diff --git a/rcl/CMakeLists.txt b/rcl/CMakeLists.txt
index 7245207e8..a2244cf38 100644
--- a/rcl/CMakeLists.txt
+++ b/rcl/CMakeLists.txt
@@ -58,7 +58,7 @@ set(${PROJECT_NAME}_sources
src/rcl/subscription.c
src/rcl/time.c
src/rcl/timer.c
- src/rcl/validate_security_context_name.c
+ src/rcl/validate_enclave_name.c
src/rcl/validate_topic_name.c
src/rcl/wait.c
)
diff --git a/rcl/include/rcl/arguments.h b/rcl/include/rcl/arguments.h
index e13ace33f..efdad17e7 100644
--- a/rcl/include/rcl/arguments.h
+++ b/rcl/include/rcl/arguments.h
@@ -42,7 +42,8 @@ typedef struct rcl_arguments_t
#define RCL_PARAM_FILE_FLAG "--params-file"
#define RCL_REMAP_FLAG "--remap"
#define RCL_SHORT_REMAP_FLAG "-r"
-#define RCL_SECURITY_CONTEXT_FLAG "--security-context"
+#define RCL_ENCLAVE_FLAG "--enclave"
+#define RCL_SHORT_ENCLAVE_FLAG "-e"
#define RCL_LOG_LEVEL_FLAG "--log-level"
#define RCL_EXTERNAL_LOG_CONFIG_FLAG "--log-config-file"
// To be prefixed with --enable- or --disable-
diff --git a/rcl/include/rcl/graph.h b/rcl/include/rcl/graph.h
index 6614d9fb7..1a53162c4 100644
--- a/rcl/include/rcl/graph.h
+++ b/rcl/include/rcl/graph.h
@@ -441,9 +441,9 @@ rcl_get_node_names(
rcutils_string_array_t * node_names,
rcutils_string_array_t * node_namespaces);
-/// Return a list of available nodes in the ROS graph, including their security context names.
+/// Return a list of available nodes in the ROS graph, including their enclave names.
/**
- * An \ref rcl_get_node_names equivalent, but including in its output the security context
+ * An \ref rcl_get_node_names equivalent, but including in its output the enclave
* name the node is using.
*
*
@@ -459,7 +459,7 @@ rcl_get_node_names(
* \param[in] allocator used to control allocation and deallocation of names
* \param[out] node_names struct storing discovered node names
* \param[out] node_namesspaces struct storing discovered node namespaces
- * \param[out] security_contexts struct storing discovered node security contexts
+ * \param[out] enclaves struct storing discovered node enclaves
* \return `RCL_RET_OK` if the query was successful, or
* \return `RCL_RET_BAD_ALLOC` if an error occurred while allocating memory, or
* \return `RCL_RET_ERROR` if an unspecified error occurs.
@@ -467,12 +467,12 @@ rcl_get_node_names(
RCL_PUBLIC
RCL_WARN_UNUSED
rcl_ret_t
-rcl_get_node_names_with_security_contexts(
+rcl_get_node_names_with_enclaves(
const rcl_node_t * node,
rcl_allocator_t allocator,
rcutils_string_array_t * node_names,
rcutils_string_array_t * node_namespaces,
- rcutils_string_array_t * security_contexts);
+ rcutils_string_array_t * enclaves);
/// Return the number of publishers on a given topic.
/**
diff --git a/rcl/include/rcl/security.h b/rcl/include/rcl/security.h
index ac570d2c0..f4f9fe743 100644
--- a/rcl/include/rcl/security.h
+++ b/rcl/include/rcl/security.h
@@ -92,9 +92,9 @@ RCL_PUBLIC
rcl_ret_t
rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy);
-/// Return the secure root given a security context name.
+/// Return the secure root given a enclave name.
/**
- * Return the security directory associated with the security context name.
+ * Return the security directory associated with the enclave name.
*
* The value of the environment variable `ROS_SECURITY_ROOT_DIRECTORY` is used as a root.
* The specific directory to be used, is found from that root using the `name` passed.
@@ -104,7 +104,7 @@ rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy);
* However, this expansion can be overridden by setting the secure directory override environment
* (`ROS_SECURITY_DIRECTORY_OVERRIDE`) variable, allowing users to explicitly specify the exact secure
* root directory to be utilized.
- * Such an override is useful for applications where the security context is non-deterministic
+ * Such an override is useful for applications where the enclave is non-deterministic
* before runtime, or when testing and using additional tools that may not otherwise be easily
* provisioned.
