OpenDDS::Security::Governance Class Reference

#include <Governance.h>

Inheritance diagram for OpenDDS::Security::Governance:

Collaboration diagram for OpenDDS::Security::Governance:

Classes
struct	DomainRule
struct	TopicAccessRule

Public Types
typedef DCPS::RcHandle< Governance >	shared_ptr
typedef std::vector< TopicAccessRule >	TopicAccessRules
typedef std::vector< DomainRule >	GovernanceAccessRules

Public Member Functions
	Governance ()
int	load (const SSL::SignedDocument &doc)
GovernanceAccessRules &	access_rules ()
Public Member Functions inherited from OpenDDS::DCPS::RcObject
virtual	~RcObject ()
virtual void	_add_ref ()
virtual void	_remove_ref ()
long	ref_count () const
WeakObject *	_get_weak_object () const

Private Attributes
GovernanceAccessRules	access_rules_

Additional Inherited Members
Protected Member Functions inherited from OpenDDS::DCPS::RcObject
	RcObject ()

Detailed Description

Definition at line 24 of file Governance.h.

Member Typedef Documentation

GovernanceAccessRules

typedef std::vector<DomainRule> OpenDDS::Security::Governance::GovernanceAccessRules

Definition at line 44 of file Governance.h.

shared_ptr

typedef DCPS::RcHandle<Governance> OpenDDS::Security::Governance::shared_ptr

Definition at line 26 of file Governance.h.

TopicAccessRules

typedef std::vector<TopicAccessRule> OpenDDS::Security::Governance::TopicAccessRules

Definition at line 36 of file Governance.h.

Constructor & Destructor Documentation

Governance()

OpenDDS::Security::Governance::Governance

(

)

Definition at line 33 of file Governance.cpp.

References OpenDDS::DCPS::SecurityDebug::access_error, ACE_ERROR, OpenDDS::Security::SSL::SignedDocument::filename(), LM_ERROR, name, OpenDDS::Security::XmlUtils::parse_bool(), OpenDDS::DCPS::security_debug, ACE_OS::strcasecmp(), OpenDDS::Security::XmlUtils::to_string(), and value.

{
}

Member Function Documentation

access_rules()

GovernanceAccessRules& OpenDDS::Security::Governance::access_rules ( )

inline

Definition at line 50 of file Governance.h.

References access_rules_.

  {
    return access_rules_;
  }

load()

int OpenDDS::Security::Governance::load

(

const SSL::SignedDocument &

doc

)

Definition at line 112 of file Governance.cpp.

References OpenDDS::DCPS::SecurityDebug::access_error, ACE_ERROR, ACE_TEXT(), ACE_TEXT_CHAR_TO_TCHAR, DDS::Security::ParticipantSecurityAttributes::allow_unauthenticated_participants, OpenDDS::Security::SSL::SignedDocument::content(), OpenDDS::Security::Governance::TopicAccessRule::data_protection_kind, OpenDDS::Security::Governance::DomainRule::domain_attrs, OpenDDS::Security::Governance::DomainRule::domains, OpenDDS::Security::SSL::SignedDocument::filename(), OpenDDS::Security::XmlUtils::get_parser(), DDS::Security::ParticipantSecurityAttributes::is_access_protected, DDS::Security::ParticipantSecurityAttributes::is_discovery_protected, DDS::Security::TopicSecurityAttributes::is_discovery_protected, DDS::Security::ParticipantSecurityAttributes::is_liveliness_protected, DDS::Security::TopicSecurityAttributes::is_liveliness_protected, DDS::Security::TopicSecurityAttributes::is_read_protected, DDS::Security::ParticipantSecurityAttributes::is_rtps_protected, DDS::Security::TopicSecurityAttributes::is_write_protected, LM_ERROR, OpenDDS::Security::Governance::TopicAccessRule::metadata_protection_kind, name, OPENDDS_END_VERSIONED_NAMESPACE_DECL, OpenDDS::Security::XmlUtils::parse_domain_id_set(), DDS::Security::ParticipantSecurityAttributes::plugin_participant_attributes, DDS::Security::PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_BUILTIN_IS_DISCOVERY_ENCRYPTED, DDS::Security::PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_DISCOVERY_ORIGIN_AUTHENTICATED, DDS::Security::PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_LIVELINESS_ENCRYPTED, DDS::Security::PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_LIVELINESS_ORIGIN_AUTHENTICATED, DDS::Security::PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED, DDS::Security::PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED, DDS::Security::PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_VALID, OpenDDS::DCPS::security_debug, OpenDDS::Security::XmlUtils::to_string(), OpenDDS::Security::Governance::TopicAccessRule::topic_attrs, OpenDDS::Security::Governance::TopicAccessRule::topic_expression, and OpenDDS::Security::Governance::DomainRule::topic_rules.

