diff --git a/src/cpp/security/authentication/PKIDH.cpp b/src/cpp/security/authentication/PKIDH.cpp index 2f9fd725809..cd807f75b8d 100644 --- a/src/cpp/security/authentication/PKIDH.cpp +++ b/src/cpp/security/authentication/PKIDH.cpp @@ -55,6 +55,7 @@ #include #include +#include #define S1(x) #x #define S2(x) S1(x) @@ -1051,6 +1052,37 @@ ValidationResult_t PKIDH::validate_local_identity( password = &empty_password; } + std::string key_agreement_algorithm = DH_2048_256; + std::string* key_agreement_property = + PropertyPolicyHelper::find_property(auth_properties, "preferred_key_agreement"); + if (nullptr != key_agreement_property) + { + const std::pair key_agreement_allowed_values[] = { + {DH_2048_256, DH_2048_256}, + {ECDH_prime256v1, ECDH_prime256v1}, + {"ECDH", ECDH_prime256v1}, + {"DH", DH_2048_256}, + {"AUTO", "AUTO"} + }; + + key_agreement_algorithm = ""; + for (const auto& allowed_value : key_agreement_allowed_values) + { + if (key_agreement_property->compare(allowed_value.first) == 0) + { + key_agreement_algorithm = allowed_value.second; + break; + } + } + + if (key_agreement_algorithm.empty()) + { + exception = _SecurityException_("Invalid key agreement algorithm '" + *key_agreement_property + "'"); + EMERGENCY_SECURITY_LOGGING("PKIDH", exception.what()); + return ValidationResult_t::VALIDATION_FAILED; + } + } + PKIIdentityHandle* ih = &PKIIdentityHandle::narrow(*get_identity_handle(exception)); (*ih)->store_ = load_identity_ca(*identity_ca, (*ih)->there_are_crls_, (*ih)->sn, (*ih)->algo, @@ -1060,6 +1092,20 @@ ValidationResult_t PKIDH::validate_local_identity( { ERR_clear_error(); + if (key_agreement_algorithm == "AUTO") + { + if ((*ih)->algo == RSA_SHA256) + { + key_agreement_algorithm = DH_2048_256; + } + else + { + key_agreement_algorithm = ECDH_prime256v1; + } + } + + (*ih)->kagree_alg_ = key_agreement_algorithm; + if (identity_crl != nullptr) { X509_CRL* crl = load_crl(*identity_crl, exception); @@ -1266,7 +1312,6 @@ ValidationResult_t PKIDH::begin_handshake_request( bproperty.propagate(true); (*handshake_handle_aux)->handshake_message_.binary_properties().push_back(std::move(bproperty)); - // TODO(Ricardo) Only support right now DH+MODP-2048-256 // c.kagree_algo. bproperty.name("c.kagree_algo"); bproperty.value().assign(lih->kagree_alg_.begin(), @@ -1636,7 +1681,6 @@ ValidationResult_t PKIDH::begin_handshake_reply( bproperty.propagate(true); (*handshake_handle_aux)->handshake_message_.binary_properties().push_back(std::move(bproperty)); - // TODO(Ricardo) Only support right now DH+MODP-2048-256 // c.kagree_algo. bproperty.name("c.kagree_algo"); bproperty.value().assign((*handshake_handle_aux)->kagree_alg_.begin(), diff --git a/test/blackbox/common/BlackboxTestsSecurity.cpp b/test/blackbox/common/BlackboxTestsSecurity.cpp index 05e1d60fea3..85e34e667e4 100644 --- a/test/blackbox/common/BlackboxTestsSecurity.cpp +++ b/test/blackbox/common/BlackboxTestsSecurity.cpp @@ -21,6 +21,8 @@ #include #include +#include + #include #include #include @@ -28,7 +30,6 @@ #include #include #include -#include #include "../utils/filter_helpers.hpp" #include "PubSubParticipant.hpp" @@ -47,6 +48,72 @@ enum communication_type DATASHARING }; +static void fill_pub_auth( + PropertyPolicy& policy) +{ + policy.properties().emplace_back("dds.sec.auth.plugin", "builtin.PKI-DH"); + policy.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.identity_ca", + "file://" + std::string(certs_path) + "/maincacert.pem"); + policy.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.identity_certificate", + "file://" + std::string(certs_path) + "/mainpubcert.pem"); + policy.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.private_key", + "file://" + std::string(certs_path) + "/mainpubkey.pem"); + + // Select the key agreement algorithm based on process id + switch (static_cast(GET_PID()) % 4u) + { + // Automatic selection + case 1u: + policy.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.preferred_key_agreement", "AUTO"); + break; + // Force DH + case 2u: + policy.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.preferred_key_agreement", "DH"); + break; + // Force ECDH + case 3u: + policy.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.preferred_key_agreement", "ECDH"); + break; + // Leave default + case 0u: + default: + break; + } +} + +static void fill_sub_auth( + PropertyPolicy& policy) +{ + policy.properties().emplace_back("dds.sec.auth.plugin", "builtin.PKI-DH"); + policy.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.identity_ca", + "file://" + std::string(certs_path) + "/maincacert.pem"); + policy.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.identity_certificate", + "file://" + std::string(certs_path) + "/mainsubcert.pem"); + policy.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.private_key", + "file://" + std::string(certs_path) + "/mainsubkey.pem"); + + // Select the key agreement algorithm based on process id + switch (static_cast(GET_PID()) % 4u) + { + // Automatic selection + case 1u: + policy.