*
diff --git a/rcl/include/rcl/validate_security_context_name.h b/rcl/include/rcl/validate_enclave_name.h
similarity index 55%
rename from rcl/include/rcl/validate_security_context_name.h
rename to rcl/include/rcl/validate_enclave_name.h
index ceb5c3756..68e15e76e 100644
--- a/rcl/include/rcl/validate_security_context_name.h
+++ b/rcl/include/rcl/validate_enclave_name.h
@@ -12,8 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-#ifndef RCL__VALIDATE_SECURITY_CONTEXT_NAME_H_
-#define RCL__VALIDATE_SECURITY_CONTEXT_NAME_H_
+#ifndef RCL__VALIDATE_ENCLAVE_NAME_H_
+#define RCL__VALIDATE_ENCLAVE_NAME_H_
#ifdef __cplusplus
extern "C"
@@ -27,27 +27,27 @@ extern "C"
#include "rcl/types.h"
#include "rcl/visibility_control.h"
-#define RCL_SECURITY_CONTEXT_NAME_VALID RMW_NAMESPACE_VALID
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_IS_EMPTY_STRING RMW_NAMESPACE_INVALID_IS_EMPTY_STRING
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_NOT_ABSOLUTE RMW_NAMESPACE_INVALID_NOT_ABSOLUTE
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_ENDS_WITH_FORWARD_SLASH \
+#define RCL_ENCLAVE_NAME_VALID RMW_NAMESPACE_VALID
+#define RCL_ENCLAVE_NAME_INVALID_IS_EMPTY_STRING RMW_NAMESPACE_INVALID_IS_EMPTY_STRING
+#define RCL_ENCLAVE_NAME_INVALID_NOT_ABSOLUTE RMW_NAMESPACE_INVALID_NOT_ABSOLUTE
+#define RCL_ENCLAVE_NAME_INVALID_ENDS_WITH_FORWARD_SLASH \
RMW_NAMESPACE_INVALID_ENDS_WITH_FORWARD_SLASH
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS \
+#define RCL_ENCLAVE_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS \
RMW_NAMESPACE_INVALID_CONTAINS_UNALLOWED_CHARACTERS
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH \
+#define RCL_ENCLAVE_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH \
RMW_NAMESPACE_INVALID_CONTAINS_REPEATED_FORWARD_SLASH
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER \
+#define RCL_ENCLAVE_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER \
RMW_NAMESPACE_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_TOO_LONG RMW_NAMESPACE_INVALID_TOO_LONG
+#define RCL_ENCLAVE_NAME_INVALID_TOO_LONG RMW_NAMESPACE_INVALID_TOO_LONG
-#define RCL_SECURITY_CONTEXT_NAME_MAX_LENGTH RMW_NODE_NAME_MAX_NAME_LENGTH
+#define RCL_ENCLAVE_NAME_MAX_LENGTH RMW_NODE_NAME_MAX_NAME_LENGTH
-/// Determine if a given security context name is valid.
+/// Determine if a given enclave name is valid.
/**
* The same rules as \ref rmw_validate_namespace are used.
* The only difference is in the maximum allowed length, which can be up to 255 characters.
*
- * \param[in] security_context security_context to be validated
+ * \param[in] enclave enclave to be validated
* \param[out] validation_result int in which the result of the check is stored
* \param[out] invalid_index index of the input string where an error occurred
* \returns `RMW_RET_OK` on successfully running the check, or
@@ -57,35 +57,35 @@ extern "C"
RCL_PUBLIC
RCL_WARN_UNUSED
rcl_ret_t
-rcl_validate_security_context_name(
- const char * security_context,
+rcl_validate_enclave_name(
+ const char * enclave,
int * validation_result,
size_t * invalid_index);
-/// Deterimine if a given security context name is valid.
+/// Deterimine if a given enclave name is valid.
/**
- * This is an overload of \ref rcl_validate_security_context_name with an extra parameter
- * for the length of security_context.
+ * This is an overload of \ref rcl_validate_enclave_name with an extra parameter
+ * for the length of enclave.
*
- * \param[in] security_context The number of characters in security_context.
+ * \param[in] enclave The number of characters in enclave.
*/
RCL_PUBLIC
RCL_WARN_UNUSED
rcl_ret_t
-rcl_validate_security_context_name_with_size(
- const char * security_context,
- size_t security_context_length,
+rcl_validate_enclave_name_with_size(
+ const char * enclave,
+ size_t enclave_length,
int * validation_result,
size_t * invalid_index);
-/// Return a validation result description, or NULL if unknown or RCL_SECURITY_CONTEXT_NAME_VALID.
+/// Return a validation result description, or NULL if unknown or RCL_ENCLAVE_NAME_VALID.
RCL_PUBLIC
RCL_WARN_UNUSED
const char *
-rcl_security_context_name_validation_result_string(int validation_result);
+rcl_enclave_name_validation_result_string(int validation_result);
#ifdef __cplusplus
}
#endif
-#endif // RCL__VALIDATE_SECURITY_CONTEXT_NAME_H_
+#endif // RCL__VALIDATE_ENCLAVE_NAME_H_
diff --git a/rcl/src/rcl/arguments.c b/rcl/src/rcl/arguments.c
index 9bb3cdf62..20db3a594 100644
--- a/rcl/src/rcl/arguments.c
+++ b/rcl/src/rcl/arguments.c
@@ -190,21 +190,21 @@ _rcl_parse_param_file(
rcl_params_t * params,
char ** param_file);
-/// Parse a security context argument.
+/// Parse an enclave argument.
/**
* \param[in] arg the argument to parse
* \param[in] allocator an allocator to use
- * \param[in,out] security_context parsed security context
- * \return RCL_RET_OK if a valid security context was parsed, or
+ * \param[in,out] enclave parsed security enclave
+ * \return RCL_RET_OK if a valid security enclave was parsed, or
* \return RCL_RET_BAD_ALLOC if an allocation failed, or
* \return RLC_RET_ERROR if an unspecified error occurred.
