToMatch) { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + //! Create + PubSubReader reader("HelloWorldTopic"); + PubSubWriter writer("HelloWorldTopic"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + PropertyPolicy pub_property_policy, sub_property_policy; - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", + "builtin.PKI-DH")); + sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", + "file://" + std::string(certs_path) + "/othercacert.pem")); + sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", + "file://" + std::string(certs_path) + "/othersubcert.pem")); + sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", + "file://" + std::string(certs_path) + "/othersubkey.pem")); + fill_access(sub_property_policy, "governance_allow_unauth_all_disabled_access_none_other_ca.smime", + "permissions_helloworld_securehelloworld_other_ca.smime", "othercacert.pem"); + fill_crypto(sub_property_policy); reader.history_depth(10). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); + reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). + property_policy(sub_property_policy).init(); ASSERT_TRUE(reader.isInitialized()); - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, "governance_allow_unauth_all_disabled_access_none.smime", + "permissions_helloworld_securehelloworld.smime"); + fill_crypto(pub_property_policy); writer.history_depth(10). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); + reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). + property_policy(pub_property_policy).init(); ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); + //! Wait for the authorization to fail (~15secs) + writer.wait_unauthorized(); - // Wait for discovery. + //! Wait for the discovery writer.wait_discovery(); - reader.wait_discovery(); - auto data = default_large_string_data_generator(); + //! check that the writer matches the reader because of having allow_unauthenticated_participants enabled + ASSERT_TRUE(writer.is_matched()); + + //! Data is correctly sent and received + auto data = default_helloworld_data_generator(); reader.startReception(data); - // Send data writer.send(data); + // In this test all data should be sent. ASSERT_TRUE(data.empty()); + // Block reader until reception finished or timeout. - reader.block_for_at_least(2); + reader.block_for_all(); + } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_submessage_large_string) +TEST(Security, AllowUnauthenticatedParticipants_TwoParticipantsDifferentCertificatesWithReadWriteProtectionDoNotMatch) { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + //! Create + PubSubReader reader("HelloWorldTopic"); + PubSubWriter writer("HelloWorldTopic"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + PropertyPolicy pub_property_policy, sub_property_policy; - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", + "builtin.PKI-DH")); + sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", + "file://" + std::string(certs_path) + "/othercacert.pem")); + sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", + "file://" + std::string(certs_path) + "/othersubcert.pem")); + sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", + "file://" + std::string(certs_path) + "/othersubkey.pem")); + fill_access(sub_property_policy, "governance_allow_unauth_all_disabled_read_write_enabled_other_ca.smime", + "permissions_helloworld_securehelloworld_other_ca.smime", "othercacert.pem"); + fill_crypto(sub_property_policy); reader.history_depth(10). reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); + property_policy(sub_property_policy).init(); ASSERT_TRUE(reader.isInitialized()); - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + fill_pub_auth(pub_property_policy); + fill_access(pub_property_policy, "governance_allow_unauth_all_disabled_read_write_enabled.smime", + "permissions_helloworld_securehelloworld.smime"); + fill_crypto(pub_property_policy); writer.history_depth(10). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); + reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). + property_policy(pub_property_policy).init(); ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); - - auto data = default_large_string_data_generator(); + //! Wait for the authorization to fail (~15secs) + writer.wait_unauthorized(); - reader.startReception(data); + //! Wait some time afterwards (this will time out) + writer.wait_discovery(std::chrono::seconds(1)); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); + //! check that the writer does not match the reader because of + //! having read and write protection enabled + //! despite allow_unauthenticated_participants is enabled + ASSERT_FALSE(writer.is_matched()); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_submessage_data300kb) +// Regresion test for redmine issue 20166 +TEST(Security, InANonSecureParticipantWithTwoSecureParticipantScenario_TheTwoSecureParticipantsCorrectlyCommunicate) { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + // Create + PubSubReader non_secure_reader("HelloWorldTopic"); + PubSubReader secure_reader("HelloWorldTopic"); + PubSubWriter secure_writer("HelloWorldTopic"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + // Configure security + const std::string governance_file("governance_helloworld_all_enable.smime"); + const std::string permissions_file("permissions_helloworld.smime"); + CommonPermissionsConfigure(secure_reader, secure_writer, governance_file, permissions_file); - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + secure_writer.history_depth(10). + reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS).init(); - reader.history_depth(5). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); + ASSERT_TRUE(secure_writer.isInitialized()); - ASSERT_TRUE(reader.isInitialized()); + non_secure_reader.history_depth(10). + reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS).init(); - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + ASSERT_TRUE(non_secure_reader.isInitialized()); - // When doing fragmentation, it is necessary to have some degree of - // flow control not to overrun the receive buffer. - uint32_t bytesPerPeriod = 65536; - uint32_t periodInMs = 500; + secure_reader.history_depth(10). + reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS).init(); - writer.history_depth(5). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - asynchronously(eprosima::fastdds::dds::ASYNCHRONOUS_PUBLISH_MODE). - add_flow_controller_descriptor_to_pparams( - eprosima::fastdds::rtps::FlowControllerSchedulerPolicy::FIFO, bytesPerPeriod, periodInMs). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); + ASSERT_TRUE(secure_reader.isInitialized()); - ASSERT_TRUE(writer.isInitialized()); + // Wait for the authorization + secure_reader.wait_authorized(); + secure_writer.wait_authorized(); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); + // Wait for discovery + secure_writer.wait_discovery(std::chrono::seconds(5)); + secure_reader.wait_discovery(std::chrono::seconds(5)); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + // Data is correctly sent and received + auto data = default_helloworld_data_generator(); - auto data = default_data300kb_data_generator(5); + secure_reader.startReception(data); - reader.startReception(data); + secure_writer.send(data); - // Send data - writer.send(data); // In this test all data should be sent. ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); + + secure_reader.block_for_all(); + EXPECT_EQ(non_secure_reader.getReceivedCount(), 0u); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_submessage_data300kb) +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); - - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; - - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); - reader.history_depth(5). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - ASSERT_TRUE(reader.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt_large_data_only) +// *INDENT-ON* +{ + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); + // Use a topic name that matches the governance rule for enable_discovery_enable_access_encrypt + std::string topic_name = + "Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/large_data_" + + std::to_string(GET_PID()); + PubSubReader reader_large_data(topic_name); + PubSubWriter writer_large_data(topic_name); + SecurityPlugins_Permissions_validation_ok_large_data(reader_large_data, + writer_large_data, governance_file, reliability_); +} - // When doing fragmentation, it is necessary to have some degree of - // flow control not to overrun the receive buffer. - uint32_t bytesPerPeriod = 65536; - uint32_t periodInMs = 50; +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); - writer.history_depth(5). - asynchronously(eprosima::fastdds::dds::ASYNCHRONOUS_PUBLISH_MODE). - add_flow_controller_descriptor_to_pparams( - eprosima::fastdds::rtps::FlowControllerSchedulerPolicy::FIFO, bytesPerPeriod, periodInMs). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_data300kb_data_generator(5); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_payload_ok) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - reader.history_depth(10). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - writer.history_depth(10). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); - ASSERT_TRUE(writer.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); - auto data = default_helloworld_data_generator(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.startReception(data); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_payload_ok) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign) +// *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - writer.history_depth(10). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); - ASSERT_TRUE(writer.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_none.smime"); - auto data = default_helloworld_data_generator(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.startReception(data); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_none.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -// Used to detect Github issue #106 -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_payload_ok_same_participant) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* { - PubSubWriterReader wreader(TEST_TOPIC_NAME); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_none.smime"); - PropertyPolicy pub_property_policy, sub_property_policy, - property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(property_policy); - property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - wreader.pub_history_depth(10).sub_history_depth(10).sub_reliability( - eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS) - .sub_durability_kind(eprosima::fastdds::dds::DurabilityQosPolicyKind::TRANSIENT_LOCAL_DURABILITY_QOS); - wreader.property_policy(property_policy). - pub_property_policy(pub_property_policy). - sub_property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_none.smime"); - ASSERT_TRUE(wreader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Wait for discovery. - wreader.wait_discovery(); - auto data = default_helloworld_data_generator(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_none.smime"); - wreader.startReception(data); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Send data - wreader.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - wreader.block_for_all(); + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_none.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_payload_ok_same_participant_300kb) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* { - PubSubWriterReader wreader(TEST_TOPIC_NAME); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_none.smime"); - PropertyPolicy pub_property_policy, sub_property_policy, property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(property_policy); - property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - wreader.pub_history_depth(10).sub_history_depth(10).sub_reliability( - eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS) - .sub_durability_kind(eprosima::fastdds::dds::DurabilityQosPolicyKind::TRANSIENT_LOCAL_DURABILITY_QOS); - wreader.property_policy(property_policy). - pub_property_policy(pub_property_policy). - sub_property_policy(sub_property_policy).init(); - ASSERT_TRUE(wreader.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_none.smime"); - // Wait for discovery. - wreader.wait_discovery(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_data300kb_data_generator(); - wreader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_none.smime"); - // Send data - wreader.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - wreader.block_for_all(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_payload_large_string) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_sign) +// *INDENT-ON* { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_none.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - reader.history_depth(10). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_none.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_none.smime"); - writer.history_depth(10). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_sign.smime"); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_large_string_data_generator(); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_sign.smime"); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_payload_large_string) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_sign.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_sign.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - writer.history_depth(10). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_sign.smime"); - ASSERT_TRUE(writer.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_sign.smime"); - auto data = default_large_string_data_generator(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.startReception(data); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_sign.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_payload_data300kb) + + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_sign.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - reader.history_depth(5). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_sign.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - // When doing fragmentation, it is necessary to have some degree of - // flow control not to overrun the receive buffer. - uint32_t bytesPerPeriod = 65536; - uint32_t periodInMs = 500; +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_sign.smime"); - writer.history_depth(5). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - asynchronously(eprosima::fastdds::dds::ASYNCHRONOUS_PUBLISH_MODE). - add_flow_controller_descriptor_to_pparams( - eprosima::fastdds::rtps::FlowControllerSchedulerPolicy::FIFO, bytesPerPeriod, periodInMs). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_sign.smime"); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_data300kb_data_generator(5); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_disable_access_sign.smime"); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_payload_data300kb) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - reader.history_depth(5). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - // When doing fragmentation, it is necessary to have some degree of - // flow control not to overrun the receive buffer. - uint32_t bytesPerPeriod = 65536; - uint32_t periodInMs = 50; +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); - writer.history_depth(5). - asynchronously(eprosima::fastdds::dds::ASYNCHRONOUS_PUBLISH_MODE). - add_flow_controller_descriptor_to_pparams( - eprosima::fastdds::rtps::FlowControllerSchedulerPolicy::FIFO, bytesPerPeriod, periodInMs). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_data300kb_data_generator(5); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_all_ok) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; - - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.history_depth(10). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); - ASSERT_TRUE(reader.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - writer.history_depth(10). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); - ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_helloworld_data_generator(); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_all_ok) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign) +// *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; - - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); - ASSERT_TRUE(reader.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - writer.history_depth(10). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); - ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_helloworld_data_generator(); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_none.smime"); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_all_large_string) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_none.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - reader.history_depth(10). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_none.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - writer.history_depth(10). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_none.smime"); - ASSERT_TRUE(writer.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_none.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_large_string_data_generator(); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_none.smime"); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_all_large_string) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_none.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_none.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - writer.history_depth(10). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_none.smime"); - ASSERT_TRUE(writer.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_none.smime"); - auto data = default_large_string_data_generator(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.startReception(data); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_none.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_all_data300kb) -{ - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_none.smime"); - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.history_depth(5). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); - ASSERT_TRUE(reader.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_sign.smime"); - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - - // When doing fragmentation, it is necessary to have some degree of - // flow control not to overrun the receive buffer. - uint32_t bytesPerPeriod = 65536; - uint32_t periodInMs = 1000; - - writer.history_depth(5). - reliability(eprosima::fastdds::dds::BEST_EFFORT_RELIABILITY_QOS). - asynchronously(eprosima::fastdds::dds::ASYNCHRONOUS_PUBLISH_MODE). - add_flow_controller_descriptor_to_pparams( - eprosima::fastdds::rtps::FlowControllerSchedulerPolicy::FIFO, bytesPerPeriod, periodInMs). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_sign.smime"); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_data300kb_data_generator(5); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_sign.smime"); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_at_least(2); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_all_data300kb) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_sign.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - reader.history_depth(5). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_sign.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} + + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_sign.smime"); - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // When doing fragmentation, it is necessary to have some degree of - // flow control not to overrun the receive buffer. - uint32_t bytesPerPeriod = 65536; - uint32_t periodInMs = 50; - writer.history_depth(5). - asynchronously(eprosima::fastdds::dds::ASYNCHRONOUS_PUBLISH_MODE). - add_flow_controller_descriptor_to_pparams( - eprosima::fastdds::rtps::FlowControllerSchedulerPolicy::FIFO, bytesPerPeriod, periodInMs). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_sign.smime"); - ASSERT_TRUE(writer.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_sign.smime"); - auto data = default_data300kb_data_generator(5); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.startReception(data); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_sign.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -// Regression test of Refs #2457 -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_all_data300kb_mix) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_sign) +// *INDENT-ON* { - PubSubReader reader(TEST_TOPIC_NAME); - PubSubWriter writer(TEST_TOPIC_NAME); + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_sign.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - reader.history_depth(5). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_sign.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - writer.history_depth(2).resource_limits_max_samples(2).resource_limits_allocated_samples(2). - asynchronously(eprosima::fastdds::dds::ASYNCHRONOUS_PUBLISH_MODE). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_disable_discovery_enable_access_sign.smime"); - ASSERT_TRUE(writer.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); - auto data = default_data300kb_mix_data_generator(10); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.startReception(data); - size_t count = 0; - for (auto data_sample : data) - { - // Send data - writer.send_sample(data_sample); - ++count; - if (count % 2 == 0) - { - // Block reader until reception finished or timeout. - reader.block_for_at_least(count); - } - } +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -// Regression test of Refs #2457, Github ros2 #438. -TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_user_data) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); - PropertyPolicy pub_part_property_policy, sub_part_property_policy, - pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_part_property_policy); - pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - writer.history_depth(100). - user_data({ 'a', 'b', 'c', 'd', 'e' }). - property_policy(pub_part_property_policy). - entity_property_policy(pub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); - ASSERT_TRUE(writer.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_part_property_policy); - sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - reader.set_on_discovery_function([&writer](const ParticipantBuiltinTopicData& info, - ParticipantDiscoveryStatus /*status*/) -> bool - { - if (info.guid == writer.participant_guid()) - { - std::cout << "Received USER_DATA from the writer: "; - for (auto i : info.user_data) - { - std::cout << i << ' '; - } - return info.user_data == std::vector({ 'a', 'b', 'c', 'd', 'e' }); - } +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); - return false; - }); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.history_depth(100). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_part_property_policy). - entity_property_policy(sub_property_policy).init(); - ASSERT_TRUE(reader.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.wait_discovery(); - writer.wait_discovery(); - reader.wait_discovery_result(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_governance_rule_order) -{ - { - // Governance rule for topic *HelloWorldTopic* with enable_read/write_access_contrl set to false - // Governance rule for topic * with enable_read/write_access_contrl set to true - // Permission denied for topic HelloWorldTopic - // Creation of reader and writer is allowed - PubSubReader reader("HelloWorldTopic"); - PubSubWriter writer("HelloWorldTopic"); - std::string governance_file("governance_rule_order_test.smime"); - PropertyPolicy pub_property_policy, sub_property_policy; +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - sub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions.smime")); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_property_policy).init(); - ASSERT_TRUE(reader.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - pub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions.smime")); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - writer.history_depth(10). - property_policy(pub_property_policy).init(); - ASSERT_TRUE(writer.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); - auto data = default_helloworld_data_generator(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); - reader.startReception(data); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); - } - { - // Governance rule for topic * with enable_read/write_access_contrl set to true - // Governance rule for topic *HelloWorldTopic* with enable_read/write_access_contrl set to false - // Permission denied for topic HelloWorldTopic - // Creation of reader and writer is denied - PubSubReader reader("HelloWorldTopic"); - PubSubWriter writer("HelloWorldTopic"); - std::string governance_file("governance_rule_order_test_inverse.smime"); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); - PropertyPolicy pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - sub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions.smime")); - reader.property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_none.smime"); - ASSERT_FALSE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - pub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions.smime")); - writer.property_policy(pub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_none.smime"); - ASSERT_FALSE(writer.isInitialized()); - } + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_multiple_endpoints_matching) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* { - { - std::string governance_file("governance_helloworld_all_enable.smime"); - std::string permissions_file("permissions_helloworld.smime"); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_none.smime"); - PropertyPolicy pub_property_policy; - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - pub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/" + permissions_file)); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - PubSubParticipant publishers(3u, 0u, 9u, 0u); - publishers.property_policy(pub_property_policy) - .pub_topic_name("HelloWorldTopic"); - ASSERT_TRUE(publishers.init_participant()); - // Initializing two publishers in the same participant - ASSERT_TRUE(publishers.init_publisher(0u)); - ASSERT_TRUE(publishers.init_publisher(1u)); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_none.smime"); - PropertyPolicy sub_property_policy; - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - sub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/" + permissions_file)); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - PubSubParticipant subscribers(0u, 3u, 0u, 9u); - subscribers.property_policy(sub_property_policy) - .sub_topic_name("HelloWorldTopic"); - ASSERT_TRUE(subscribers.init_participant()); - // Initializing two subscribers in the same participant - ASSERT_TRUE(subscribers.init_subscriber(0u)); - ASSERT_TRUE(subscribers.init_subscriber(1u)); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_none.smime"); - // Wait for discovery: 2 subs x 2 pubs - publishers.pub_wait_discovery(4u); - subscribers.sub_wait_discovery(4u); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Initializing one late joiner in the participants - ASSERT_TRUE(subscribers.init_subscriber(2u)); - ASSERT_TRUE(publishers.init_publisher(2u)); - // Wait for discovery: 3 subs x 3 pubs - publishers.pub_wait_discovery(); - subscribers.sub_wait_discovery(); - } +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_none.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -// Regression test of Refs #5346, Github #441. -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_fail_on_topic_wildcards) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* { - { - // Wildcards are only considered on PERMISSIONS, Topic values should be treated as plain strings - PubSubReader reader("*"); - PubSubWriter writer("*"); - std::string governance_file("governance_helloworld_all_enable.smime"); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_none.smime"); - PropertyPolicy pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - sub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld.smime")); - reader.setManualTopicName("*"). - property_policy(sub_property_policy).init(); - ASSERT_FALSE(reader.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_none.smime"); - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - pub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld.smime")); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - writer.setManualTopicName("*"). - property_policy(pub_property_policy).init(); - ASSERT_FALSE(writer.isInitialized()); - } +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_none.smime"); - { - // Wildcards are only considered on PERMISSIONS, Topic values should be treated as plain strings - PubSubReader reader("HelloWorldTopic"); - PubSubWriter writer("HelloWorldTopic"); - std::string governance_file("governance_helloworld_all_enable.smime"); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - PropertyPolicy pub_property_policy, sub_property_policy; - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - sub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld.smime")); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_none.smime"); - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_property_policy).init(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - ASSERT_TRUE(reader.isInitialized()); - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - pub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld.smime")); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_none.smime"); - writer.history_depth(10). - property_policy(pub_property_policy).init(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_none.smime"); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_helloworld_data_generator(); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_sign.smime"); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); - } + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -// Regression test of Refs #5346, Github #441. -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_fail_on_partition_wildcards) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* { - { - // Wildcards are only considered on PERMISSIONS, partition values should be treated as plain strings - PubSubReader reader("HelloWorldTopic"); - PubSubWriter writer("HelloWorldTopic"); - std::string governance_file("governance_helloworld_all_enable.smime"); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_sign.smime"); - PropertyPolicy pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - sub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld_partitions.smime")); - reader.partition("*"). - property_policy(sub_property_policy).init(); - ASSERT_FALSE(reader.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_sign.smime"); - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - pub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld_partitions.smime")); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - writer.partition("*"). - property_policy(pub_property_policy).init(); - ASSERT_FALSE(writer.isInitialized()); - } +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_sign.smime"); - { - // Wildcards are only considered on PERMISSIONS, partition values should be treated as plain strings - PubSubReader reader("HelloWorldTopic"); - PubSubWriter writer("HelloWorldTopic"); - std::string governance_file("governance_helloworld_all_enable.smime"); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - PropertyPolicy pub_property_policy, sub_property_policy; - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - sub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld_partitions.smime")); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_sign.smime"); - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_property_policy). - partition("Partition1").init(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - ASSERT_TRUE(reader.isInitialized()); - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - pub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld_partitions.smime")); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_sign.smime"); - writer.history_depth(10). - property_policy(pub_property_policy). - partition("Partition*").init(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_sign.smime"); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_helloworld_data_generator(); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_sign.smime"); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); - } + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -// Regression test of Refs #20658, Github #4553. -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_toggle_partition) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_sign) +// *INDENT-ON* { - PubSubWriter writer("HelloWorldTopic"); - PubSubReader reader_p_1("HelloWorldTopic"); - PubSubReader reader_p_2("HelloWorldTopic"); + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_sign.smime"); - std::string governance_file("governance_helloworld_all_enable.smime"); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Prepare subscriptions security properties - PropertyPolicy sub_property_policy; - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - sub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld_partitions.smime")); - // Initialize one reader on each partition - reader_p_1.partition("Partition1"). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_property_policy). - init(); - ASSERT_TRUE(reader_p_1.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_sign.smime"); - reader_p_2.partition("Partition2"). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_property_policy). - init(); - ASSERT_TRUE(reader_p_2.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Prepare publication security properties - PropertyPolicy pub_property_policy; - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - pub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld_partitions.smime")); - // Initialize a writer on both partitions - writer.partition("Partition1").partition("Partition2"). - property_policy(pub_property_policy). - init(); - ASSERT_TRUE(writer.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_sign.smime"); - // Wait for all entities to discover each other - reader_p_1.wait_discovery(); - reader_p_2.wait_discovery(); - writer.wait_discovery(2u); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - constexpr size_t num_samples = 100; - auto data = default_helloworld_data_generator(num_samples); - reader_p_1.startReception(data); - reader_p_2.startReception(data); - for (size_t i = 0; i < num_samples; ++i) - { - // Switch to third partition and wait for all entities to unmatch - writer.update_partition("Partition3"); - reader_p_1.wait_writer_undiscovery(); - reader_p_2.wait_writer_undiscovery(); - writer.wait_discovery(0u); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_disable_access_sign.smime"); - // Switch partition and wait for the corresponding reader to discover the writer - if (0 == i % 2) - { - writer.update_partition("Partition1"); - reader_p_1.wait_discovery(); - } - else - { - writer.update_partition("Partition2"); - reader_p_2.wait_discovery(); - } + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Ensure the writer matches the reader before sending the sample - writer.wait_discovery(1u); - writer.send_sample(data.front()); - data.pop_front(); - writer.waitForAllAcked(std::chrono::milliseconds(100)); - } - EXPECT_EQ(num_samples / 2u, reader_p_1.getReceivedCount()); - EXPECT_EQ(num_samples / 2u, reader_p_2.getReceivedCount()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -template -void prepare_pkcs11_nodes( - PubSubReader& reader, - PubSubWriter& writer, - const std::string& reader_private_key_url, - const std::string& writer_private_key_url) -{ - std::string governance_file("governance_helloworld_all_enable.smime"); - // With no PIN, the load of the private key fails - PropertyPolicy pub_property_policy; - PropertyPolicy sub_property_policy; +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - reader_private_key_url)); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - sub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld.smime")); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_property_policy).init(); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - writer_private_key_url)); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - pub_property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld.smime")); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); - writer.history_depth(10). - property_policy(pub_property_policy).init(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST_F(SecurityPkcs, BuiltinAuthenticationAndAccessAndCryptoPlugin_pkcs11_key) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* { - { - PubSubReader reader("HelloWorldTopic"); - PubSubWriter writer("HelloWorldTopic"); - prepare_pkcs11_nodes(reader, writer, - tokens[hsm_token_id_no_pin].urls[hsm_mainsubkey_label], - tokens[hsm_token_id_no_pin].urls[hsm_mainpubkey_label]); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); - ASSERT_FALSE(reader.isInitialized()); - ASSERT_FALSE(writer.isInitialized()); - } - { - PubSubReader reader("HelloWorldTopic"); - PubSubWriter writer("HelloWorldTopic"); - prepare_pkcs11_nodes(reader, writer, - tokens[hsm_token_id_url_pin].urls[hsm_mainsubkey_label] + "?pin-value=" + hsm_token_pin, - tokens[hsm_token_id_url_pin].urls[hsm_mainpubkey_label] + "?pin-value=" + hsm_token_pin); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - ASSERT_TRUE(reader.isInitialized()); - ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_helloworld_data_generator(); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - } - { - // Set the PIN on the environment variable -#ifdef _WIN32 - _putenv_s("FASTDDS_PKCS11_PIN", "1234"); -#else - setenv("FASTDDS_PKCS11_PIN", "1234", 1); -#endif // ifdef _WIN32 - PubSubReader reader("HelloWorldTopic"); - PubSubWriter writer("HelloWorldTopic"); - prepare_pkcs11_nodes(reader, writer, - tokens[hsm_token_id_env_pin].urls[hsm_mainsubkey_label], - tokens[hsm_token_id_env_pin].urls[hsm_mainpubkey_label]); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); - ASSERT_TRUE(reader.isInitialized()); - ASSERT_TRUE(writer.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); - auto data = default_helloworld_data_generator(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - reader.startReception(data); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); - // unset the PIN environment variable for the next round -#ifdef _WIN32 - _putenv_s("FASTDDS_PKCS11_PIN", ""); -#else - unsetenv("FASTDDS_PKCS11_PIN"); -#endif // ifdef _WIN32 - } + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -static void CommonPermissionsConfigure( - PubSubReader& reader, - const std::string& governance_file, - const std::string& permissions_file, - const PropertyPolicy& extra_properties) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign) +// *INDENT-ON* { - PropertyPolicy sub_property_policy(extra_properties); - fill_sub_auth(sub_property_policy); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/" + permissions_file)); + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); - reader.property_policy(sub_property_policy); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -static void CommonPermissionsConfigure( - PubSubWriter& writer, - const std::string& governance_file, - const std::string& permissions_file, - const PropertyPolicy& extra_properties) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign) +// *INDENT-ON* { - PropertyPolicy pub_property_policy(extra_properties); + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/" + permissions_file)); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - writer.property_policy(pub_property_policy); + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -static void CommonPermissionsConfigure( - PubSubReader& reader, - PubSubWriter& writer, - const std::string& governance_file, - const std::string& permissions_file, - const PropertyPolicy& extra_properties = PropertyPolicy()) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* { - CommonPermissionsConfigure(reader, governance_file, permissions_file, extra_properties); - CommonPermissionsConfigure(writer, governance_file, permissions_file, extra_properties); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -static void BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common( - PubSubReader& reader, - PubSubWriter& writer, - const std::string& governance_file) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* { - CommonPermissionsConfigure(reader, writer, governance_file, "permissions.smime"); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); - reader.history_depth(10).reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS).init(); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - writer.history_depth(10).init(); - ASSERT_TRUE(writer.isInitialized()); - // Wait for authorization - reader.wait_authorized(); - writer.wait_authorized(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); - // Wait for discovery. - writer.wait_discovery(); - reader.wait_discovery(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - auto data = default_helloworld_data_generator(); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); - // Send data - writer.send(data); - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -// Regression test of Refs #16168, Github #3102. -TEST_P(Security, RemoveParticipantProxyDataonSecurityManagerLeaseExpired_validation_no_deadlock) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* { - std::string governance_file("governance_helloworld_disable_liveliness.smime"); - std::string permissions_file("permissions_helloworld.smime"); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); - //!Lambda for configuring publisher participant qos and security properties - auto secure_participant_pub_configurator = [&governance_file, - &permissions_file](const std::shared_ptr>& part, - const std::shared_ptr& transport_interface) - { - part->lease_duration(3, 1); - part->disable_builtin_transport().add_user_transport_to_pparams(transport_interface); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - PropertyPolicy property_policy; - fill_pub_auth(property_policy); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); - property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/" + permissions_file)); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - std::cout << " Configuring Publisher Participant Properties " << std::endl; - part->property_policy(property_policy); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); - }; - //!Lambda for configuring subscriber participant qos and security properties - auto secure_participant_sub_configurator = [&governance_file, - &permissions_file](const std::shared_ptr>& part, - const std::shared_ptr& transport_interface) - { - part->lease_duration(3, 1); - part->disable_builtin_transport().add_user_transport_to_pparams(transport_interface); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - PropertyPolicy property_policy; - fill_sub_auth(property_policy); - property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/" + permissions_file)); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - std::cout << " Configuring Subscriber Participant Properties " << std::endl; - part->property_policy(property_policy); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); - }; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - //! 1.Spawn a couple of participants writer/reader - std::string topic_name = "HelloWorldTopic"; - auto pubsub_writer = std::make_shared>(topic_name); - auto pubsub_reader = std::make_shared>(topic_name); - // Initialization of all the participants - std::cout << "Initializing PubSubs for topic " << topic_name << std::endl; +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); - auto test_udptransport = std::make_shared(); - auto udp_transport = std::make_shared(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // 2.Configure the participants - secure_participant_pub_configurator(pubsub_writer, test_udptransport); - pubsub_writer->init(); - ASSERT_EQ(pubsub_writer->isInitialized(), true); - secure_participant_sub_configurator(pubsub_reader, udp_transport); - pubsub_reader->init(); - ASSERT_EQ(pubsub_reader->isInitialized(), true); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); - std::cout << std::endl << "Waiting discovery between participants." << std::endl; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // 3.Wait for authorization - pubsub_reader->wait_authorized(); - pubsub_writer->wait_authorized(); - // 4.Wait for discovery. - pubsub_reader->wait_discovery(); - pubsub_writer->wait_discovery(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); - auto data = default_helloworld_data_generator(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - pubsub_reader->startReception(data); - // 5.Send data - pubsub_writer->send(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); - // 6.Block reader until reception finished or timeout. - pubsub_reader->block_for_at_least(2); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - std::cout << "Reader received at least two samples, shutting down publisher " << std::endl; - //! 7.Simulate a force-quit (cntrl+c) on the publisher by dropping connection - test_udptransport->test_transport_options->test_UDPv4Transport_ShutdownAllNetwork = true; +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); - bool pubsub_writer_undiscovered; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - //! 8.Wait reader to remove writer participant - //! Writer participant lease duration will expire in 3 secs - //! Check if deadlock is produced when accessing ResourceEvent collection - //! to unregister a TimedEvent() in ResourceEvent - pubsub_writer_undiscovered = pubsub_reader->wait_participant_undiscovery(std::chrono::seconds(6)); - //! 9.Assert if last operation timed out - ASSERT_TRUE(pubsub_writer_undiscovered); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST(Security, AllowUnauthenticatedParticipants_EntityCreationFailsIfRTPSProtectionIsNotNONE) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* { - PubSubReader reader("HelloWorldTopic"); - std::string governance_file("governance_allow_unauth_rtps_encrypt.smime"); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); - PropertyPolicy property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_sub_auth(property_policy); - property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - property_policy.properties().emplace_back(Property( - "dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/" + governance_file)); - property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld.smime")); - reader.property_policy(property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); - //! If allow_unauthenticated_participants TRUE and rtps_protection is not NONE - //! Entity creation must fail - ASSERT_FALSE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST(Security, AllowUnauthenticatedParticipants_TwoSecureParticipantsWithDifferentCertificatesAreAbleToMatch) +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* { - //! Create - PubSubReader reader("HelloWorldTopic"); - PubSubWriter writer("HelloWorldTopic"); + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); - PropertyPolicy pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/othercacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/othersubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/othersubkey.pem")); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/othercacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/governance_allow_unauth_all_disabled_access_none_other_ca.smime")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld_securehelloworld_other_ca.smime")); - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/governance_allow_unauth_all_disabled_access_none.smime")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld_securehelloworld.smime")); - writer.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(pub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); - ASSERT_TRUE(writer.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - //! Wait for the authorization to fail (~15secs) - writer.wait_unauthorized(); - //! Wait for the discovery - writer.wait_discovery(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); - //! check that the writer matches the reader because of having allow_unauthenticated_participants enabled - ASSERT_TRUE(writer.is_matched()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - //! Data is correctly sent and received - auto data = default_helloworld_data_generator(); - reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); - writer.send(data); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - // Block reader until reception finished or timeout. - reader.block_for_all(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_sign) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -TEST(Security, AllowUnauthenticatedParticipants_TwoParticipantsDifferentCertificatesWithReadWriteProtectionDoNotMatch) + +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_sign) +// *INDENT-ON* { - //! Create - PubSubReader reader("HelloWorldTopic"); - PubSubWriter writer("HelloWorldTopic"); + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); - PropertyPolicy pub_property_policy, sub_property_policy; + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/othercacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/othersubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/othersubkey.pem")); - sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/othercacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + - "/governance_allow_unauth_all_disabled_read_write_enabled_other_ca.smime")); - sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld_securehelloworld_other_ca.smime")); - reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(sub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_sign_discovery_disable_access_encrypt.smime"); - ASSERT_TRUE(reader.