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.preferred_key_agreement", "AUTO"); + break; + // Force DH + case 2u: + policy.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.preferred_key_agreement", "DH"); + break; + // Force ECDH + case 3u: + policy.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.preferred_key_agreement", "ECDH"); + break; + // Leave default + case 0u: + default: + break; + } +} + class Security : public testing::TestWithParam { public: @@ -240,14 +307,7 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_validation_ok) PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); + fill_sub_auth(sub_property_policy); reader.history_depth(10). reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). @@ -255,14 +315,7 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_validation_ok) ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); + fill_pub_auth(pub_property_policy); writer.history_depth(10). property_policy(pub_property_policy).init(); @@ -296,14 +349,7 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_validation_ok_same_participan PropertyPolicy property_policy; - property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); + fill_pub_auth(property_policy); wreader.sub_history_depth(10).sub_reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS); wreader.pub_history_depth(10); @@ -339,14 +385,7 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_validation_fail) ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); + fill_pub_auth(pub_property_policy); writer.history_depth(10). property_policy(pub_property_policy).init(); @@ -361,15 +400,7 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_validation_fail) PubSubWriter writer(TEST_TOPIC_NAME); PropertyPolicy sub_property_policy; - - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); + fill_sub_auth(sub_property_policy); reader.history_depth(10). reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). @@ -393,14 +424,7 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_lossy_conditions) PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); + fill_sub_auth(sub_property_policy); reader.history_depth(10). reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS). @@ -417,14 +441,7 @@ TEST_P(Security, BuiltinAuthenticationPlugin_PKIDH_lossy_conditions) writer.disable_builtin_transport(); writer.add_user_transport_to_pparams(testTransport); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); + fill_pub_auth(pub_property_policy); writer.history_depth(10). property_policy(pub_property_policy).init(); @@ -537,13 +554,7 @@ TEST(Security, BuiltinAuthenticationPlugin_second_participant_creation_loop) // Prepare participant properties PropertyPolicy property_policy; - property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", "builtin.PKI-DH")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); + fill_pub_auth(property_policy); // Create the participant being checked PubSubReader main_participant("HelloWorldTopic"); @@ -615,13 +626,7 @@ TEST_P(Security, BuiltinAuthenticationPlugin_ensure_same_guid_reconnection) // Prepare participant properties PropertyPolicy property_policy; - property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", "builtin.PKI-DH")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); + fill_pub_auth(property_policy); // Create the participant being checked PubSubWriter main_participant("HelloWorldTopic"); @@ -665,16 +670,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_rtps_ok) PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -682,16 +679,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_rtps_ok) ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -737,16 +726,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_shm_transport_ok) PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -754,16 +735,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_shm_transport_ok) ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -811,16 +784,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_shm_udp_transport_ok) PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -828,16 +793,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_shm_udp_transport_ok) ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -873,16 +830,8 @@ TEST(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_rtps_ok) PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -891,16 +840,8 @@ TEST(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_rtps_ok) ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -933,19 +874,10 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_rtps_ok_same_participant) { PubSubWriterReader wreader(TEST_TOPIC_NAME); - PropertyPolicy pub_property_policy, sub_property_policy, - property_policy; + PropertyPolicy property_policy; - property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(property_policy); + property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); wreader.pub_history_depth(10).sub_history_depth(10).sub_reliability(eprosima::fastdds::dds::RELIABLE_RELIABILITY_QOS) @@ -976,16 +908,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_large_string) PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -993,16 +917,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_large_string) ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -1038,16 +954,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_rtps_large_string PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -1056,16 +964,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_rtps_large_string ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -1100,16 +1000,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_rtps_data300kb) PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); reader.history_depth(5). @@ -1117,16 +1009,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_rtps_data300kb) ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); // When doing fragmentation, it is necessary to have some degree of @@ -1170,16 +1054,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_rtps_data300kb) PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); reader.history_depth(5). @@ -1188,16 +1064,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_rtps_data300kb) ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); // When doing fragmentation, it is necessary to have some degree of @@ -1241,16 +1109,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_submessage_ok) PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -1259,16 +1119,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_submessage_ok) ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -1306,16 +1158,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_submessage_ok) PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -1325,16 +1169,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_submessage_ok) ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -1371,16 +1207,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_submessage_ok_same_partici PropertyPolicy pub_property_policy, sub_property_policy, property_policy; - property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); @@ -1415,16 +1243,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_submessage_larg PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -1433,16 +1253,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_submessage_larg ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -1480,16 +1292,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_submessage_large_ PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -1499,16 +1303,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_submessage_large_ ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -1545,16 +1341,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_submessage_data PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); reader.history_depth(5). @@ -1563,16 +1351,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_submessage_data ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); // When doing fragmentation, it is necessary to have some degree of @@ -1618,16 +1398,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_submessage_data30 PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); reader.history_depth(5). @@ -1637,16 +1409,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_submessage_data30 ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); // When doing fragmentation, it is necessary to have some degree of @@ -1691,16 +1455,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_payload_ok) PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -1709,16 +1465,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_payload_ok) ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -1756,16 +1504,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_payload_ok) PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -1775,16 +1515,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_payload_ok) ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -1821,16 +1553,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_payload_ok_same_participan PropertyPolicy pub_property_policy, sub_property_policy, property_policy; - property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(property_policy); + property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -1863,15 +1587,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_payload_ok_same_participan PropertyPolicy pub_property_policy, sub_property_policy, property_policy; - property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", "builtin.PKI-DH")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(property_policy); + property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -1906,16 +1623,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_payload_large_s PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -1924,16 +1633,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_payload_large_s ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -1971,16 +1672,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_payload_large_str PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); reader.history_depth(10). @@ -1990,16 +1683,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_payload_large_str ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); writer.history_depth(10). @@ -2036,16 +1721,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_payload_data300 PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); reader.history_depth(5). @@ -2054,16 +1731,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_payload_data300 ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); // When doing fragmentation, it is necessary to have some degree of @@ -2109,16 +1778,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_payload_data300kb PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); reader.history_depth(5). @@ -2128,16 +1789,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_payload_data300kb ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); // When doing fragmentation, it is necessary to have some degree of @@ -2182,16 +1835,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_all_ok) PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2202,16 +1847,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_all_ok) ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2251,16 +1888,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_all_ok) PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2272,16 +1901,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_all_ok) ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2320,16 +1941,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_all_large_strin PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2340,16 +1953,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_all_large_strin ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2389,16 +1994,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_all_large_string) PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2410,16 +2007,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_all_large_string) ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2458,16 +2047,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_all_data300kb) PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2478,16 +2059,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_besteffort_all_data300kb) ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2535,16 +2108,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_all_data300kb) PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2556,16 +2121,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_all_data300kb) ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2613,16 +2170,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_all_data300kb_mix PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2634,16 +2183,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_reliable_all_data300kb_mix ASSERT_TRUE(reader.isInitialized()); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2690,16 +2231,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_user_data) PropertyPolicy pub_part_property_policy, sub_part_property_policy, pub_property_policy, sub_property_policy; - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_part_property_policy); + pub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); pub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2711,16 +2244,8 @@ TEST_P(Security, BuiltinAuthenticationAndCryptoPlugin_user_data) ASSERT_TRUE(writer.isInitialized()); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_part_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_part_property_policy); + sub_part_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_part_property_policy.properties().emplace_back("rtps.participant.rtps_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.submessage_protection_kind", "ENCRYPT"); sub_property_policy.properties().emplace_back("rtps.endpoint.payload_protection_kind", "ENCRYPT"); @@ -2771,16 +2296,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_governance_rule_o PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); sub_property_policy.properties().emplace_back(Property( @@ -2797,16 +2314,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_governance_rule_o ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); pub_property_policy.properties().emplace_back(Property( @@ -2853,16 +2362,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_governance_rule_o PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); sub_property_policy.properties().emplace_back(Property( @@ -2877,16 +2378,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_governance_rule_o ASSERT_FALSE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); pub_property_policy.properties().emplace_back(Property( @@ -2910,16 +2403,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_multiple_endpoint std::string permissions_file("permissions_helloworld.smime"); PropertyPolicy pub_property_policy; - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); pub_property_policy.properties().emplace_back(Property( @@ -2940,16 +2425,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_multiple_endpoint ASSERT_TRUE(publishers.init_publisher(1u)); PropertyPolicy sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); sub_property_policy.properties().emplace_back(Property( @@ -2994,16 +2471,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_valid PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); sub_property_policy.properties().emplace_back(Property( @@ -3018,16 +2487,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_valid property_policy(sub_property_policy).init(); ASSERT_FALSE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); pub_property_policy.properties().emplace_back(Property( @@ -3052,16 +2513,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_valid PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); sub_property_policy.properties().emplace_back(Property( @@ -3078,16 +2531,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_valid ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); pub_property_policy.properties().emplace_back(Property( @@ -3135,16 +2580,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_valid PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); sub_property_policy.properties().emplace_back(Property( @@ -3159,16 +2596,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_valid property_policy(sub_property_policy).init(); ASSERT_FALSE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); pub_property_policy.properties().emplace_back(Property( @@ -3193,16 +2622,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_valid PropertyPolicy pub_property_policy, sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); sub_property_policy.properties().emplace_back(Property( @@ -3220,16 +2641,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_valid ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); pub_property_policy.properties().emplace_back(Property( @@ -3278,16 +2691,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_valid // Prepare subscriptions security properties PropertyPolicy sub_property_policy; - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); sub_property_policy.properties().emplace_back(Property( @@ -3313,16 +2718,8 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_valid // Prepare publication security properties PropertyPolicy pub_property_policy; - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); pub_property_policy.properties().emplace_back(Property( @@ -3401,8 +2798,7 @@ void prepare_pkcs11_nodes( "file://" + std::string(certs_path) + "/mainsubcert.pem")); sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", reader_private_key_url)); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); sub_property_policy.properties().emplace_back(Property( @@ -3425,8 +2821,7 @@ void prepare_pkcs11_nodes( "file://" + std::string(certs_path) + "/mainpubcert.pem")); pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", writer_private_key_url)); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); pub_property_policy.properties().emplace_back(Property( @@ -3535,16 +2930,8 @@ static void CommonPermissionsConfigure( const PropertyPolicy& extra_properties) { PropertyPolicy sub_property_policy(extra_properties); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(sub_property_policy); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions_ca", @@ -3565,16 +2952,8 @@ static void CommonPermissionsConfigure( { PropertyPolicy pub_property_policy(extra_properties); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions_ca", @@ -3647,21 +3026,14 @@ TEST_P(Security, RemoveParticipantProxyDataonSecurityManagerLeaseExpired_validat PropertyPolicy property_policy; - property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(property_policy); + + property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); property_policy.properties().emplace_back(Property( "dds.sec.access.builtin.Access-Permissions.permissions_ca", "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); property_policy.properties().emplace_back(Property( "dds.sec.access.builtin.Access-Permissions.governance", "file://" + std::string(certs_path) + "/" + governance_file)); @@ -3684,21 +3056,13 @@ TEST_P(Security, RemoveParticipantProxyDataonSecurityManagerLeaseExpired_validat PropertyPolicy property_policy; - property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(property_policy); + property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); property_policy.properties().emplace_back(Property( "dds.sec.access.builtin.Access-Permissions.permissions_ca", "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); property_policy.properties().emplace_back(Property( "dds.sec.access.builtin.Access-Permissions.governance", "file://" + std::string(certs_path) + "/" + governance_file)); @@ -3777,16 +3141,8 @@ TEST(Security, AllowUnauthenticatedParticipants_EntityCreationFailsIfRTPSProtect PropertyPolicy