*/
RCL_LOCAL
rcl_ret_t
-_rcl_parse_security_context(
+_rcl_parse_enclave(
const char * arg,
rcl_allocator_t allocator,
- char ** security_context);
+ char ** enclave);
#define RCL_ENABLE_FLAG_PREFIX "--enable-"
#define RCL_DISABLE_FLAG_PREFIX "--disable-"
@@ -495,33 +495,33 @@ rcl_parse_arguments(
goto fail;
}
- // Attempt to parse argument as a security context
- if (strcmp(RCL_SECURITY_CONTEXT_FLAG, argv[i]) == 0) {
+ // Attempt to parse argument as a security enclave
+ if (strcmp(RCL_ENCLAVE_FLAG, argv[i]) == 0 || strcmp(RCL_SHORT_ENCLAVE_FLAG, argv[i]) == 0) {
if (i + 1 < argc) {
- if (NULL != args_impl->security_context) {
+ if (NULL != args_impl->enclave) {
RCUTILS_LOG_DEBUG_NAMED(
- ROS_PACKAGE_NAME, "Overriding security context name : %s\n",
- args_impl->security_context);
- allocator.deallocate(args_impl->security_context, allocator.state);
- args_impl->security_context = NULL;
+ ROS_PACKAGE_NAME, "Overriding security enclave : %s\n",
+ args_impl->enclave);
+ allocator.deallocate(args_impl->enclave, allocator.state);
+ args_impl->enclave = NULL;
}
- if (RCL_RET_OK == _rcl_parse_security_context(
- argv[i + 1], allocator, &args_impl->security_context))
+ if (RCL_RET_OK == _rcl_parse_enclave(
+ argv[i + 1], allocator, &args_impl->enclave))
{
RCUTILS_LOG_DEBUG_NAMED(
- ROS_PACKAGE_NAME, "Got security context : %s\n",
- args_impl->security_context);
+ ROS_PACKAGE_NAME, "Got enclave: %s\n",
+ args_impl->enclave);
++i; // Skip flag here, for loop will skip value.
continue;
}
rcl_error_string_t prev_error_string = rcl_get_error_string();
rcl_reset_error();
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
- "Couldn't parse security context name: '%s %s'. Error: %s", argv[i], argv[i + 1],
+ "Couldn't parse enclave name: '%s %s'. Error: %s", argv[i], argv[i + 1],
prev_error_string.str);
} else {
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
- "Couldn't parse trailing %s flag. No security context path provided.", argv[i]);
+ "Couldn't parse trailing %s flag. No enclave path provided.", argv[i]);
}
ret = RCL_RET_INVALID_ROS_ARGS;
goto fail;
@@ -920,16 +920,16 @@ rcl_arguments_copy(
}
}
}
- char * security_context_copy = rcutils_strdup(args->impl->security_context, allocator);
- if (args->impl->security_context && !security_context_copy) {
+ char * enclave_copy = rcutils_strdup(args->impl->enclave, allocator);
+ if (args->impl->enclave && !enclave_copy) {
if (RCL_RET_OK != rcl_arguments_fini(args_out)) {
RCL_SET_ERROR_MSG("Error while finalizing arguments due to another error");
} else {
- RCL_SET_ERROR_MSG("Error while copying security context argument");
+ RCL_SET_ERROR_MSG("Error while copying enclave argument");
}
return RCL_RET_BAD_ALLOC;
}
- args_out->impl->security_context = security_context_copy;
+ args_out->impl->enclave = enclave_copy;
return RCL_RET_OK;
}
@@ -977,7 +977,7 @@ rcl_arguments_fini(
args->impl->num_param_files_args = 0;
args->impl->parameter_files = NULL;
}
- args->impl->allocator.deallocate(args->impl->security_context, args->impl->allocator.state);
+ args->impl->allocator.deallocate(args->impl->enclave, args->impl->allocator.state);
if (NULL != args->impl->external_log_config_file) {
args->impl->allocator.deallocate(
@@ -1807,17 +1807,17 @@ _rcl_parse_external_log_config_file(
}
rcl_ret_t
-_rcl_parse_security_context(
+_rcl_parse_enclave(
const char * arg,
rcl_allocator_t allocator,
- char ** security_context)
+ char ** enclave)
{
RCL_CHECK_ARGUMENT_FOR_NULL(arg, RCL_RET_INVALID_ARGUMENT);
- RCL_CHECK_ARGUMENT_FOR_NULL(security_context, RCL_RET_INVALID_ARGUMENT);
+ RCL_CHECK_ARGUMENT_FOR_NULL(enclave, RCL_RET_INVALID_ARGUMENT);
- *security_context = rcutils_strdup(arg, allocator);
- if (NULL == *security_context) {
- RCL_SET_ERROR_MSG("Failed to allocate memory for security context name");
+ *enclave = rcutils_strdup(arg, allocator);
+ if (NULL == *enclave) {
+ RCL_SET_ERROR_MSG("Failed to allocate memory for enclave name");
return RCL_RET_BAD_ALLOC;
}
return RCL_RET_OK;
@@ -1925,7 +1925,7 @@ _rcl_allocate_initialized_arguments_impl(rcl_arguments_t * args, rcl_allocator_t
args_impl->log_stdout_disabled = false;
args_impl->log_rosout_disabled = false;
args_impl->log_ext_lib_disabled = false;
- args_impl->security_context = NULL;
+ args_impl->enclave = NULL;
args_impl->allocator = *allocator;
return RCL_RET_OK;
diff --git a/rcl/src/rcl/arguments_impl.h b/rcl/src/rcl/arguments_impl.h
index b4f3eff04..a7e85dd0f 100644
--- a/rcl/src/rcl/arguments_impl.h
+++ b/rcl/src/rcl/arguments_impl.h
@@ -61,8 +61,8 @@ typedef struct rcl_arguments_impl_t
/// A boolean value indicating if the external lib handler should be used for log output
bool log_ext_lib_disabled;
- /// Security context to be used.