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - fill_pub_auth(pub_property_policy); - pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", - "builtin.Access-Permissions")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.governance", - "file://" + std::string(certs_path) + "/governance_allow_unauth_all_disabled_read_write_enabled.smime")); - pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions", - "file://" + std::string(certs_path) + "/permissions_helloworld_securehelloworld.smime")); - writer.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). - property_policy(pub_property_policy).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_sign_discovery_disable_access_encrypt.smime"); - ASSERT_TRUE(writer.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - //! Wait for the authorization to fail (~15secs) - writer.wait_unauthorized(); - //! Wait some time afterwards (this will time out) - writer.wait_discovery(std::chrono::seconds(1)); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_sign_discovery_disable_access_encrypt.smime"); - //! check that the writer does not match the reader because of - //! having read and write protection enabled - //! despite allow_unauthenticated_participants is enabled - ASSERT_FALSE(writer.is_matched()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } -// Regresion test for redmine issue 20166 -TEST(Security, InANonSecureParticipantWithTwoSecureParticipantScenario_TheTwoSecureParticipantsCorrectlyCommunicate) -{ - // Create - PubSubReader non_secure_reader("HelloWorldTopic"); - PubSubReader secure_reader("HelloWorldTopic"); - PubSubWriter secure_writer("HelloWorldTopic"); - - // Configure security - const std::string governance_file("governance_helloworld_all_enable.smime"); - const std::string permissions_file("permissions_helloworld.smime"); - CommonPermissionsConfigure(secure_reader, secure_writer, governance_file, permissions_file); - secure_writer.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS).init(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_sign_discovery_disable_access_encrypt.smime"); - ASSERT_TRUE(secure_writer.isInitialized()); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - non_secure_reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS).init(); - ASSERT_TRUE(non_secure_reader.isInitialized()); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_sign_discovery_disable_access_encrypt.smime"); - secure_reader.history_depth(10). - reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS).init(); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - ASSERT_TRUE(secure_reader.isInitialized()); - // Wait for the authorization - secure_reader.wait_authorized(); - secure_writer.wait_authorized(); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_sign_discovery_disable_access_encrypt.smime"); - // Wait for discovery - secure_writer.wait_discovery(std::chrono::seconds(5)); - secure_reader.wait_discovery(std::chrono::seconds(5)); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // Data is correctly sent and received - auto data = default_helloworld_data_generator(); - secure_reader.startReception(data); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_sign_discovery_disable_access_encrypt.smime"); - secure_writer.send(data); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} - // In this test all data should be sent. - ASSERT_TRUE(data.empty()); - secure_reader.block_for_all(); - EXPECT_EQ(non_secure_reader.getReceivedCount(), 0u); +// *INDENT-OFF* +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_sign_discovery_disable_access_encrypt.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_disable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_disable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_disable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_disable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_disable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_disable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_disable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_disable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_disable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_disable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_disable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_disable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_disable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_disable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_encrypt.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_disable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_encrypt) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + std::string governance_file("governance_sign_discovery_enable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_none) // *INDENT-ON* { PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); - std::string governance_file("governance_enable_discovery_enable_access_none.smime"); + std::string governance_file("governance_sign_discovery_enable_access_sign.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); } + // *INDENT-OFF* -TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none) +TEST_P(Security, SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_sign) // *INDENT-ON* { + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; PubSubReader reader(TEST_TOPIC_NAME); PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_sign_discovery_enable_access_sign.smime"); + + SecurityPlugins_Permissions_validation_ok_common(reader, writer, governance_file, reliability_); +} + +// *INDENT-OFF* +TEST(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none_large) +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); + SecurityPlugins_Permissions_validation_ok_large_data(reader, writer, governance_file); +} + +// *INDENT-OFF* +TEST(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt_large) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_none.smime"); + + SecurityPlugins_Permissions_validation_ok_large_data(reader, writer, governance_file); +} + +// *INDENT-OFF* +TEST(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_sign_large) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); std::string governance_file("governance_enable_discovery_enable_access_none.smime"); - BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(reader, writer, governance_file); + SecurityPlugins_Permissions_validation_ok_large_data(reader, writer, governance_file); +} + +// *INDENT-OFF* +TEST(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none_large) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + + SecurityPlugins_Permissions_validation_ok_large_data(reader, writer, governance_file); +} + +// *INDENT-OFF* +TEST(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt_large) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + + SecurityPlugins_Permissions_validation_ok_large_data(reader, writer, governance_file); +} + +// *INDENT-OFF* +TEST(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign_large) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_encrypt.smime"); + + SecurityPlugins_Permissions_validation_ok_large_data(reader, writer, governance_file); +} + +// *INDENT-OFF* +TEST(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_none_large) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); + + SecurityPlugins_Permissions_validation_ok_large_data(reader, writer, governance_file); +} + +// *INDENT-OFF* +TEST(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_encrypt_large) +// *INDENT-ON* +{ + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); + + SecurityPlugins_Permissions_validation_ok_large_data(reader, writer, governance_file); +} + +// *INDENT-OFF* +TEST(Security, SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_sign_large) +// *INDENT-ON* +{ + FASTDDS_TODO_BEFORE(3, 7, "SIGN protection is not working when combined with other protection kinds"); + GTEST_SKIP() << "SIGN protection is not working when combined with other protection kinds"; + PubSubReader reader(TEST_TOPIC_NAME); + PubSubWriter writer(TEST_TOPIC_NAME); + std::string governance_file("governance_enable_discovery_enable_access_sign.smime"); + + SecurityPlugins_Permissions_validation_ok_large_data(reader, writer, governance_file); } + TEST(Security, MaliciousHeartbeatIgnore) { PubSubWriter writer("HelloWorldTopic_MaliciousHeartbeatIgnore"); @@ -4260,7 +4571,7 @@ TEST(Security, ValidateAuthenticationHandshakePropertiesParsing) PropertyPolicy property_policy; fill_sub_auth(property_policy); - property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); + fill_crypto(property_policy); // max_handshake_requests out of bounds property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.max_handshake_requests", @@ -4465,7 +4776,8 @@ TEST(Security, participant_stateless_secure_writer_pool_change_is_removed_upon_p "dds.sec.auth.builtin.PKI-DH.handshake_resend_period_gain", "1.0")); - CommonPermissionsConfigure(*participants.back(), governance_file, permissions_file, handshake_prop_policy); + CommonPermissionsConfigureReader(*participants.back(), governance_file, permissions_file, + handshake_prop_policy); // Init all except the latest one if (i != n_participants) @@ -4537,7 +4849,7 @@ TEST(Security, legacy_token_algorithms_communicate) "dds.sec.auth.builtin.PKI-DH.transmit_algorithms_as_legacy", value); properties.emplace_back( "dds.sec.access.builtin.Access-Permissions.transmit_algorithms_as_legacy", value); - CommonPermissionsConfigure(writer, governance_file, permissions_file, extra_policy); + CommonPermissionsConfigureWriter(writer, governance_file, permissions_file, extra_policy); } // Configure Reader @@ -4549,7 +4861,7 @@ TEST(Security, legacy_token_algorithms_communicate) "dds.sec.auth.builtin.PKI-DH.transmit_algorithms_as_legacy", value); properties.emplace_back( "dds.sec.access.builtin.Access-Permissions.transmit_algorithms_as_legacy", value); - CommonPermissionsConfigure(reader, governance_file, permissions_file, extra_policy); + CommonPermissionsConfigureReader(reader, governance_file, permissions_file, extra_policy); } // Initialize @@ -4683,7 +4995,7 @@ TEST(Security, participant_stateless_secure_writer_pool_change_is_removed_upon_a }; // Configure the main participant security - CommonPermissionsConfigure(main_participant, governance_file, permissions_file, handshake_prop_policy); + CommonPermissionsConfigureWriter(main_participant, governance_file, permissions_file, handshake_prop_policy); main_participant.disable_builtin_transport() .add_user_transport_to_pparams(test_transport) @@ -4705,7 +5017,8 @@ TEST(Security, participant_stateless_secure_writer_pool_change_is_removed_upon_a participants.emplace_back(std::make_shared>("HelloWorldTopic")); // Configure security for the new participant - CommonPermissionsConfigure(*participants.back(), governance_file, permissions_file, handshake_prop_policy); + CommonPermissionsConfigureReader(*participants.back(), governance_file, permissions_file, + handshake_prop_policy); // Init participant with the main participant as initial peer // and disable multicast so it does not try to discover noone else @@ -4723,7 +5036,7 @@ TEST(Security, participant_stateless_secure_writer_pool_change_is_removed_upon_a // If the participant stateless messages history of the main participant is not correctly freed, // the main participant will fail creating a new participant stateless message for him auto failing_participant = std::make_shared>("HelloWorldTopic"); - CommonPermissionsConfigure(*failing_participant, governance_file, permissions_file, handshake_prop_policy); + CommonPermissionsConfigureReader(*failing_participant, governance_file, permissions_file, handshake_prop_policy); failing_participant->disable_multicast(static_cast(n_participants + 1)) .initial_peers(initial_peers) .init(); @@ -4756,7 +5069,7 @@ static void security_datagram_injection_on_reader_test( const std::string governance_file("governance_helloworld_all_enable.smime"); const std::string permissions_file("permissions_helloworld.smime"); PropertyPolicy extra_policy; - CommonPermissionsConfigure(reader, governance_file, permissions_file, extra_policy); + CommonPermissionsConfigureReader(reader, governance_file, permissions_file, extra_policy); // Prepare datagram injection transport auto low_level_transport = std::make_shared(); @@ -4881,22 +5194,37 @@ TEST(Security, DatagramInjectionOnReader_23836) GTEST_INSTANTIATE_TEST_MACRO(Security, Security, - testing::Values(TRANSPORT, INTRAPROCESS, DATASHARING), + ::testing::Combine( + ::testing::Values(TRANSPORT, INTRAPROCESS), + ::testing::Values(TEST_BEST_EFFORT, TEST_RELIABLE) + ), [](const testing::TestParamInfo& info) { - switch (info.param) + std::string test_name; + switch (std::get<0>(info.param)) { case INTRAPROCESS: - return "Intraprocess"; - break; - case DATASHARING: - return "Datasharing"; + test_name = "Intraprocess"; break; case TRANSPORT: default: - return "Transport"; + test_name = "Transport"; + break; + } + + switch (std::get<1>(info.param)) + { + case TEST_BEST_EFFORT: + test_name += "_BestEffort"; + break; + case TEST_RELIABLE: + test_name += "_Reliable"; + break; + default: + break; } + return test_name; }); diff --git a/test/certs/governance_disable_discovery_disable_access_encrypt.smime b/test/certs/governance_disable_discovery_disable_access_encrypt.smime index d414937f119..0e7f7a3c5e5 100644 --- a/test/certs/governance_disable_discovery_disable_access_encrypt.smime +++ b/test/certs/governance_disable_discovery_disable_access_encrypt.smime @@ -1,9 +1,9 @@ MIME-Version: 1.0 -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----AC038611B7DF85015D509E9E834F75CC" +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----CC2712ED51E7E5454DED621720BB3CB3" This is an S/MIME signed message -------AC038611B7DF85015D509E9E834F75CC +------CC2712ED51E7E5454DED621720BB3CB3 Content-Type: text/plain @@ -24,7 +24,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* true false true @@ -33,7 +33,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* false false true @@ -42,7 +42,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* false false false @@ -51,7 +51,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* true false false @@ -60,7 +60,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* true false true @@ -69,7 +69,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* false false true @@ -78,7 +78,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* false false false @@ -87,7 +87,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* true false false @@ -95,17 +95,53 @@ Content-Type: text/plain NONE NONE + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + -------AC038611B7DF85015D509E9E834F75CC +------CC2712ED51E7E5454DED621720BB3CB3 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" -MIIEegYJKoZIhvcNAQcCoIIEazCCBGcCAQExDzANBglghkgBZQMEAgEFADALBgkq +MIIEeAYJKoZIhvcNAQcCoIIEaTCCBGUCAQExDzANBglghkgBZQMEAgEFADALBgkq hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV @@ -118,17 +154,17 @@ cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE 3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS 7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT 4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 -SVxpI+3UYs2kV5n0MYIB/jCCAfoCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +SVxpI+3UYs2kV5n0MYIB/DCCAfgCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc -BgkqhkiG9w0BCQUxDxcNMTkxMTEyMTQxMDE2WjAvBgkqhkiG9w0BCQQxIgQgFrCu -G/ajNze9XFU/tmc2sOcVSDYPWRmtfSQWTl6NS7QweQYJKoZIhvcNAQkPMWwwajAL +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQgJ6A4 +C6cwpaT83npaNmOnFJdtPH4uj6j8jLqbLwCRtI0weQYJKoZIhvcNAQkPMWwwajAL BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI -hvcNAwICASgwCgYIKoZIzj0EAwIESDBGAiEA6eldNkhWC2B3W7xWyov38z8ibv2r -WpKHNaZkKYsKpPQCIQDEka0GAbZWfobOtTYf7h4NszHfbLbnf6aKX/Ky1bkY/Q== +hvcNAwICASgwCgYIKoZIzj0EAwIERjBEAiASrmoIu/S+AtTr+YOHZrrqL5hvSvLr +WxEB67BX//UJdAIgHnFoWlRY0f5RDE8myNqVPEb+X/m7jrJB7HTvOICeyJc= -------AC038611B7DF85015D509E9E834F75CC-- +------CC2712ED51E7E5454DED621720BB3CB3-- diff --git a/test/certs/governance_disable_discovery_disable_access_encrypt_dds_sec.xml b/test/certs/governance_disable_discovery_disable_access_encrypt_dds_sec.xml index b5a5d0308de..855a45fbfe8 100644 --- a/test/certs/governance_disable_discovery_disable_access_encrypt_dds_sec.xml +++ b/test/certs/governance_disable_discovery_disable_access_encrypt_dds_sec.xml @@ -16,7 +16,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* true false true @@ -25,7 +25,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* false false true @@ -34,7 +34,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* false false false @@ -43,7 +43,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* true false false @@ -52,7 +52,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* true false true @@ -61,7 +61,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* false false true @@ -70,7 +70,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* false false false @@ -79,7 +79,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* true false false @@ -87,6 +87,42 @@ NONE NONE + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + diff --git a/test/certs/governance_disable_discovery_disable_access_none.smime b/test/certs/governance_disable_discovery_disable_access_none.smime index 099711a294a..6802bab1fe7 100644 --- a/test/certs/governance_disable_discovery_disable_access_none.smime +++ b/test/certs/governance_disable_discovery_disable_access_none.smime @@ -1,9 +1,9 @@ MIME-Version: 1.0 -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----F3DF85A40CB16BB6DB380CD89E05FF2E" +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----924663BC6B21288BF190F06E1FEC430C" This is an S/MIME signed message -------F3DF85A40CB16BB6DB380CD89E05FF2E +------924663BC6B21288BF190F06E1FEC430C Content-Type: text/plain @@ -24,7 +24,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* true false true @@ -33,7 +33,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* false false true @@ -42,7 +42,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* false false false @@ -51,7 +51,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* true false false @@ -60,7 +60,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none/* true false true @@ -69,7 +69,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none/* false false true @@ -78,7 +78,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none/* false false false @@ -87,7 +87,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none/* true false false @@ -95,17 +95,53 @@ Content-Type: text/plain NONE NONE + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + -------F3DF85A40CB16BB6DB380CD89E05FF2E +------924663BC6B21288BF190F06E1FEC430C Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" -MIIEeQYJKoZIhvcNAQcCoIIEajCCBGYCAQExDzANBglghkgBZQMEAgEFADALBgkq +MIIEegYJKoZIhvcNAQcCoIIEazCCBGcCAQExDzANBglghkgBZQMEAgEFADALBgkq hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV @@ -118,17 +154,17 @@ cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE 3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS 7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT 4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 -SVxpI+3UYs2kV5n0MYIB/TCCAfkCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +SVxpI+3UYs2kV5n0MYIB/jCCAfoCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc -BgkqhkiG9w0BCQUxDxcNMTkxMTEyMTQxMDE2WjAvBgkqhkiG9w0BCQQxIgQgycqK -kcQhqhnGOGeWaE5CtJyjOeZG2JKk87QBbg5S2WwweQYJKoZIhvcNAQkPMWwwajAL +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQgp0fp +OWLkyM0oclkfWpAYYcB5/awZBfYAp3Ljiw4DW6cweQYJKoZIhvcNAQkPMWwwajAL BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI -hvcNAwICASgwCgYIKoZIzj0EAwIERzBFAiEA9T2EEVwBdM7rqXbS4ff/4vGpMKNW -eAyLIttRyKiY6SYCIAWho14jq7Kctn7IyKVu6Ay/TV374SSa6FMb1UoqWi8P +hvcNAwICASgwCgYIKoZIzj0EAwIESDBGAiEAkVJ6QhH/t5wCCVNH8KKezM8unrnE +RyXLfEYMhvoTJtACIQC9nbx1P+eAfJllE9jL45Ms0wE7cN0Bj/F2Ugc5NxQGZg== -------F3DF85A40CB16BB6DB380CD89E05FF2E-- +------924663BC6B21288BF190F06E1FEC430C-- diff --git a/test/certs/governance_disable_discovery_disable_access_none_dds_sec.xml b/test/certs/governance_disable_discovery_disable_access_none_dds_sec.xml index 4bb6d32459c..ad0705a642e 100644 --- a/test/certs/governance_disable_discovery_disable_access_none_dds_sec.xml +++ b/test/certs/governance_disable_discovery_disable_access_none_dds_sec.xml @@ -16,7 +16,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* true false true @@ -25,7 +25,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* false false true @@ -34,7 +34,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* false false false @@ -43,7 +43,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* true false false @@ -52,7 +52,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none/* true false true @@ -61,7 +61,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none/* false false true @@ -70,7 +70,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none/* false false false @@ -79,7 +79,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none/* true false false @@ -87,6 +87,42 @@ NONE NONE + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + diff --git a/test/certs/governance_disable_discovery_disable_access_sign.smime b/test/certs/governance_disable_discovery_disable_access_sign.smime new file mode 100644 index 00000000000..a8c119b85ce --- /dev/null +++ b/test/certs/governance_disable_discovery_disable_access_sign.smime @@ -0,0 +1,170 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----65145F2F4DCE7F73392DFE8A0F7BF265" + +This is an S/MIME signed message + +------65145F2F4DCE7F73392DFE8A0F7BF265 +Content-Type: text/plain + + + + + + + + 0 + 230 + + + false + false + NONE + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + + +------65145F2F4DCE7F73392DFE8A0F7BF265 +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEeAYJKoZIhvcNAQcCoIIEaTCCBGUCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/DCCAfgCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQgLhf7 +2EZdFVBRppOcfoPpzp3JeycDAITlIwB5peEOKfgweQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIERjBEAiB0LqsWxImXXu63kU9OfnBINqGykqXv +/9p9vlRiGNmslwIgdU+QDQQTWSSXRQSqAV96M4x21A0sVhi23bapnog659s= + +------65145F2F4DCE7F73392DFE8A0F7BF265-- + diff --git a/test/certs/governance_disable_discovery_disable_access_sign_dds_sec.xml b/test/certs/governance_disable_discovery_disable_access_sign_dds_sec.xml new file mode 100644 index 00000000000..a491691d211 --- /dev/null +++ b/test/certs/governance_disable_discovery_disable_access_sign_dds_sec.xml @@ -0,0 +1,129 @@ + + + + + + + 0 + 230 + + + false + false + NONE + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + diff --git a/test/certs/governance_disable_discovery_enable_access_encrypt.smime b/test/certs/governance_disable_discovery_enable_access_encrypt.smime index f25ff45a5a7..7501b368832 100644 --- a/test/certs/governance_disable_discovery_enable_access_encrypt.smime +++ b/test/certs/governance_disable_discovery_enable_access_encrypt.smime @@ -1,9 +1,9 @@ MIME-Version: 1.0 -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----6F7CBD6A626735C36D5CA66E7CADCDDB" +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----1839405A6140B133C78298159D5B3F80" This is an S/MIME signed message -------6F7CBD6A626735C36D5CA66E7CADCDDB +------1839405A6140B133C78298159D5B3F80 Content-Type: text/plain @@ -24,7 +24,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* true false true @@ -33,7 +33,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* false false true @@ -42,7 +42,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* false false false @@ -51,7 +51,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* true false false @@ -60,7 +60,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* true false true @@ -69,7 +69,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* false false true @@ -78,7 +78,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* false false false @@ -87,7 +87,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* true false false @@ -95,12 +95,48 @@ Content-Type: text/plain NONE NONE + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + -------6F7CBD6A626735C36D5CA66E7CADCDDB +------1839405A6140B133C78298159D5B3F80 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" @@ -123,12 +159,12 @@ VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc -BgkqhkiG9w0BCQUxDxcNMTkxMTEyMTQxMDE2WjAvBgkqhkiG9w0BCQQxIgQgKGeR -FaZkBhKuVV0dVSlGww210i2pKQx7NolGZy37EV8weQYJKoZIhvcNAQkPMWwwajAL +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQg+cxz +sppRI8zf/xNsMrigL1+vDYQrCC54oITXjPsp51kweQYJKoZIhvcNAQkPMWwwajAL BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI -hvcNAwICASgwCgYIKoZIzj0EAwIERzBFAiEA2eEtqgRl16iFqcjZiBkmSjByEoue -JUwMIzgsJ/Lj2MUCIGESjJ1durB3tx/PLjb+86BuFsqq3agCuF8NscBAb090 +hvcNAwICASgwCgYIKoZIzj0EAwIERzBFAiAl7eEcqJe9JLWLGtrdwcfHZ9EWgbw5 +d6U861Q+l9/M8QIhAICjWItoMa1tAu3xTOwB793pUPpPsYNhdmto2Uja071d -------6F7CBD6A626735C36D5CA66E7CADCDDB-- +------1839405A6140B133C78298159D5B3F80-- diff --git a/test/certs/governance_disable_discovery_enable_access_encrypt_dds_sec.xml b/test/certs/governance_disable_discovery_enable_access_encrypt_dds_sec.xml index 6174ce4985e..c12e4e92dc4 100644 --- a/test/certs/governance_disable_discovery_enable_access_encrypt_dds_sec.xml +++ b/test/certs/governance_disable_discovery_enable_access_encrypt_dds_sec.xml @@ -16,7 +16,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* true false true @@ -25,7 +25,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* false false true @@ -34,7 +34,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* false false false @@ -43,7 +43,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* true false false @@ -52,7 +52,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* true false true @@ -61,7 +61,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* false false true @@ -70,7 +70,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* false false false @@ -79,7 +79,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* true false false @@ -87,6 +87,42 @@ NONE NONE + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + diff --git a/test/certs/governance_disable_discovery_enable_access_none.smime b/test/certs/governance_disable_discovery_enable_access_none.smime index 971c255a78e..b02546b1181 100644 --- a/test/certs/governance_disable_discovery_enable_access_none.smime +++ b/test/certs/governance_disable_discovery_enable_access_none.smime @@ -1,9 +1,9 @@ MIME-Version: 1.0 -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----A7C77AC6072770F81465BEFF2C7E0F56" +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----97097D4F69B5B4DE5D2AAAF6F9CE941A" This is an S/MIME signed message -------A7C77AC6072770F81465BEFF2C7E0F56 +------97097D4F69B5B4DE5D2AAAF6F9CE941A Content-Type: text/plain @@ -24,7 +24,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* true false true @@ -33,7 +33,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* false false true @@ -42,7 +42,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* false false false @@ -51,7 +51,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* true false false @@ -60,7 +60,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none/* true false true @@ -69,7 +69,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none/* false false true @@ -78,7 +78,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none/* false false false @@ -87,7 +87,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none/* true false false @@ -95,12 +95,48 @@ Content-Type: text/plain NONE NONE + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + -------A7C77AC6072770F81465BEFF2C7E0F56 +------97097D4F69B5B4DE5D2AAAF6F9CE941A Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" @@ -123,12 +159,12 @@ VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc -BgkqhkiG9w0BCQUxDxcNMTkxMTEyMTQxMDE2WjAvBgkqhkiG9w0BCQQxIgQgSYbC -kUSrIi76WlJ5KUX83Qr7y6dC0ep44PpQdA+QUyMweQYJKoZIhvcNAQkPMWwwajAL +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQgJmZR +es3MP1xwdcBtxiEZyXeJFlOnmbVdWVPdJzjArc4weQYJKoZIhvcNAQkPMWwwajAL BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI -hvcNAwICASgwCgYIKoZIzj0EAwIESDBGAiEA4kkkkqwAkwuEHDcciIwF5tVNalS7 -zGMIFc7NcYlEWVMCIQDuwSkr9Vt8lCdPrXYfIy95oZXvXLhqEO9/U44JUoDzgg== +hvcNAwICASgwCgYIKoZIzj0EAwIESDBGAiEA9fvCPVVdC251UUjZSxJLTpiw6dma +Sf5RpUIU/K2cEZ8CIQC6gR7gKYhWTfmG1+1H+BgL/RX35mzb85lC5ysMCI9vsA== -------A7C77AC6072770F81465BEFF2C7E0F56-- +------97097D4F69B5B4DE5D2AAAF6F9CE941A-- diff --git a/test/certs/governance_disable_discovery_enable_access_none_dds_sec.xml b/test/certs/governance_disable_discovery_enable_access_none_dds_sec.xml index ee6e15f50a4..9fa3f3b9d86 100644 --- a/test/certs/governance_disable_discovery_enable_access_none_dds_sec.xml +++ b/test/certs/governance_disable_discovery_enable_access_none_dds_sec.xml @@ -16,7 +16,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* true false true @@ -25,7 +25,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* false false true @@ -34,7 +34,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* false false false @@ -43,7 +43,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* true false false @@ -52,7 +52,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none/* true false true @@ -61,7 +61,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none/* false false true @@ -70,7 +70,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none/* false false false @@ -79,7 +79,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none/* true false false @@ -87,6 +87,42 @@ NONE NONE + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + diff --git a/test/certs/governance_disable_discovery_enable_access_sign.smime b/test/certs/governance_disable_discovery_enable_access_sign.smime new file mode 100644 index 00000000000..27b22a94cde --- /dev/null +++ b/test/certs/governance_disable_discovery_enable_access_sign.smime @@ -0,0 +1,170 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----CEE77F012E48D0E4D6AEFD0F153CE29F" + +This is an S/MIME signed message + +------CEE77F012E48D0E4D6AEFD0F153CE29F +Content-Type: text/plain + + + + + + + + 0 + 230 + + + false + true + NONE + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + + +------CEE77F012E48D0E4D6AEFD0F153CE29F +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEeQYJKoZIhvcNAQcCoIIEajCCBGYCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/TCCAfkCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQgdtHL +lu5tVQfC4sZVryF+SkYhkq/aekFGsbMo2rqR6+AweQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIERzBFAiEAxK/XmJZatskG4QHZ/ohlq17SvGPk +Rwgr4unziZp3FD0CIFWa31GgRiY1d5cfcyRh7nDoAjyRtiuKBDyKa0gPhi8q + +------CEE77F012E48D0E4D6AEFD0F153CE29F-- + diff --git a/test/certs/governance_disable_discovery_enable_access_sign_dds_sec.xml b/test/certs/governance_disable_discovery_enable_access_sign_dds_sec.xml new file mode 100644 index 00000000000..f4d74af566e --- /dev/null +++ b/test/certs/governance_disable_discovery_enable_access_sign_dds_sec.xml @@ -0,0 +1,129 @@ + + + + + + + 0 + 230 + + + false + true + NONE + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsDisableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + diff --git a/test/certs/governance_enable_discovery_disable_access_encrypt.smime b/test/certs/governance_enable_discovery_disable_access_encrypt.smime index 0bee59f4307..6cb7c18168f 100644 --- a/test/certs/governance_enable_discovery_disable_access_encrypt.smime +++ b/test/certs/governance_enable_discovery_disable_access_encrypt.smime @@ -1,9 +1,9 @@ MIME-Version: 1.0 -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----A62D080B0B55507FCBF3825BD36C292D" +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----01B656F5193A0F0AE2248EFE2B6F6478" This is an S/MIME signed message -------A62D080B0B55507FCBF3825BD36C292D +------01B656F5193A0F0AE2248EFE2B6F6478 Content-Type: text/plain @@ -24,7 +24,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* true false true @@ -33,7 +33,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* false false true @@ -42,7 +42,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* false false false @@ -51,7 +51,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* true false false @@ -60,7 +60,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* true false true @@ -69,7 +69,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* false false true @@ -78,7 +78,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* false false false @@ -87,7 +87,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* true