property_policy; - property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(property_policy); + property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); property_policy.properties().emplace_back(Property( @@ -3821,8 +3177,7 @@ TEST(Security, AllowUnauthenticatedParticipants_TwoSecureParticipantsWithDiffere "file://" + std::string(certs_path) + "/othersubcert.pem")); sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", "file://" + std::string(certs_path) + "/othersubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions_ca", @@ -3838,16 +3193,8 @@ TEST(Security, AllowUnauthenticatedParticipants_TwoSecureParticipantsWithDiffere ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions_ca", @@ -3903,8 +3250,7 @@ TEST(Security, AllowUnauthenticatedParticipants_TwoParticipantsDifferentCertific "file://" + std::string(certs_path) + "/othersubcert.pem")); sub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", "file://" + std::string(certs_path) + "/othersubkey.pem")); - sub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + sub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); sub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); sub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions_ca", @@ -3921,16 +3267,8 @@ TEST(Security, AllowUnauthenticatedParticipants_TwoParticipantsDifferentCertific ASSERT_TRUE(reader.isInitialized()); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainpubcert.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainpubkey.pem")); - pub_property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_pub_auth(pub_property_policy); + pub_property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); pub_property_policy.properties().emplace_back(Property("dds.sec.access.plugin", "builtin.Access-Permissions")); pub_property_policy.properties().emplace_back(Property("dds.sec.access.builtin.Access-Permissions.permissions_ca", @@ -4933,16 +4271,8 @@ TEST(Security, ValidateAuthenticationHandshakePropertiesParsing) PropertyPolicy property_policy; - property_policy.properties().emplace_back(Property("dds.sec.auth.plugin", - "builtin.PKI-DH")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_ca", - "file://" + std::string(certs_path) + "/maincacert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.identity_certificate", - "file://" + std::string(certs_path) + "/mainsubcert.pem")); - property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.private_key", - "file://" + std::string(certs_path) + "/mainsubkey.pem")); - property_policy.properties().emplace_back(Property("dds.sec.crypto.plugin", - "builtin.AES-GCM-GMAC")); + fill_sub_auth(property_policy); + property_policy.properties().emplace_back("dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC"); // max_handshake_requests out of bounds property_policy.properties().emplace_back(Property("dds.sec.auth.builtin.PKI-DH.max_handshake_requests", diff --git a/test/dds/communication/security/secure_msg_crypto_besteffort_pub_profile.xml b/test/dds/communication/security/secure_msg_crypto_besteffort_pub_profile.xml index f022141dbbc..2cddd15de17 100644 --- a/test/dds/communication/security/secure_msg_crypto_besteffort_pub_profile.xml +++ b/test/dds/communication/security/secure_msg_crypto_besteffort_pub_profile.xml @@ -34,6 +34,10 @@ dds.sec.auth.builtin.PKI-DH.private_key file://mainpubkey.pem + + dds.sec.auth.builtin.PKI-DH.preferred_key_agreement + ECDH + dds.sec.crypto.plugin diff --git a/test/dds/communication/security/secure_msg_submsg_crypto_besteffort_pub_profile.xml b/test/dds/communication/security/secure_msg_submsg_crypto_besteffort_pub_profile.xml index 52893db85ad..02fd757d5a7 100644 --- a/test/dds/communication/security/secure_msg_submsg_crypto_besteffort_pub_profile.xml +++ b/test/dds/communication/security/secure_msg_submsg_crypto_besteffort_pub_profile.xml @@ -33,6 +33,10 @@ dds.sec.auth.builtin.PKI-DH.private_key file://mainpubkey.pem + + dds.sec.auth.builtin.PKI-DH.preferred_key_agreement + DH + dds.sec.crypto.plugin diff --git a/test/dds/communication/security/secure_msg_submsg_crypto_besteffort_sub_profile.xml b/test/dds/communication/security/secure_msg_submsg_crypto_besteffort_sub_profile.xml index aa75b05141b..1c8fa308501 100644 --- a/test/dds/communication/security/secure_msg_submsg_crypto_besteffort_sub_profile.xml +++ b/test/dds/communication/security/secure_msg_submsg_crypto_besteffort_sub_profile.xml @@ -33,6 +33,10 @@ dds.sec.auth.builtin.PKI-DH.private_key file://mainsubkey.pem + + dds.sec.auth.builtin.PKI-DH.preferred_key_agreement + ECDH + dds.sec.crypto.plugin diff --git a/test/dds/communication/security/secure_submsg_crypto_besteffort_pub_profile.xml b/test/dds/communication/security/secure_submsg_crypto_besteffort_pub_profile.xml index 980504e7765..c2e965d58ac 100644 --- a/test/dds/communication/security/secure_submsg_crypto_besteffort_pub_profile.xml +++ b/test/dds/communication/security/secure_submsg_crypto_besteffort_pub_profile.xml @@ -33,6 +33,10 @@ dds.sec.auth.builtin.PKI-DH.private_key file://mainpubkey.pem + + dds.sec.auth.builtin.PKI-DH.preferred_key_agreement + ECDH + dds.sec.crypto.plugin diff --git a/test/dds/communication/security/secure_submsg_crypto_besteffort_sub_profile.xml b/test/dds/communication/security/secure_submsg_crypto_besteffort_sub_profile.xml index 1620727e044..1b0e60bf40b 100644 --- a/test/dds/communication/security/secure_submsg_crypto_besteffort_sub_profile.xml +++ b/test/dds/communication/security/secure_submsg_crypto_besteffort_sub_profile.xml @@ -33,6 +33,10 @@ dds.sec.auth.builtin.PKI-DH.private_key file://mainsubkey.pem + + dds.sec.auth.builtin.PKI-DH.preferred_key_agreement + DH + dds.sec.crypto.plugin diff --git a/test/dds/communication/security/simple_secure_besteffort_pub_profile.xml b/test/dds/communication/security/simple_secure_besteffort_pub_profile.xml index 22cc6eb66f4..810290c344b 100644 --- a/test/dds/communication/security/simple_secure_besteffort_pub_profile.xml +++ b/test/dds/communication/security/simple_secure_besteffort_pub_profile.xml @@ -26,6 +26,10 @@ dds.sec.auth.builtin.PKI-DH.private_key file://mainpubkey.pem + + dds.sec.auth.builtin.PKI-DH.preferred_key_agreement + ECDH + dds.sec.access.plugin diff --git a/test/dds/communication/security/simple_secure_besteffort_sub_profile.xml b/test/dds/communication/security/simple_secure_besteffort_sub_profile.xml index f3ab9d334d3..856454aef12 100644 --- a/test/dds/communication/security/simple_secure_besteffort_sub_profile.xml +++ b/test/dds/communication/security/simple_secure_besteffort_sub_profile.xml @@ -26,6 +26,10 @@ dds.sec.auth.builtin.PKI-DH.private_key file://mainsubkey.pem + + dds.sec.auth.builtin.PKI-DH.preferred_key_agreement + DH + dds.sec.access.plugin diff --git a/test/unittest/security/authentication/AuthenticationPluginTests.hpp b/test/unittest/security/authentication/AuthenticationPluginTests.hpp index e0aa5e610a8..77cdcff87e3 100644 --- a/test/unittest/security/authentication/AuthenticationPluginTests.hpp +++ b/test/unittest/security/authentication/AuthenticationPluginTests.hpp @@ -165,6 +165,7 @@ TEST_F(AuthenticationPluginTest, handshake_process_ok) ValidationResult_t::VALIDATION_FAILED; participant_attr.properties = get_valid_policy(); + participant_attr.properties.properties().emplace_back("dds.sec.auth.builtin.PKI-DH.preferred_key_agreement", "DH"); result = plugin.validate_local_identity(&local_identity_handle1, adjusted_participant_key1, diff --git a/test/unittest/security/authentication/BuiltinPKIDHTests.cpp b/test/unittest/security/authentication/BuiltinPKIDHTests.cpp index ec7a4181286..5ce715ae0cd 100644 --- a/test/unittest/security/authentication/BuiltinPKIDHTests.cpp +++ b/test/unittest/security/authentication/BuiltinPKIDHTests.cpp @@ -402,6 +402,75 @@ void AuthenticationPluginTest::check_shared_secrets( ASSERT_TRUE(*sharedsecret_1 == *sharedsecret_2); } +TEST_F(AuthenticationPluginTest, validate_local_identity_kagree_algo) +{ + const std::string correct_values[] = + { + "DH", + "ECDH", + "DH+MODP-2048-256", + "ECDH+prime256v1-CEUM" + }; + + const std::string wrong_values[] = + { + "RSA+MODP-2048-256", + "ECDH+MODP-2048-256", + "RSA", + "ECDH+prime256v1", + "unknown", + "" + }; + + auto test_fn = [this]( + const std::string& alg, + ValidationResult_t expected_result) -> void + { + IdentityHandle* local_identity_handle = nullptr; + GUID_t adjusted_participant_key; + uint32_t domain_id = 0; + RTPSParticipantAttributes participant_attr; + GUID_t candidate_participant_key; + SecurityException exception; + ValidationResult_t result = ValidationResult_t::VALIDATION_FAILED; + + fill_candidate_participant_key(candidate_participant_key); + participant_attr.properties = get_valid_policy(); + participant_attr.properties.properties().emplace_back( + Property("dds.sec.auth.builtin.PKI-DH.preferred_key_agreement", alg)); + result = plugin.validate_local_identity(&local_identity_handle, + adjusted_participant_key, + domain_id, + participant_attr, + candidate_participant_key, + exception); + + ASSERT_TRUE(result == expected_result); + if (ValidationResult_t::VALIDATION_OK == result) + { + ASSERT_TRUE(local_identity_handle != nullptr); + check_local_identity_handle(*local_identity_handle); + ASSERT_TRUE(adjusted_participant_key != GUID_t::unknown()); + ASSERT_TRUE(plugin.return_identity_handle(local_identity_handle, exception)); + } + else + { + ASSERT_TRUE(local_identity_handle == nullptr); + ASSERT_TRUE(adjusted_participant_key == GUID_t::unknown()); + } + }; + + for (const std::string& value : correct_values) + { + test_fn(value, ValidationResult_t::VALIDATION_OK); + } + + for (const std::string& value : wrong_values) + { + test_fn(value, ValidationResult_t::VALIDATION_FAILED); + } +} + TEST_F(AuthenticationPluginTest, validate_local_identity_validation_ok_with_pwd) { IdentityHandle* local_identity_handle = nullptr; diff --git a/versions.md b/versions.md index d1a58c9c0ca..af909201b03 100644 --- a/versions.md +++ b/versions.md @@ -1,6 +1,7 @@ Forthcoming ----------- +* New property to configure the preferred key agreement algorithm. Version v3.1.0 --------------