- char * security_context;
+ /// Enclave to be used.
+ char * enclave;
/// Allocator used to allocate objects in this struct
rcl_allocator_t allocator;
diff --git a/rcl/src/rcl/graph.c b/rcl/src/rcl/graph.c
index 767e00083..9fa3be327 100644
--- a/rcl/src/rcl/graph.c
+++ b/rcl/src/rcl/graph.c
@@ -340,12 +340,12 @@ rcl_get_node_names(
}
rcl_ret_t
-rcl_get_node_names_with_security_contexts(
+rcl_get_node_names_with_enclaves(
const rcl_node_t * node,
rcl_allocator_t allocator,
rcutils_string_array_t * node_names,
rcutils_string_array_t * node_namespaces,
- rcutils_string_array_t * security_contexts)
+ rcutils_string_array_t * enclaves)
{
if (!rcl_node_is_valid(node)) {
return RCL_RET_NODE_INVALID; // error already set
@@ -368,21 +368,21 @@ rcl_get_node_names_with_security_contexts(
RCL_SET_ERROR_MSG("node_namespaces is not null");
return RCL_RET_INVALID_ARGUMENT;
}
- RCL_CHECK_ARGUMENT_FOR_NULL(security_contexts, RCL_RET_INVALID_ARGUMENT);
- if (security_contexts->size != 0) {
- RCL_SET_ERROR_MSG("security_contexts size is not zero");
+ RCL_CHECK_ARGUMENT_FOR_NULL(enclaves, RCL_RET_INVALID_ARGUMENT);
+ if (enclaves->size != 0) {
+ RCL_SET_ERROR_MSG("enclaves size is not zero");
return RCL_RET_INVALID_ARGUMENT;
}
- if (security_contexts->data) {
- RCL_SET_ERROR_MSG("security_contexts is not null");
+ if (enclaves->data) {
+ RCL_SET_ERROR_MSG("enclaves is not null");
return RCL_RET_INVALID_ARGUMENT;
}
(void)allocator; // to be used in rmw_get_node_names in the future
- rmw_ret_t rmw_ret = rmw_get_node_names_with_security_contexts(
+ rmw_ret_t rmw_ret = rmw_get_node_names_with_enclaves(
rcl_node_get_rmw_handle(node),
node_names,
node_namespaces,
- security_contexts);
+ enclaves);
return rcl_convert_rmw_ret_to_rcl_ret(rmw_ret);
}
diff --git a/rcl/src/rcl/init.c b/rcl/src/rcl/init.c
index a5151b275..539f02835 100644
--- a/rcl/src/rcl/init.c
+++ b/rcl/src/rcl/init.c
@@ -33,7 +33,7 @@ extern "C"
#include "rcl/localhost.h"
#include "rcl/logging.h"
#include "rcl/security.h"
-#include "rcl/validate_security_context_name.h"
+#include "rcl/validate_enclave_name.h"
#include "./arguments_impl.h"
#include "./common.h"
@@ -174,35 +174,35 @@ rcl_init(
}
}
- if (context->global_arguments.impl->security_context) {
- context->impl->init_options.impl->rmw_init_options.security_context = rcutils_strdup(
- context->global_arguments.impl->security_context,
+ if (context->global_arguments.impl->enclave) {
+ context->impl->init_options.impl->rmw_init_options.enclave = rcutils_strdup(
+ context->global_arguments.impl->enclave,
context->impl->allocator);
} else {
- context->impl->init_options.impl->rmw_init_options.security_context = rcutils_strdup(
+ context->impl->init_options.impl->rmw_init_options.enclave = rcutils_strdup(
"/", context->impl->allocator);
}
int validation_result;
size_t invalid_index;
- ret = rcl_validate_security_context_name(
- context->impl->init_options.impl->rmw_init_options.security_context,
+ ret = rcl_validate_enclave_name(
+ context->impl->init_options.impl->rmw_init_options.enclave,
&validation_result,
&invalid_index);
if (RCL_RET_OK != ret) {
- RCL_SET_ERROR_MSG("rcl_validate_security_context_name() failed");
+ RCL_SET_ERROR_MSG("rcl_validate_enclave_name() failed");
fail_ret = ret;
goto fail;
}
- if (RCL_SECURITY_CONTEXT_NAME_VALID != validation_result) {
+ if (RCL_ENCLAVE_NAME_VALID != validation_result) {
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
- "Security context name is not valid: '%s'. Invalid index: %zu",
- rcl_security_context_name_validation_result_string(validation_result),
+ "Enclave name is not valid: '%s'. Invalid index: %zu",
+ rcl_enclave_name_validation_result_string(validation_result),
invalid_index);
fail_ret = RMW_RET_ERROR;
goto fail;
}
- if (!context->impl->init_options.impl->rmw_init_options.security_context) {
+ if (!context->impl->init_options.impl->rmw_init_options.enclave) {
RCL_SET_ERROR_MSG("failed to set context name");
fail_ret = RMW_RET_BAD_ALLOC;
goto fail;
@@ -211,7 +211,7 @@ rcl_init(
rmw_security_options_t * security_options =
&context->impl->init_options.impl->rmw_init_options.security_options;
ret = rcl_get_security_options_from_environment(
- context->impl->init_options.impl->rmw_init_options.security_context,
+ context->impl->init_options.impl->rmw_init_options.enclave,
&context->impl->allocator,
security_options);
if (RMW_RET_OK != ret) {
diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c
index 820d07ac4..8d18ae76b 100644
--- a/rcl/src/rcl/security.c
+++ b/rcl/src/rcl/security.c
@@ -109,21 +109,21 @@ char * exact_match_lookup(
const char * ros_secure_root_env,
const rcl_allocator_t * allocator)
{
- // Perform an exact match for the context name in directory .