false false @@ -95,12 +95,48 @@ Content-Type: text/plain NONE NONE + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + -------A62D080B0B55507FCBF3825BD36C292D +------01B656F5193A0F0AE2248EFE2B6F6478 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" @@ -123,12 +159,12 @@ VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc -BgkqhkiG9w0BCQUxDxcNMTkxMTEyMTQxMDE2WjAvBgkqhkiG9w0BCQQxIgQgbYkL -+uJMkDcm7Tkv+7TlkiYzxD64sLLU3LDzUsLNYIkweQYJKoZIhvcNAQkPMWwwajAL +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQgVQTq +3KY0NuMSPKRD6JDE9NclSjYoqu44yrU3SSGXPecweQYJKoZIhvcNAQkPMWwwajAL BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI -hvcNAwICASgwCgYIKoZIzj0EAwIESDBGAiEAsqS1GWWMrxG7fkXmBOKsE0GnJ4ln -Y1NIu/9aFUXHlQECIQDkm6pKtINbaB7tBak26ey+JNvw1zi/ipeMP1oTp85caQ== +hvcNAwICASgwCgYIKoZIzj0EAwIESDBGAiEAriNrFYmrOHPweiAIPO+lVC95KOT/ +oLno/BRUN/Cvgq0CIQCJoFXxBi69aNBQ1pnp8cjKzU4VDlkxZMCleaLHrgnkhQ== -------A62D080B0B55507FCBF3825BD36C292D-- +------01B656F5193A0F0AE2248EFE2B6F6478-- diff --git a/test/certs/governance_enable_discovery_disable_access_encrypt_dds_sec.xml b/test/certs/governance_enable_discovery_disable_access_encrypt_dds_sec.xml index 2d0071fbc85..0422083109e 100644 --- a/test/certs/governance_enable_discovery_disable_access_encrypt_dds_sec.xml +++ b/test/certs/governance_enable_discovery_disable_access_encrypt_dds_sec.xml @@ -16,7 +16,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* true false true @@ -25,7 +25,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* false false true @@ -34,7 +34,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* false false false @@ -43,7 +43,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* true false false @@ -52,7 +52,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* true false true @@ -61,7 +61,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* false false true @@ -70,7 +70,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* false false false @@ -79,7 +79,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* true false false @@ -87,6 +87,42 @@ NONE NONE + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + diff --git a/test/certs/governance_enable_discovery_disable_access_none.smime b/test/certs/governance_enable_discovery_disable_access_none.smime index 8f870c5de33..5fe9f1492c8 100644 --- a/test/certs/governance_enable_discovery_disable_access_none.smime +++ b/test/certs/governance_enable_discovery_disable_access_none.smime @@ -1,9 +1,9 @@ MIME-Version: 1.0 -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----4AFEDBD9DBBED21B7254CD1E225A6B1E" +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----94C93114442762CAEE8E91C5B33210DF" This is an S/MIME signed message -------4AFEDBD9DBBED21B7254CD1E225A6B1E +------94C93114442762CAEE8E91C5B33210DF Content-Type: text/plain @@ -24,7 +24,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* true false true @@ -33,7 +33,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* false false true @@ -42,7 +42,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* false false false @@ -51,7 +51,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* true false false @@ -60,7 +60,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none/* true false true @@ -69,7 +69,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none/* false false true @@ -78,7 +78,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none/* false false false @@ -87,7 +87,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none/* true false false @@ -95,12 +95,48 @@ Content-Type: text/plain NONE NONE + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + -------4AFEDBD9DBBED21B7254CD1E225A6B1E +------94C93114442762CAEE8E91C5B33210DF Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" @@ -123,12 +159,12 @@ VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc -BgkqhkiG9w0BCQUxDxcNMTkxMTEyMTQxMDE2WjAvBgkqhkiG9w0BCQQxIgQgc6Fq -q9E8Lsjn2Dxcfrhw2iFME0pypOkRcMwk3HGRaY8weQYJKoZIhvcNAQkPMWwwajAL +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQgdxLK +ohRs/N0pcFQyH98tIHbP8uHawqEa/XmBIQ5USCcweQYJKoZIhvcNAQkPMWwwajAL BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI -hvcNAwICASgwCgYIKoZIzj0EAwIERzBFAiAY4Xcy+F7a9KMkapvZeKt4uoaljrmP -or8MyyXyfmoiMAIhANQPDXpETOtSwuuwqH+kvMY1vuG8Ysud0+xtDs3+boNQ +hvcNAwICASgwCgYIKoZIzj0EAwIERzBFAiBI6Vq+/JU8bcOOf7T6VREotDXnrfwr +ydcBDMeOWZwRgwIhAPTTcbWUF1ZgyhXruRTg7cygKHJxoWZJRjRlJ/W7FOFj -------4AFEDBD9DBBED21B7254CD1E225A6B1E-- +------94C93114442762CAEE8E91C5B33210DF-- diff --git a/test/certs/governance_enable_discovery_disable_access_none_dds_sec.xml b/test/certs/governance_enable_discovery_disable_access_none_dds_sec.xml index 2636d64e65a..9dbcc034292 100644 --- a/test/certs/governance_enable_discovery_disable_access_none_dds_sec.xml +++ b/test/certs/governance_enable_discovery_disable_access_none_dds_sec.xml @@ -16,7 +16,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* true false true @@ -25,7 +25,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* false false true @@ -34,7 +34,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* false false false @@ -43,7 +43,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* true false false @@ -52,7 +52,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none/* true false true @@ -61,7 +61,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none/* false false true @@ -70,7 +70,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none/* false false false @@ -79,7 +79,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none/* + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none/* true false false @@ -87,6 +87,42 @@ NONE NONE + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + diff --git a/test/certs/governance_enable_discovery_disable_access_sign.smime b/test/certs/governance_enable_discovery_disable_access_sign.smime new file mode 100644 index 00000000000..2546bfee32e --- /dev/null +++ b/test/certs/governance_enable_discovery_disable_access_sign.smime @@ -0,0 +1,170 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----943B4003C96747432C0569683E8869F3" + +This is an S/MIME signed message + +------943B4003C96747432C0569683E8869F3 +Content-Type: text/plain + + + + + + + + 0 + 230 + + + false + false + ENCRYPT + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + + +------943B4003C96747432C0569683E8869F3 +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEeAYJKoZIhvcNAQcCoIIEaTCCBGUCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/DCCAfgCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQgraKZ +8gvIoUCsZi+z5JPC2WwvG/VTJ0lWIk5VAHgV9aIweQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIERjBEAiBpRB6XtrQi647e3SOz2xgb7glE7HFH +p/6RwsXf8i3gzQIgIWAlH41vwQnd9eMFMYYfnfnQhLhhehuUnVE6mOqCAcs= + +------943B4003C96747432C0569683E8869F3-- + diff --git a/test/certs/governance_enable_discovery_disable_access_sign_dds_sec.xml b/test/certs/governance_enable_discovery_disable_access_sign_dds_sec.xml new file mode 100644 index 00000000000..789d7c95cdb --- /dev/null +++ b/test/certs/governance_enable_discovery_disable_access_sign_dds_sec.xml @@ -0,0 +1,129 @@ + + + + + + + 0 + 230 + + + false + false + ENCRYPT + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsEnableDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + diff --git a/test/certs/governance_enable_discovery_enable_access_encrypt.smime b/test/certs/governance_enable_discovery_enable_access_encrypt.smime index c61a4768c59..d85048b720a 100644 --- a/test/certs/governance_enable_discovery_enable_access_encrypt.smime +++ b/test/certs/governance_enable_discovery_enable_access_encrypt.smime @@ -1,9 +1,9 @@ MIME-Version: 1.0 -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----2C373F66B31175F86167D60891007C6A" +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----A0D289B3D2591FE294A52AA08659D074" This is an S/MIME signed message -------2C373F66B31175F86167D60891007C6A +------A0D289B3D2591FE294A52AA08659D074 Content-Type: text/plain @@ -24,7 +24,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt* true false true @@ -33,7 +33,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt* false false true @@ -42,7 +42,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt* false false false @@ -51,7 +51,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt* true false false @@ -60,7 +60,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none* true false true @@ -69,7 +69,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none* false false true @@ -78,7 +78,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none* false false false @@ -87,7 +87,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none* true false false @@ -95,12 +95,48 @@ Content-Type: text/plain NONE NONE + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign* + true + false + true + true + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign* + false + false + true + true + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign* + false + false + false + false + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign* + true + false + false + false + SIGN + SIGN + -------2C373F66B31175F86167D60891007C6A +------A0D289B3D2591FE294A52AA08659D074 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" @@ -123,12 +159,12 @@ VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc -BgkqhkiG9w0BCQUxDxcNMTkxMTEyMTQxMDE2WjAvBgkqhkiG9w0BCQQxIgQgPn3X -yHDxEadk0HXtBP0aFlzbKTH+himWBrA8YPS/oH8weQYJKoZIhvcNAQkPMWwwajAL +BgkqhkiG9w0BCQUxDxcNMjYwNTEzMDgyMDQ1WjAvBgkqhkiG9w0BCQQxIgQgyH+W +YwUB4qCgRQ14g6kCf0PfPNqfIZCzuXl39tdLa1MweQYJKoZIhvcNAQkPMWwwajAL BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI -hvcNAwICASgwCgYIKoZIzj0EAwIERjBEAiBzm4XUZQMkDm/+ny0K+h1A1ttibFS9 -4MExv/GUxbqTqAIgWc2qhJ0huiVjuAwvOgBrwLUWuHA/q6WkevpjeZAJDlk= +hvcNAwICASgwCgYIKoZIzj0EAwIERjBEAiA4WapAIcnT4pV64i7R5cNWzqwCq8I0 +YeNeu1+MdkglDAIgFzOIqRkUp0bB5Wfw3BIxyt2rzJ9rzU4TcQuRqMinzA0= -------2C373F66B31175F86167D60891007C6A-- +------A0D289B3D2591FE294A52AA08659D074-- diff --git a/test/certs/governance_enable_discovery_enable_access_encrypt_dds_sec.xml b/test/certs/governance_enable_discovery_enable_access_encrypt_dds_sec.xml index d10ff359b83..240b4edbfca 100644 --- a/test/certs/governance_enable_discovery_enable_access_encrypt_dds_sec.xml +++ b/test/certs/governance_enable_discovery_enable_access_encrypt_dds_sec.xml @@ -16,7 +16,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt* true false true @@ -25,7 +25,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt* false false true @@ -34,7 +34,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt* false false false @@ -43,7 +43,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt* true false false @@ -52,7 +52,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none* true false true @@ -61,7 +61,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none* false false true @@ -70,7 +70,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none* false false false @@ -79,7 +79,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none* true false false @@ -87,6 +87,42 @@ NONE NONE + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign* + true + false + true + true + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign* + false + false + true + true + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign* + false + false + false + false + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign* + true + false + false + false + SIGN + SIGN + diff --git a/test/certs/governance_enable_discovery_enable_access_none.smime b/test/certs/governance_enable_discovery_enable_access_none.smime index 71ff8004024..4a47a1a5e33 100644 --- a/test/certs/governance_enable_discovery_enable_access_none.smime +++ b/test/certs/governance_enable_discovery_enable_access_none.smime @@ -1,9 +1,9 @@ MIME-Version: 1.0 -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----4872EE951F8BF9BA44A5FC4177362170" +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----5F5287EFD10F53F2D5B76110A30BF75D" This is an S/MIME signed message -------4872EE951F8BF9BA44A5FC4177362170 +------5F5287EFD10F53F2D5B76110A30BF75D Content-Type: text/plain @@ -24,7 +24,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt* true false true @@ -33,7 +33,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt* false false true @@ -42,7 +42,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt* false false false @@ -51,7 +51,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt* true false false @@ -60,7 +60,7 @@ Content-Type: text/plain ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none* true false true @@ -69,7 +69,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none* false false true @@ -78,7 +78,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none* false false false @@ -87,7 +87,7 @@ Content-Type: text/plain NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none* true false false @@ -95,17 +95,53 @@ Content-Type: text/plain NONE NONE + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_sign* + true + false + true + true + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_sign* + false + false + true + true + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_sign* + false + false + false + false + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_sign* + true + false + false + false + SIGN + SIGN + -------4872EE951F8BF9BA44A5FC4177362170 +------5F5287EFD10F53F2D5B76110A30BF75D Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" -MIIEeAYJKoZIhvcNAQcCoIIEaTCCBGUCAQExDzANBglghkgBZQMEAgEFADALBgkq +MIIEeQYJKoZIhvcNAQcCoIIEajCCBGYCAQExDzANBglghkgBZQMEAgEFADALBgkq hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV @@ -118,17 +154,17 @@ cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE 3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS 7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT 4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 -SVxpI+3UYs2kV5n0MYIB/DCCAfgCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +SVxpI+3UYs2kV5n0MYIB/TCCAfkCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc -BgkqhkiG9w0BCQUxDxcNMTkxMTEyMTQxMDE2WjAvBgkqhkiG9w0BCQQxIgQgPBQZ -WFLD67c32V2yZXuuhOiPrLY4PJvlUGuWZRgVaAEweQYJKoZIhvcNAQkPMWwwajAL +BgkqhkiG9w0BCQUxDxcNMjYwNTEzMDgyMDQzWjAvBgkqhkiG9w0BCQQxIgQgj2XX +o/aAJ0rqAyzTt+4hp13LQ5RxMfcXgLjPSG56FIIweQYJKoZIhvcNAQkPMWwwajAL BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI -hvcNAwICASgwCgYIKoZIzj0EAwIERjBEAiA0PGC5Yjmfib7ScwyOSaguvVTEOv1M -OwuQaEUiTFZk4AIgXreg7c53pn1Rq2yEHQVFYEwLJGDuws7Xm1FR2ed5hq0= +hvcNAwICASgwCgYIKoZIzj0EAwIERzBFAiEA/zoCfnRDmBChD6N0dNI6j7OoKwHs +Xh4df3eddXFh4eoCIDCnvLgiUl9LNncoSU7oapY59PB1XkfHzEUdxaMH8BQj -------4872EE951F8BF9BA44A5FC4177362170-- +------5F5287EFD10F53F2D5B76110A30BF75D-- diff --git a/test/certs/governance_enable_discovery_enable_access_none_dds_sec.xml b/test/certs/governance_enable_discovery_enable_access_none_dds_sec.xml index b04e46dd75d..b05266c0e08 100644 --- a/test/certs/governance_enable_discovery_enable_access_none_dds_sec.xml +++ b/test/certs/governance_enable_discovery_enable_access_none_dds_sec.xml @@ -16,7 +16,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt* true false true @@ -25,7 +25,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt* false false true @@ -34,7 +34,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt* false false false @@ -43,7 +43,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt* true false false @@ -52,7 +52,7 @@ ENCRYPT - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none* true false true @@ -61,7 +61,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none* false false true @@ -70,7 +70,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none* false false false @@ -79,7 +79,7 @@ NONE - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none/* + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none* true false false @@ -87,6 +87,42 @@ NONE NONE + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_sign* + true + false + true + true + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_sign* + false + false + true + true + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_sign* + false + false + false + false + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_sign* + true + false + false + false + SIGN + SIGN + diff --git a/test/certs/governance_enable_discovery_enable_access_sign.smime b/test/certs/governance_enable_discovery_enable_access_sign.smime new file mode 100644 index 00000000000..0c8206af076 --- /dev/null +++ b/test/certs/governance_enable_discovery_enable_access_sign.smime @@ -0,0 +1,170 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----91DB19D7E7556C0F85BD565BA8419FA0" + +This is an S/MIME signed message + +------91DB19D7E7556C0F85BD565BA8419FA0 +Content-Type: text/plain + + + + + + + + 0 + 230 + + + false + true + ENCRYPT + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_encrypt* + true + false + true + true + ENCRYPT + ENCRYPT + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_encrypt* + false + false + true + true + ENCRYPT + ENCRYPT + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_encrypt* + false + false + false + false + ENCRYPT + ENCRYPT + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_encrypt* + true + false + false + false + ENCRYPT + ENCRYPT + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_none* + true + false + true + true + NONE + NONE + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_none* + false + false + true + true + NONE + NONE + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_none* + false + false + false + false + NONE + NONE + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_none* + true + false + false + false + NONE + NONE + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_sign* + true + false + true + true + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_sign* + false + false + true + true + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_sign* + false + false + false + false + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_sign* + true + false + false + false + SIGN + SIGN + + + + + + +------91DB19D7E7556C0F85BD565BA8419FA0 +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEeAYJKoZIhvcNAQcCoIIEaTCCBGUCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/DCCAfgCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwNTEzMDgyMDQxWjAvBgkqhkiG9w0BCQQxIgQglLDj +hOk1Wyt3JedZ2vv/cf4TJCEek/BRKJRGyodZ1ncweQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIERjBEAiBHp3ThQpZcezkOnxN3PaATwTQR0GaK +Vel9bmoajh0ZsQIgG0X2rDQ4K3AY0bS5/3b0tRo7PFSIvDdv+0MEaJSmBM8= + +------91DB19D7E7556C0F85BD565BA8419FA0-- + diff --git a/test/certs/governance_enable_discovery_enable_access_sign_dds_sec.xml b/test/certs/governance_enable_discovery_enable_access_sign_dds_sec.xml new file mode 100644 index 00000000000..7f49824ebff --- /dev/null +++ b/test/certs/governance_enable_discovery_enable_access_sign_dds_sec.xml @@ -0,0 +1,129 @@ + + + + + + + 0 + 230 + + + false + true + ENCRYPT + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_encrypt* + true + false + true + true + ENCRYPT + ENCRYPT + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_encrypt* + false + false + true + true + ENCRYPT + ENCRYPT + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_encrypt* + false + false + false + false + ENCRYPT + ENCRYPT + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_encrypt* + true + false + false + false + ENCRYPT + ENCRYPT + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_none* + true + false + true + true + NONE + NONE + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_none* + false + false + true + true + NONE + NONE + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_none* + false + false + false + false + NONE + NONE + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_none* + true + false + false + false + NONE + NONE + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_sign* + true + false + true + true + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_sign* + false + false + true + true + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_sign* + false + false + false + false + SIGN + SIGN + + + *SecurityPlugins_PermissionsEnableDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_sign* + true + false + false + false + SIGN + SIGN + + + + + diff --git a/test/certs/governance_only_auth.smime b/test/certs/governance_only_auth.smime new file mode 100644 index 00000000000..72503d11476 --- /dev/null +++ b/test/certs/governance_only_auth.smime @@ -0,0 +1,71 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----CDC802D4A44DEBD141FB115FEF4EEFA1" + +This is an S/MIME signed message + +------CDC802D4A44DEBD141FB115FEF4EEFA1 +Content-Type: text/plain + + + + + + + + 0 + 230 + + + true + false + NONE + NONE + NONE + + + * + false + false + false + false + NONE + NONE + + + + + + +------CDC802D4A44DEBD141FB115FEF4EEFA1 +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEeQYJKoZIhvcNAQcCoIIEajCCBGYCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/TCCAfkCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MDgzNzUxWjAvBgkqhkiG9w0BCQQxIgQgdzk7 +tmk0V3WS29wXV3v6iaNpEAxFuubj9p/YPeamaOgweQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIERzBFAiEAtjZVoGLM6zpAFUI85L3I7TwTP9oK +49w3EfJp0QK5Ix8CIEnKewC2NEJfSoFtAloJn8Un+XXX4wYZPYYAV1pTtJPp + +------CDC802D4A44DEBD141FB115FEF4EEFA1-- + diff --git a/test/certs/governance_only_auth.xml b/test/certs/governance_only_auth.xml new file mode 100644 index 00000000000..caf1e1735a4 --- /dev/null +++ b/test/certs/governance_only_auth.xml @@ -0,0 +1,30 @@ + + + + + + + 0 + 230 + + + true + false + NONE + NONE + NONE + + + * + false + false + false + false + NONE + NONE + + + + + diff --git a/test/certs/governance_performance_tests.smime b/test/certs/governance_performance_tests.smime new file mode 100644 index 00000000000..e551bb20afa --- /dev/null +++ b/test/certs/governance_performance_tests.smime @@ -0,0 +1,98 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----A3A69F83570EA4E55055CB6348C1A638" + +This is an S/MIME signed message + +------A3A69F83570EA4E55055CB6348C1A638 +Content-Type: text/plain + + + + + + + + 0 + 230 + + + false + true + ENCRYPT + ENCRYPT + ENCRYPT + + + LatencyTest_* + true + false + true + true + ENCRYPT + ENCRYPT + + + ThroughputTest_* + true + false + true + true + ENCRYPT + ENCRYPT + + + VideoTest_* + true + false + true + true + ENCRYPT + ENCRYPT + + + MemoryTest_* + true + false + true + true + ENCRYPT + ENCRYPT + + + + + + +------A3A69F83570EA4E55055CB6348C1A638 +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEeAYJKoZIhvcNAQcCoIIEaTCCBGUCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/DCCAfgCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwMzE5MTUzNDAzWjAvBgkqhkiG9w0BCQQxIgQgcIBF +C/9t5trdwuz6PkK1h16qWwLU7VSXsN8ai64BnSkweQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIERjBEAiAH13kV1oOnMkfWJlpV70s9RXlIMg5p +AX5wUmSMghB+eQIgeOzhcfTXY/UKcWXbo2Z2ByJnVksmwhwypS8x+MZrgyI= + +------A3A69F83570EA4E55055CB6348C1A638-- + diff --git a/test/certs/governance_performance_tests.xml b/test/certs/governance_performance_tests.xml new file mode 100644 index 00000000000..2bfad67e110 --- /dev/null +++ b/test/certs/governance_performance_tests.xml @@ -0,0 +1,57 @@ + + + + + + + 0 + 230 + + + false + true + ENCRYPT + ENCRYPT + ENCRYPT + + + LatencyTest_* + true + false + true + true + ENCRYPT + ENCRYPT + + + ThroughputTest_* + true + false + true + true + ENCRYPT + ENCRYPT + + + VideoTest_* + true + false + true + true + ENCRYPT + ENCRYPT + + + MemoryTest_* + true + false + true + true + ENCRYPT + ENCRYPT + + + + + diff --git a/test/certs/governance_sign_discovery_disable_access_encrypt.smime b/test/certs/governance_sign_discovery_disable_access_encrypt.smime new file mode 100644 index 00000000000..d1600044a8d --- /dev/null +++ b/test/certs/governance_sign_discovery_disable_access_encrypt.smime @@ -0,0 +1,170 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----B3FF8FA7E85004591DFC28C030945F48" + +This is an S/MIME signed message + +------B3FF8FA7E85004591DFC28C030945F48 +Content-Type: text/plain + + + + + + + + 0 + 230 + + + false + false + SIGN + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + + +------B3FF8FA7E85004591DFC28C030945F48 +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEegYJKoZIhvcNAQcCoIIEazCCBGcCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/jCCAfoCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQg2Pz7 +wqqmaOYoX55Veuwm7fF2FR6z3YWWrZXlBjic9joweQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIESDBGAiEA7MgjUMHDfkuCM3a7SsmFFJf+u5pL +V+Rhmtc9+GnupisCIQD9lCjT+wFbDxi2A2JoqP6Kkz/RY9nmKHR/e3PK5w3V1g== + +------B3FF8FA7E85004591DFC28C030945F48-- + diff --git a/test/certs/governance_sign_discovery_disable_access_encrypt_dds_sec.xml b/test/certs/governance_sign_discovery_disable_access_encrypt_dds_sec.xml new file mode 100644 index 00000000000..b6ebc921bc6 --- /dev/null +++ b/test/certs/governance_sign_discovery_disable_access_encrypt_dds_sec.xml @@ -0,0 +1,129 @@ + + + + + + + 0 + 230 + + + false + false + SIGN + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + diff --git a/test/certs/governance_sign_discovery_disable_access_none.smime b/test/certs/governance_sign_discovery_disable_access_none.smime new file mode 100644 index 00000000000..5485e74abef --- /dev/null +++ b/test/certs/governance_sign_discovery_disable_access_none.smime @@ -0,0 +1,170 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----6B12186E75E65FF801D8767DFEACCAA1" + +This is an S/MIME signed message + +------6B12186E75E65FF801D8767DFEACCAA1 +Content-Type: text/plain + + + + + + + + 0 + 230 + + + false + false + SIGN + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + + +------6B12186E75E65FF801D8767DFEACCAA1 +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEeAYJKoZIhvcNAQcCoIIEaTCCBGUCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/DCCAfgCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQgDj4n +6YSZDCIjZzv/TIPDOJSRNQ8zGQJRFQVkFNFBjQEweQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIERjBEAiB+nD4Rr9xeLO3VENQh7PZaTBCZN7EY +laXPK2qtpk1mCAIgQfNJUNgV5aFmFV/Wr6OEa/XIYk70BFvk265NXNTjvyc= + +------6B12186E75E65FF801D8767DFEACCAA1-- + diff --git a/test/certs/governance_sign_discovery_disable_access_none_dds_sec.xml b/test/certs/governance_sign_discovery_disable_access_none_dds_sec.xml new file mode 100644 index 00000000000..f59c267a4c5 --- /dev/null +++ b/test/certs/governance_sign_discovery_disable_access_none_dds_sec.xml @@ -0,0 +1,129 @@ + + + + + + + 0 + 230 + + + false + false + SIGN + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessNone_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + diff --git a/test/certs/governance_sign_discovery_disable_access_sign.smime b/test/certs/governance_sign_discovery_disable_access_sign.smime new file mode 100644 index 00000000000..42d7aa09e7a --- /dev/null +++ b/test/certs/governance_sign_discovery_disable_access_sign.smime @@ -0,0 +1,170 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----7068B26B5C785B7BDBD5385A326B21CF" + +This is an S/MIME signed message + +------7068B26B5C785B7BDBD5385A326B21CF +Content-Type: text/plain + + + + + + + + 0 + 230 + + + false + false + SIGN + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + + +------7068B26B5C785B7BDBD5385A326B21CF +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEeQYJKoZIhvcNAQcCoIIEajCCBGYCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/TCCAfkCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQgUVel +aXsPwzzpmnE4UN0XZerMSi7Lp41ZTTQ1GRjyJj4weQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIERzBFAiBGLbNWj+NvoaoLi9NY2GnOPZ1tkhwG +Xn+Jwswc/mkdIwIhAK69ePqeAwZqLgmkG8F95++uLO8mHJR1NLesunKFxAZz + +------7068B26B5C785B7BDBD5385A326B21CF-- + diff --git a/test/certs/governance_sign_discovery_disable_access_sign_dds_sec.xml b/test/certs/governance_sign_discovery_disable_access_sign_dds_sec.xml new file mode 100644 index 00000000000..4c30ca80bd8 --- /dev/null +++ b/test/certs/governance_sign_discovery_disable_access_sign_dds_sec.xml @@ -0,0 +1,129 @@ + + + + + + + 0 + 230 + + + false + false + SIGN + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryDisableAccessSign_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + diff --git a/test/certs/governance_sign_discovery_enable_access_encrypt.smime b/test/certs/governance_sign_discovery_enable_access_encrypt.smime new file mode 100644 index 00000000000..13586930222 --- /dev/null +++ b/test/certs/governance_sign_discovery_enable_access_encrypt.smime @@ -0,0 +1,170 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----EAA84B7A896AA26C36C620C607A4AE99" + +This is an S/MIME signed message + +------EAA84B7A896AA26C36C620C607A4AE99 +Content-Type: text/plain + + + + + + + + 0 + 230 + + + false + true + SIGN + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + + +------EAA84B7A896AA26C36C620C607A4AE99 +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEeQYJKoZIhvcNAQcCoIIEajCCBGYCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/TCCAfkCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMjI0WjAvBgkqhkiG9w0BCQQxIgQgDWYN +QOE1DCRzKoS3u3nyvNoBERcLBD5v9x5J/9PID18weQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIERzBFAiEA3reulIBVw1tlVXSaqWwUnFLqkrM4 +2YC8jaQhIJ9qNDkCIGwG+1O23zf5xZd55PPqi3x24gHNOO5+CWldJ+JIpLsy + +------EAA84B7A896AA26C36C620C607A4AE99-- + diff --git a/test/certs/governance_sign_discovery_enable_access_encrypt_dds_sec.xml b/test/certs/governance_sign_discovery_enable_access_encrypt_dds_sec.xml new file mode 100644 index 00000000000..36d8b413ebb --- /dev/null +++ b/test/certs/governance_sign_discovery_enable_access_encrypt_dds_sec.xml @@ -0,0 +1,129 @@ + + + + + + + 0 + 230 + + + false + true + SIGN + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessEncrypt_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + diff --git a/test/certs/governance_sign_discovery_enable_access_none.smime b/test/certs/governance_sign_discovery_enable_access_none.smime new file mode 100644 index 00000000000..6329c8963ca --- /dev/null +++ b/test/certs/governance_sign_discovery_enable_access_none.smime @@ -0,0 +1,170 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----9506B036F9FA14BA0FD6A32A73501DF7" + +This is an S/MIME signed message + +------9506B036F9FA14BA0FD6A32A73501DF7 +Content-Type: text/plain + + + + + + + + 0 + 230 + + + false + true + SIGN + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + + +------9506B036F9FA14BA0FD6A32A73501DF7 +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEeAYJKoZIhvcNAQcCoIIEaTCCBGUCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/DCCAfgCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAzMDMwWjAvBgkqhkiG9w0BCQQxIgQgtqF4 +L3fUUOdJDRk5LygFyUqM3MY1Gz0LoISehvjUhf4weQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIERjBEAiBdzzXCxXyL9CmzxR8aQE+vdKAXk4FI +wRygppv7fu/C7AIgeSgPstLKrQEKD0Q16PIcGmcm2pnbMJjNjxl6ngMPHPo= + +------9506B036F9FA14BA0FD6A32A73501DF7-- + diff --git a/test/certs/governance_sign_discovery_enable_access_none_dds_sec.xml b/test/certs/governance_sign_discovery_enable_access_none_dds_sec.xml new file mode 100644 index 00000000000..6be542f89a0 --- /dev/null +++ b/test/certs/governance_sign_discovery_enable_access_none_dds_sec.xml @@ -0,0 +1,129 @@ + + + + + + + 0 + 230 + + + false + true + SIGN + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessNone_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + diff --git a/test/certs/governance_sign_discovery_enable_access_sign.smime b/test/certs/governance_sign_discovery_enable_access_sign.smime new file mode 100644 index 00000000000..4b09e9864d2 --- /dev/null +++ b/test/certs/governance_sign_discovery_enable_access_sign.smime @@ -0,0 +1,170 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----B456791B6FFE6161828347E773A874F8" + +This is an S/MIME signed message + +------B456791B6FFE6161828347E773A874F8 +Content-Type: text/plain + + + + + + + + 0 + 230 + + + false + true + SIGN + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + + +------B456791B6FFE6161828347E773A874F8 +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEeAYJKoZIhvcNAQcCoIIEaTCCBGUCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/DCCAfgCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwNTA4MTAyOTUzWjAvBgkqhkiG9w0BCQQxIgQgnAgL +pL2inTBS7TG+ODXjumOBriUSZb5rxH83Opb1rE0weQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIERjBEAiBD6XfKVRAbBrpJgWcRScEI3pxWqkul +FwidctAvHshdxAIgAxNh3MisepLR+rCXgoSfkXFW7xRIdqE5VGubGpotPLI= + +------B456791B6FFE6161828347E773A874F8-- + diff --git a/test/certs/governance_sign_discovery_enable_access_sign_dds_sec.xml b/test/certs/governance_sign_discovery_enable_access_sign_dds_sec.xml new file mode 100644 index 00000000000..4052e6ab1d8 --- /dev/null +++ b/test/certs/governance_sign_discovery_enable_access_sign_dds_sec.xml @@ -0,0 +1,129 @@ + + + + + + + 0 + 230 + + + false + true + SIGN + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_encrypt/* + true + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_encrypt/* + false + false + true + true + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_encrypt/* + false + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_encrypt/* + true + false + false + false + ENCRYPT + ENCRYPT + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_none/* + true + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_none/* + false + false + true + true + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_none/* + false + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_none/* + true + false + false + false + NONE + NONE + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_enable_access_sign/* + true + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_enable_access_sign/* + false + false + true + true + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_disable_discovery_disable_access_sign/* + false + false + false + false + SIGN + SIGN + + + Security/Security_SecurityPlugins_PermissionsSignDiscoveryEnableAccessSign_validation_ok_enable_discovery_disable_access_sign/* + true + false + false + false + SIGN + SIGN + + + + + diff --git a/test/certs/permissions.smime b/test/certs/permissions.smime index 7696a619f2f..ff83e18631b 100644 --- a/test/certs/permissions.smime +++ b/test/certs/permissions.smime @@ -1,9 +1,9 @@ MIME-Version: 1.0 -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----910B482A73CC44DF449F7711DFB38632" +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----B02AF6EF39042EA2E8090FB8A17B5166" This is an S/MIME signed message -------910B482A73CC44DF449F7711DFB38632 +------B02AF6EF39042EA2E8090FB8A17B5166 Content-Type: text/plain @@ -25,7 +25,7 @@ Content-Type: text/plain *clock* - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions*_validation_ok* + *SecurityPlugins_Permissions*_validation_ok* @@ -47,7 +47,7 @@ Content-Type: text/plain *clock* - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions*_validation_ok* + *SecurityPlugins_Permissions*_validation_ok* *temperature* @@ -57,12 +57,12 @@ Content-Type: text/plain -------910B482A73CC44DF449F7711DFB38632 +------B02AF6EF39042EA2E8090FB8A17B5166 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" -MIIEeQYJKoZIhvcNAQcCoIIEajCCBGYCAQExDzANBglghkgBZQMEAgEFADALBgkq +MIIEegYJKoZIhvcNAQcCoIIEazCCBGcCAQExDzANBglghkgBZQMEAgEFADALBgkq hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV @@ -75,17 +75,17 @@ cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE 3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS 7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT 4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 -SVxpI+3UYs2kV5n0MYIB/TCCAfkCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +SVxpI+3UYs2kV5n0MYIB/jCCAfoCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc -BgkqhkiG9w0BCQUxDxcNMTkxMTEyMTQxMDIxWjAvBgkqhkiG9w0BCQQxIgQgRq/+ -RJxf7uA6wZ+bkIoceuCwacVRD7jkqs93rQGRocEweQYJKoZIhvcNAQkPMWwwajAL +BgkqhkiG9w0BCQUxDxcNMjYwNTEzMDgzMTUwWjAvBgkqhkiG9w0BCQQxIgQg3B0A +OLjl5f5ugj0biZxBE+W0uVB4N2/u26ScCR63kQQweQYJKoZIhvcNAQkPMWwwajAL BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI -hvcNAwICASgwCgYIKoZIzj0EAwIERzBFAiA+UOENZBH6lb0WeOa4dCDiD8psIO6H -vdAbRXDlNwCnFgIhAI7m8vGdHvnl0J0NOWMkV1EeLnI4F+XsDOtaDziWPfN0 +hvcNAwICASgwCgYIKoZIzj0EAwIESDBGAiEAilZu9H5ZGo5l7wYxQAFrBbqVVLem +LNG5X6Ak2o6mW/UCIQCu7boQpCNvyL+e1NGpdNDwSH/uB/q296gHXEU5NHvSEQ== -------910B482A73CC44DF449F7711DFB38632-- +------B02AF6EF39042EA2E8090FB8A17B5166-- diff --git a/test/certs/permissions_dds_sec.xml b/test/certs/permissions_dds_sec.xml index 6dc53017286..d645ed9e2e9 100644 --- a/test/certs/permissions_dds_sec.xml +++ b/test/certs/permissions_dds_sec.xml @@ -17,7 +17,7 @@ *clock* - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions*_validation_ok* + *SecurityPlugins_Permissions*_validation_ok* @@ -39,7 +39,7 @@ *clock* - Security/Security_BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions*_validation_ok* + *SecurityPlugins_Permissions*_validation_ok* *temperature* diff --git a/test/certs/permissions_performance_tests.smime b/test/certs/permissions_performance_tests.smime new file mode 100644 index 00000000000..3e895b436c8 --- /dev/null +++ b/test/certs/permissions_performance_tests.smime @@ -0,0 +1,110 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----672F9939D8C1906087DE65D765CE93D4" + +This is an S/MIME signed message + +------672F9939D8C1906087DE65D765CE93D4 +Content-Type: text/plain + + + + + + emailAddress=mainpub@eprosima.com, CN=Main Publisher, OU=eProsima, O=eProsima, ST=MA, C=ES + + 2013-06-01T13:00:00 + 2038-06-01T13:00:00 + + + + + 0 + 230 + + + + + LatencyTest_* + ThroughputTest_* + VideoTest_* + MemoryTest_* + + + + + LatencyTest_* + ThroughputTest_* + VideoTest_* + MemoryTest_* + + + + DENY + + + emailAddress=mainsub@eprosima.com, CN=Main Subscriber, OU=eProsima, O=eProsima, ST=MA, C=ES + + 2013-06-01T13:00:00 + 2038-06-01T13:00:00 + + + + + 0 + 230 + + + + + LatencyTest_* + ThroughputTest_* + VideoTest_* + MemoryTest_* + + + + + LatencyTest_* + ThroughputTest_* + VideoTest_* + MemoryTest_* + + + + DENY + + + + +------672F9939D8C1906087DE65D765CE93D4 +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIEeAYJKoZIhvcNAQcCoIIEaTCCBGUCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggJAMIICPDCCAeOgAwIBAgIJALZwpgo2sxthMAoGCCqGSM49BAMC +MIGaMQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2Fu +dG9zMREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNV +BAMMFWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNh +QGVwcm9zaW1hLmNvbTAeFw0xNzA5MDYwOTAzMDNaFw0yNzA5MDQwOTAzMDNaMIGa +MQswCQYDVQQGEwJFUzELMAkGA1UECAwCTUExFDASBgNVBAcMC1RyZXMgQ2FudG9z +MREwDwYDVQQKDAhlUHJvc2ltYTERMA8GA1UECwwIZVByb3NpbWExHjAcBgNVBAMM +FWVQcm9zaW1hIE1haW4gVGVzdCBDQTEiMCAGCSqGSIb3DQEJARYTbWFpbmNhQGVw +cm9zaW1hLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLlhB3WQ8l1fpUE +3DfOoulA/de38Zfj7hmpKtOnxiH2q6RJbwhxvJeA7R7mkmAKaJKmzx695BjyiXVS +7bE7vgejEDAOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgVTY1BEvT +4pw3GyBMzaUqmp69wi0kBkyOgq04OhyJ13UCICR125vvt0fUhXsXaxOAx28E4Ac9 +SVxpI+3UYs2kV5n0MYIB/DCCAfgCAQEwgagwgZoxCzAJBgNVBAYTAkVTMQswCQYD +VQQIDAJNQTEUMBIGA1UEBwwLVHJlcyBDYW50b3MxETAPBgNVBAoMCGVQcm9zaW1h +MREwDwYDVQQLDAhlUHJvc2ltYTEeMBwGA1UEAwwVZVByb3NpbWEgTWFpbiBUZXN0 +IENBMSIwIAYJKoZIhvcNAQkBFhNtYWluY2FAZXByb3NpbWEuY29tAgkAtnCmCjaz +G2EwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMjYwMzE5MTUzNDAzWjAvBgkqhkiG9w0BCQQxIgQgYG5f +rSPoncqnj+juDOR7akNuMp3VteftkLV61Bm7Pd0weQYJKoZIhvcNAQkPMWwwajAL +BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D +BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI +hvcNAwICASgwCgYIKoZIzj0EAwIERjBEAiB7/iPRXqpZPrm8ZvGBWNLrsS9ioj8d +LjWCwU3BZHUOkAIgGbljAvGHH76HuLCE3BGNGqGq0SIKdzwXPlCN0W/uYME= + +------672F9939D8C1906087DE65D765CE93D4-- + diff --git a/test/certs/permissions_performance_tests.xml b/test/certs/permissions_performance_tests.xml new file mode 100644 index 00000000000..bccc65242ed --- /dev/null +++ b/test/certs/permissions_performance_tests.xml @@ -0,0 +1,69 @@ + + + + + emailAddress=mainpub@eprosima.com, CN=Main Publisher, OU=eProsima, O=eProsima, ST=MA, C=ES + + 2013-06-01T13:00:00 + 2038-06-01T13:00:00 + + + + + 0 + 230 + + + + + LatencyTest_* + ThroughputTest_* + VideoTest_* + MemoryTest_* + + + + + LatencyTest_* + ThroughputTest_* + VideoTest_* + MemoryTest_* + + + + DENY + + + emailAddress=mainsub@eprosima.com, CN=Main Subscriber, OU=eProsima, O=eProsima, ST=MA, C=ES + + 2013-06-01T13:00:00 + 2038-06-01T13:00:00 + + + + + 0 + 230 + + + + + LatencyTest_* + ThroughputTest_* + VideoTest_* + MemoryTest_* + + + + + LatencyTest_* + ThroughputTest_* + VideoTest_* + MemoryTest_* + + + + DENY + + + diff --git a/test/performance/latency/main_LatencyTest.cpp b/test/performance/latency/main_LatencyTest.cpp index 11396d04de4..04afa7e4189 100644 --- a/test/performance/latency/main_LatencyTest.cpp +++ b/test/performance/latency/main_LatencyTest.cpp @@ -445,6 +445,8 @@ int main( return -1; } + // Subscriber + // Auth sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", "builtin.PKI-DH")); sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", "file://" + certs_path + "/maincacert.pem")); @@ -453,11 +455,21 @@ int main( sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", "file://" + certs_path + "/mainsubkey.pem")); sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC")); - sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - + // Access + sub_part_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", + "builtin.Access-Permissions")); + sub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions_ca", + "file://" + certs_path + "/maincacert.pem")); + sub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.governance", + "file://" + certs_path + "/governance_performance_tests.smime")); + sub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions", + "file://" + certs_path + "/permissions_performance_tests.smime")); + + // Publisher + // Auth pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", "builtin.PKI-DH")); pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", "file://" + certs_path + "/maincacert.pem")); @@ -466,9 +478,18 @@ int main( pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", "file://" + certs_path + "/mainpubkey.pem")); pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC")); - pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); + // Access + pub_part_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", + "builtin.Access-Permissions")); + pub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions_ca", + "file://" + certs_path + "/maincacert.pem")); + pub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.governance", + "file://" + certs_path + "/governance_performance_tests.smime")); + pub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions", + "file://" + certs_path + "/permissions_performance_tests.smime")); } #endif // if HAVE_SECURITY diff --git a/test/performance/throughput/main_ThroughputTest.cpp b/test/performance/throughput/main_ThroughputTest.cpp index 12fc9001cd3..e76b906d695 100644 --- a/test/performance/throughput/main_ThroughputTest.cpp +++ b/test/performance/throughput/main_ThroughputTest.cpp @@ -393,6 +393,8 @@ int main( } std::cout << "certs_path: " << certs_path << std::endl; + // Subscriber + // Auth sub_part_property_policy.properties().emplace_back(Property( "dds.sec.auth.plugin", "builtin.PKI-DH")); @@ -408,16 +410,21 @@ int main( sub_part_property_policy.properties().emplace_back(Property( "dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC")); - sub_part_property_policy.properties().emplace_back( - "rtps.participant.rtps_protection_kind", - "ENCRYPT"); - sub_property_policy.properties().emplace_back( - "rtps.endpoint.submessage_protection_kind", - "ENCRYPT"); - sub_property_policy.properties().emplace_back( - "rtps.endpoint.payload_protection_kind", - "ENCRYPT"); + // Access + sub_part_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", + "builtin.Access-Permissions")); + sub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions_ca", + "file://" + certs_path + "/maincacert.pem")); + sub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.governance", + "file://" + certs_path + "/governance_performance_tests.smime")); + sub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions", + "file://" + certs_path + "/permissions_performance_tests.smime")); + // Publisher + // Auth pub_part_property_policy.properties().emplace_back(Property( "dds.sec.auth.plugin", "builtin.PKI-DH")); @@ -433,15 +440,18 @@ int main( pub_part_property_policy.properties().emplace_back(Property( "dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC")); - pub_part_property_policy.properties().emplace_back( - "rtps.participant.rtps_protection_kind", - "ENCRYPT"); - pub_property_policy.properties().emplace_back( - "rtps.endpoint.submessage_protection_kind", - "ENCRYPT"); - pub_property_policy.properties().emplace_back( - "rtps.endpoint.payload_protection_kind", - "ENCRYPT"); + // Access + pub_part_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", + "builtin.Access-Permissions")); + pub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions_ca", + "file://" + certs_path + "/maincacert.pem")); + pub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.governance", + "file://" + certs_path + "/governance_performance_tests.smime")); + pub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions", + "file://" + certs_path + "/permissions_performance_tests.smime")); } #endif // if HAVE_SECURITY diff --git a/test/performance/video/main_VideoTest.cpp b/test/performance/video/main_VideoTest.cpp index 6f0b3f4f9de..d6657883d74 100644 --- a/test/performance/video/main_VideoTest.cpp +++ b/test/performance/video/main_VideoTest.cpp @@ -410,7 +410,8 @@ int main( option::printUsage(fwrite, stdout, usage, columns); return -1; } - + // Subscriber + // Auth sub_part_property_policy.properties().emplace_back(eprosima::fastdds::rtps::Property("dds.sec.auth.plugin", "builtin.PKI-DH")); sub_part_property_policy.properties().emplace_back(eprosima::fastdds::rtps::Property( @@ -424,10 +425,21 @@ int main( "file://" + certs_path + "/mainsubkey.pem")); sub_part_property_policy.properties().emplace_back(eprosima::fastdds::rtps::Property("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC")); - sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - + // Access + sub_part_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", + "builtin.Access-Permissions")); + sub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions_ca", + "file://" + certs_path + "/maincacert.pem")); + sub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.governance", + "file://" + certs_path + "/governance_performance_tests.smime")); + sub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions", + "file://" + certs_path + "/permissions_performance_tests.smime")); + + // Publisher + // Auth pub_part_property_policy.properties().emplace_back(eprosima::fastdds::rtps::Property("dds.sec.auth.plugin", "builtin.PKI-DH")); pub_part_property_policy.properties().emplace_back(eprosima::fastdds::rtps::Property( @@ -441,9 +453,18 @@ int main( "file://" + certs_path + "/mainpubkey.pem")); pub_part_property_policy.properties().emplace_back(eprosima::fastdds::rtps::Property("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC")); - pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); + // Access + pub_part_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", + "builtin.Access-Permissions")); + pub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions_ca", + "file://" + certs_path + "/maincacert.pem")); + pub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.governance", + "file://" + certs_path + "/governance_performance_tests.smime")); + pub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions", + "file://" + certs_path + "/permissions_performance_tests.smime")); } #endif // if HAVE_SECURITY diff --git a/test/profiling/main_MemoryTest.cpp b/test/profiling/main_MemoryTest.cpp index 5cbd9ccec5e..f7515346341 100644 --- a/test/profiling/main_MemoryTest.cpp +++ b/test/profiling/main_MemoryTest.cpp @@ -394,6 +394,8 @@ int main( return -1; } + // Subscriber + // Auth sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", "builtin.PKI-DH")); sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", @@ -404,10 +406,21 @@ int main( "file://" + certs_path + "/mainsubkey.pem")); sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC")); - sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); - + // Access + sub_part_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", + "builtin.Access-Permissions")); + sub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions_ca", + "file://" + certs_path + "/maincacert.pem")); + sub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.governance", + "file://" + certs_path + "/governance_performance_tests.smime")); + sub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions", + "file://" + certs_path + "/permissions_performance_tests.smime")); + + // Publisher + // Auth pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", "builtin.PKI-DH")); pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", @@ -418,9 +431,18 @@ int main( "file://" + certs_path + "/mainpubkey.pem")); pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC")); - pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); - pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); + // Access + pub_part_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", + "builtin.Access-Permissions")); + pub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions_ca", + "file://" + certs_path + "/maincacert.pem")); + pub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.governance", + "file://" + certs_path + "/governance_performance_tests.smime")); + pub_part_property_policy.properties().emplace_back(Property( + "dds.sec.access.builtin.Access-Permissions.permissions", + "file://" + certs_path + "/permissions_performance_tests.smime")); } #endif // if HAVE_SECURITY