+ // Perform an exact match for the enclave name in directory .
char * secure_root = NULL;
- char * contexts_dir = NULL;
- contexts_dir = rcutils_join_path(ros_secure_root_env, "contexts", *allocator);
+ char * enclaves_dir = NULL;
+ enclaves_dir = rcutils_join_path(ros_secure_root_env, "enclaves", *allocator);
// "/" case when root namespace is explicitly passed in
if (0 == strcmp(name, "/")) {
- secure_root = contexts_dir;
+ secure_root = enclaves_dir;
} else {
char * relative_path = NULL;
// Get native path, ignore the leading forward slash
// TODO(ros2team): remove the hard-coded length, use the length of the root namespace instead
relative_path = rcutils_to_native_path(name + 1, *allocator);
- secure_root = rcutils_join_path(contexts_dir, relative_path, *allocator);
+ secure_root = rcutils_join_path(enclaves_dir, relative_path, *allocator);
allocator->deallocate(relative_path, allocator->state);
- allocator->deallocate(contexts_dir, allocator->state);
+ allocator->deallocate(enclaves_dir, allocator->state);
}
return secure_root;
}
diff --git a/rcl/src/rcl/validate_security_context_name.c b/rcl/src/rcl/validate_enclave_name.c
similarity index 60%
rename from rcl/src/rcl/validate_security_context_name.c
rename to rcl/src/rcl/validate_enclave_name.c
index 655253af3..0db544d3d 100644
--- a/rcl/src/rcl/validate_security_context_name.c
+++ b/rcl/src/rcl/validate_enclave_name.c
@@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-#include "rcl/validate_security_context_name.h"
+#include "rcl/validate_enclave_name.h"
#include
#include
@@ -27,26 +27,26 @@
#include "./common.h"
rcl_ret_t
-rcl_validate_security_context_name(
- const char * security_context,
+rcl_validate_enclave_name(
+ const char * enclave,
int * validation_result,
size_t * invalid_index)
{
- if (!security_context) {
+ if (!enclave) {
return RCL_RET_INVALID_ARGUMENT;
}
- return rcl_validate_security_context_name_with_size(
- security_context, strlen(security_context), validation_result, invalid_index);
+ return rcl_validate_enclave_name_with_size(
+ enclave, strlen(enclave), validation_result, invalid_index);
}
rcl_ret_t
-rcl_validate_security_context_name_with_size(
- const char * security_context,
- size_t security_context_length,
+rcl_validate_enclave_name_with_size(
+ const char * enclave,
+ size_t enclave_length,
int * validation_result,
size_t * invalid_index)
{
- if (!security_context) {
+ if (!enclave) {
return RCL_RET_INVALID_ARGUMENT;
}
if (!validation_result) {
@@ -56,7 +56,7 @@ rcl_validate_security_context_name_with_size(
int tmp_validation_result;
size_t tmp_invalid_index;
rmw_ret_t ret = rmw_validate_namespace_with_size(
- security_context, security_context_length, &tmp_validation_result, &tmp_invalid_index);
+ enclave, enclave_length, &tmp_validation_result, &tmp_invalid_index);
if (ret != RMW_RET_OK) {
return rcl_convert_rmw_ret_to_rcl_ret(ret);
}
@@ -66,22 +66,22 @@ rcl_validate_security_context_name_with_size(
{
switch (tmp_validation_result) {
case RMW_NAMESPACE_INVALID_IS_EMPTY_STRING:
- *validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_IS_EMPTY_STRING;
+ *validation_result = RCL_ENCLAVE_NAME_INVALID_IS_EMPTY_STRING;
break;
case RMW_NAMESPACE_INVALID_NOT_ABSOLUTE:
- *validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_NOT_ABSOLUTE;
+ *validation_result = RCL_ENCLAVE_NAME_INVALID_NOT_ABSOLUTE;
break;
case RMW_NAMESPACE_INVALID_ENDS_WITH_FORWARD_SLASH:
- *validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_ENDS_WITH_FORWARD_SLASH;
+ *validation_result = RCL_ENCLAVE_NAME_INVALID_ENDS_WITH_FORWARD_SLASH;
break;
case RMW_NAMESPACE_INVALID_CONTAINS_UNALLOWED_CHARACTERS:
- *validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS;
+ *validation_result = RCL_ENCLAVE_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS;
break;
case RMW_NAMESPACE_INVALID_CONTAINS_REPEATED_FORWARD_SLASH:
- *validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH;
+ *validation_result = RCL_ENCLAVE_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH;
break;
case RMW_NAMESPACE_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER:
- *validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER;
+ *validation_result = RCL_ENCLAVE_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER;
break;
default:
{
@@ -89,12 +89,12 @@ rcl_validate_security_context_name_with_size(
// explicitly not taking return value which is number of bytes written
int ret = rcutils_snprintf(
default_err_msg, sizeof(default_err_msg),
- "rcl_validate_security_context_name_with_size(): "
+ "rcl_validate_enclave_name_with_size(): "
"unknown rmw_validate_namespace_with_size() result '%d'",
tmp_validation_result);
if (ret < 0) {
RCL_SET_ERROR_MSG(
- "rcl_validate_security_context_name_with_size(): "
+ "rcl_validate_enclave_name_with_size(): "
"rcutils_snprintf() failed while reporting an unknown validation result");
} else {
RCL_SET_ERROR_MSG(default_err_msg);
@@ -108,45 +108,45 @@ rcl_validate_security_context_name_with_size(
return RCL_RET_OK;
}
- // security_context might be longer that namespace length, check false positives and correct
+ // enclave might be longer that namespace length, check false positives and correct
if (RMW_NAMESPACE_INVALID_TOO_LONG == tmp_validation_result) {
- if (RCL_SECURITY_CONTEXT_NAME_MAX_LENGTH >= security_context_length) {
- *validation_result = RCL_SECURITY_CONTEXT_NAME_VALID;
+ if (RCL_ENCLAVE_NAME_MAX_LENGTH >= enclave_length) {
+ *validation_result = RCL_ENCLAVE_NAME_VALID;
} else {
- *validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_TOO_LONG;
+ *validation_result = RCL_ENCLAVE_NAME_INVALID_TOO_LONG;
if (invalid_index) {
- *invalid_index = RCL_SECURITY_CONTEXT_NAME_MAX_LENGTH - 1;
+ *invalid_index = RCL_ENCLAVE_NAME_MAX_LENGTH - 1;
}
}
return RCL_RET_OK;
}
// everything was ok, set result to valid namespace, avoid setting invalid_index, and return
- *validation_result = RCL_SECURITY_CONTEXT_NAME_VALID;
+ *validation_result = RCL_ENCLAVE_NAME_VALID;
return RCL_RET_OK;
}
const char *
-rcl_security_context_name_validation_result_string(int validation_result)
+rcl_enclave_name_validation_result_string(int validation_result)
{
switch (validation_result) {
- case RCL_SECURITY_CONTEXT_NAME_VALID:
+ case RCL_ENCLAVE_NAME_VALID:
return NULL;
- case RCL_SECURITY_CONTEXT_NAME_INVALID_IS_EMPTY_STRING:
+ case RCL_ENCLAVE_NAME_INVALID_IS_EMPTY_STRING:
return "context name must not be empty";
- case RCL_SECURITY_CONTEXT_NAME_INVALID_NOT_ABSOLUTE:
+ case RCL_ENCLAVE_NAME_INVALID_NOT_ABSOLUTE:
return "context name must be absolute, it must lead with a '/'";
- case RCL_SECURITY_CONTEXT_NAME_INVALID_ENDS_WITH_FORWARD_SLASH:
+ case RCL_ENCLAVE_NAME_INVALID_ENDS_WITH_FORWARD_SLASH:
return "context name must not end with a '/', unless only a '/'";
- case RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS:
+ case RCL_ENCLAVE_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS:
return "context name must not contain characters other than alphanumerics, '_', or '/'";
- case RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH:
+ case RCL_ENCLAVE_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH:
return "context name must not contain repeated '/'";
- case RCL_SECURITY_CONTEXT_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER:
+ case RCL_ENCLAVE_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER:
return "context name must not have a token that starts with a number";
- case RCL_SECURITY_CONTEXT_NAME_INVALID_TOO_LONG:
+ case RCL_ENCLAVE_NAME_INVALID_TOO_LONG:
return "context name should not exceed '"
- RCUTILS_STRINGIFY(RCL_SECURITY_CONTEXT_NAME_MAX_NAME_LENGTH) "'";
+ RCUTILS_STRINGIFY(RCL_ENCLAVE_NAME_MAX_NAME_LENGTH) "'";
default:
return "unknown result code for rcl context name validation";
}
diff --git a/rcl/test/rcl/test_get_node_names.cpp b/rcl/test/rcl/test_get_node_names.cpp
index f57af5d18..734dc1d4a 100644
--- a/rcl/test/rcl/test_get_node_names.cpp
+++ b/rcl/test/rcl/test_get_node_names.cpp
@@ -165,7 +165,7 @@ TEST_F(CLASSNAME(TestGetNodeNames, RMW_IMPLEMENTATION), test_rcl_get_node_names)
}
TEST_F(
- CLASSNAME(TestGetNodeNames, RMW_IMPLEMENTATION), test_rcl_get_node_names_with_security_contexts)
+ CLASSNAME(TestGetNodeNames, RMW_IMPLEMENTATION), test_rcl_get_node_names_with_enclave)
{
rcl_ret_t ret;
rcl_init_options_t init_options = rcl_get_zero_initialized_init_options();
@@ -176,8 +176,8 @@ TEST_F(
EXPECT_EQ(RCL_RET_OK, rcl_init_options_fini(&init_options)) << rcl_get_error_string().str;
});
rcl_context_t context = rcl_get_zero_initialized_context();
- const char * security_context_name = "/default";
- const char * argv[] = {"--ros-args", "--security-context", security_context_name};
+ const char * enclave_name = "/enclave";
+ const char * argv[] = {"--ros-args", "--enclave", enclave_name};
ret = rcl_init(3, argv, &init_options, &context);
ASSERT_EQ(RCL_RET_OK, ret) << rcl_get_error_string().str;
OSRF_TESTING_TOOLS_CPP_SCOPE_EXIT(
@@ -198,7 +198,7 @@ TEST_F(
std::make_tuple(
std::string(node1_name),
std::string(node1_namespace),
- std::string(security_context_name)));
+ std::string(enclave_name)));
rcl_node_t node2 = rcl_get_zero_initialized_node();
const char * node2_name = "node2";
@@ -210,7 +210,7 @@ TEST_F(
std::make_tuple(
std::string(node2_name),
std::string(node2_namespace),
- std::string(security_context_name)));
+ std::string(enclave_name)));
rcl_node_t node3 = rcl_get_zero_initialized_node();
const char * node3_name = "node3";
@@ -222,7 +222,7 @@ TEST_F(
std::make_tuple(
std::string(node3_name),
std::string(node3_namespace),
- std::string(security_context_name)));
+ std::string(enclave_name)));
rcl_node_t node4 = rcl_get_zero_initialized_node();
const char * node4_name = "node2";
@@ -234,7 +234,7 @@ TEST_F(
std::make_tuple(
std::string(node4_name),
std::string(node4_namespace),
- std::string(security_context_name)));
+ std::string(enclave_name)));
rcl_node_t node5 = rcl_get_zero_initialized_node();
const char * node5_name = "node1";
@@ -246,15 +246,15 @@ TEST_F(
std::make_tuple(
std::string(node5_name),
std::string(node5_namespace),
- std::string(security_context_name)));
+ std::string(enclave_name)));
std::this_thread::sleep_for(1s);
rcutils_string_array_t node_names = rcutils_get_zero_initialized_string_array();
rcutils_string_array_t node_namespaces = rcutils_get_zero_initialized_string_array();
- rcutils_string_array_t security_contexts = rcutils_get_zero_initialized_string_array();
- ret = rcl_get_node_names_with_security_contexts(
- &node1, node1_options.allocator, &node_names, &node_namespaces, &security_contexts);
+ rcutils_string_array_t enclaves = rcutils_get_zero_initialized_string_array();
+ ret = rcl_get_node_names_with_enclaves(
+ &node1, node1_options.allocator, &node_names, &node_namespaces, &enclaves);
ASSERT_EQ(RCUTILS_RET_OK, ret) << rcl_get_error_string().str;
std::stringstream ss;
@@ -269,7 +269,7 @@ TEST_F(
std::make_tuple(
std::string(node_names.data[i]),
std::string(node_namespaces.data[i]),
- std::string(security_contexts.data[i])));
+ std::string(enclaves.data[i])));
}
EXPECT_EQ(discovered_nodes, expected_nodes);
diff --git a/rcl/test/rcl/test_security.cpp b/rcl/test/rcl/test_security.cpp
index a7b3527fb..f6b2c5e3a 100644
--- a/rcl/test/rcl/test_security.cpp
+++ b/rcl/test/rcl/test_security.cpp
@@ -29,8 +29,8 @@
#define TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME "/test_security_directory"
-#define TEST_SECURITY_CONTEXT "dummy_security_context"
-#define TEST_SECURITY_CONTEXT_ABSOLUTE "/" TEST_SECURITY_CONTEXT
+#define TEST_ENCLAVE "dummy_enclave"
+#define TEST_ENCLAVE_ABSOLUTE "/" TEST_ENCLAVE
#ifndef _WIN32
# define PATH_SEPARATOR "/"
@@ -38,8 +38,8 @@
# define PATH_SEPARATOR "\\"
#endif
-#define TEST_SECURITY_CONTEXT_MULTIPLE_TOKENS \
- "/group1" PATH_SEPARATOR TEST_SECURITY_CONTEXT
+#define TEST_ENCLAVE_MULTIPLE_TOKENS \
+ "/group1" PATH_SEPARATOR TEST_ENCLAVE
char g_envstring[512] = {0};
@@ -120,21 +120,21 @@ class TestGetSecureRoot : public ::testing::Test
TEST_F(TestGetSecureRoot, failureScenarios) {
EXPECT_EQ(
- rcl_get_secure_root(TEST_SECURITY_CONTEXT_ABSOLUTE, &allocator),
+ rcl_get_secure_root(TEST_ENCLAVE_ABSOLUTE, &allocator),
(char *) NULL);
rcl_reset_error();
putenv_wrapper(ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "=" TEST_RESOURCES_DIRECTORY);
/* Security directory is set, but there's no matching directory */
- /// Wrong security context
+ /// Wrong enclave
EXPECT_EQ(
- rcl_get_secure_root("some_other_security_context", &allocator),
+ rcl_get_secure_root("some_other_enclave", &allocator),
(char *) NULL);
rcl_reset_error();
}
-TEST_F(TestGetSecureRoot, successScenarios_local_root_security_context) {
+TEST_F(TestGetSecureRoot, successScenarios_local_root_enclave) {
putenv_wrapper(
ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "="
TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME);
@@ -142,7 +142,7 @@ TEST_F(TestGetSecureRoot, successScenarios_local_root_security_context) {
secure_root = rcl_get_secure_root("/", &allocator);
ASSERT_NE(nullptr, secure_root);
ASSERT_STREQ(
- TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME PATH_SEPARATOR "contexts",
+ TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME PATH_SEPARATOR "enclaves",
secure_root);
}
@@ -151,12 +151,12 @@ TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch) {
ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "="
TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME);
- secure_root = rcl_get_secure_root(TEST_SECURITY_CONTEXT_ABSOLUTE, &allocator);
+ secure_root = rcl_get_secure_root(TEST_ENCLAVE_ABSOLUTE, &allocator);
ASSERT_NE(nullptr, secure_root);
std::string secure_root_str(secure_root);
ASSERT_STREQ(
- TEST_SECURITY_CONTEXT,
- secure_root_str.substr(secure_root_str.size() - strlen(TEST_SECURITY_CONTEXT)).c_str());
+ TEST_ENCLAVE,
+ secure_root_str.substr(secure_root_str.size() - strlen(TEST_ENCLAVE)).c_str());
}
TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch_multipleTokensName) {
@@ -165,12 +165,12 @@ TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch_multipleTokensName)
TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME);
secure_root = rcl_get_secure_root(
- TEST_SECURITY_CONTEXT_MULTIPLE_TOKENS, &allocator);
+ TEST_ENCLAVE_MULTIPLE_TOKENS, &allocator);
ASSERT_NE(nullptr, secure_root);
std::string secure_root_str(secure_root);
ASSERT_STREQ(
- TEST_SECURITY_CONTEXT,
- secure_root_str.substr(secure_root_str.size() - strlen(TEST_SECURITY_CONTEXT)).c_str());
+ TEST_ENCLAVE,
+ secure_root_str.substr(secure_root_str.size() - strlen(TEST_ENCLAVE)).c_str());
}
TEST_F(TestGetSecureRoot, nodeSecurityDirectoryOverride_validDirectory) {
@@ -198,12 +198,12 @@ TEST_F(TestGetSecureRoot, nodeSecurityDirectoryOverride_invalidDirectory) {
ROS_SECURITY_DIRECTORY_OVERRIDE
"=TheresN_oWayThi_sDirectory_Exists_hence_this_should_fail");
EXPECT_EQ(
- rcl_get_secure_root(TEST_SECURITY_CONTEXT_ABSOLUTE, &allocator),
+ rcl_get_secure_root(TEST_ENCLAVE_ABSOLUTE, &allocator),
(char *) NULL);
}
TEST_F(TestGetSecureRoot, test_get_security_options) {
- /* The override provided should exist. Providing correct security context name/root dir
+ /* The override provided should exist. Providing correct enclave name/root dir
* won't help if the node override is invalid. */
rmw_security_options_t options = rmw_get_zero_initialized_security_options();
putenv_wrapper(ROS_SECURITY_ENABLE_VAR_NAME "=false");
@@ -231,11 +231,11 @@ TEST_F(TestGetSecureRoot, test_get_security_options) {
ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "="
TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME);
ret = rcl_get_security_options_from_environment(
- TEST_SECURITY_CONTEXT_ABSOLUTE, &allocator, &options);
+ TEST_ENCLAVE_ABSOLUTE, &allocator, &options);
ASSERT_EQ(RMW_RET_OK, ret) << rmw_get_error_string().str;
EXPECT_EQ(RMW_SECURITY_ENFORCEMENT_ENFORCE, options.enforce_security);
EXPECT_STREQ(
TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME
- PATH_SEPARATOR "contexts" PATH_SEPARATOR TEST_SECURITY_CONTEXT,
+ PATH_SEPARATOR "enclaves" PATH_SEPARATOR TEST_ENCLAVE,
options.security_root_path);
}
diff --git a/rcl/test/resources/test_security_directory/contexts/dummy_security_context/.gitkeep b/rcl/test/resources/test_security_directory/enclaves/dummy_enclave/.gitkeep
similarity index 100%
rename from rcl/test/resources/test_security_directory/contexts/dummy_security_context/.gitkeep
rename to rcl/test/resources/test_security_directory/enclaves/dummy_enclave/.gitkeep
diff --git a/rcl/test/resources/test_security_directory/contexts/group1/dummy_security_context/.gitkeep b/rcl/test/resources/test_security_directory/enclaves/group1/dummy_enclave/.gitkeep
similarity index 100%
rename from rcl/test/resources/test_security_directory/contexts/group1/dummy_security_context/.gitkeep
rename to rcl/test/resources/test_security_directory/enclaves/group1/dummy_enclave/.gitkeep