{
  const std::string& xml = doc.content();
  ParserPtr parser;
  if (!get_parser(parser, doc.filename(), xml)) {
    if (security_debug.access_error) {
      ACE_ERROR((LM_ERROR, "(%P|%t) ERROR: {access_error} Governance::load: "
        "get_parser failed\n"));
    }
    return -1;
  }

  // Find the domain rules
  const xercesc::DOMNodeList* const domainRules = parser->getDocument()->getDocumentElement()->
    getElementsByTagName(XStr(ACE_TEXT("domain_rule")));
  for (XMLSize_t r = 0, dr_len = domainRules->getLength(); r < dr_len; ++r) {
    Governance::DomainRule domain_rule;
    domain_rule.domain_attrs.plugin_participant_attributes = 0;
    const xercesc::DOMElement* const domain_rule_el =
      dynamic_cast<const xercesc::DOMElement*>(domainRules->item(r));
    if (!domain_rule_el) {
      if (security_debug.access_error) {
        ACE_ERROR((LM_ERROR, "(%P|%t) ERROR: {access_error} Governance::load: "
          "domain_rule_el is null\n"));
      }
      return -1;
    }

    // Process domain ids this domain rule applies to
    const xercesc::DOMNodeList* const ruleNodes = domain_rule_el->getChildNodes();
    for (XMLSize_t rn = 0, rn_len = ruleNodes->getLength(); rn < rn_len; rn++) {
      const xercesc::DOMNode* const ruleNode = ruleNodes->item(rn);
      const XStr dn_tag = ruleNode->getNodeName();
      if (ACE_TEXT("domains") == dn_tag) {
        if (!parse_domain_id_set(ruleNode, domain_rule.domains)) {
          if (security_debug.access_error) {
            ACE_ERROR((LM_ERROR, "(%P|%t) ERROR: {access_error} Governance::load: "
              "failed to process domain ids in \"%C\"\n",
              doc.filename().c_str()));
          }
          return -1;
        }
      }
    }

    // Process allow_unauthenticated_participants
    if (!get_bool_tag(doc, domain_rule_el, ACE_TEXT("allow_unauthenticated_participants"),
        domain_rule.domain_attrs.allow_unauthenticated_participants)) {
      return -1;
    }

    // Process enable_join_access_control
    if (!get_bool_tag(doc, domain_rule_el, ACE_TEXT("enable_join_access_control"),
        domain_rule.domain_attrs.is_access_protected)) {
      return -1;
    }

    // Process discovery_protection_kind
    if (!get_protection_kind(doc, domain_rule_el, ACE_TEXT("discovery_protection_kind"),
        domain_rule.domain_attrs.is_discovery_protected,
        domain_rule.domain_attrs.plugin_participant_attributes,
        PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_BUILTIN_IS_DISCOVERY_ENCRYPTED,
        PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_DISCOVERY_ORIGIN_AUTHENTICATED)) {
      return -1;
    }

    // Process liveliness_protection_kind
    if (!get_protection_kind(doc, domain_rule_el, ACE_TEXT("liveliness_protection_kind"),
        domain_rule.domain_attrs.is_liveliness_protected,
        domain_rule.domain_attrs.plugin_participant_attributes,
        PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_LIVELINESS_ENCRYPTED,
        PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_LIVELINESS_ORIGIN_AUTHENTICATED)) {
      return -1;
    }

    // Process rtps_protection_kind
    if (!get_protection_kind(doc, domain_rule_el, ACE_TEXT("rtps_protection_kind"),
        domain_rule.domain_attrs.is_rtps_protected,
        domain_rule.domain_attrs.plugin_participant_attributes,
        PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED,
        PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED)) {
      return -1;
    }

    domain_rule.domain_attrs.plugin_participant_attributes |=
      PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_VALID;

    // Process topic rules
    const xercesc::DOMNodeList* topic_rules =
      domain_rule_el->getElementsByTagName(XStr(ACE_TEXT("topic_rule")));
    for (XMLSize_t tr = 0, tr_len = topic_rules->getLength(); tr < tr_len; tr++) {
      const xercesc::DOMNode* topic_rule = topic_rules->item(tr);
      const xercesc::DOMNodeList* topic_rule_nodes = topic_rule->getChildNodes();
      Governance::TopicAccessRule t_rules;
      for (XMLSize_t trn = 0, trn_len = topic_rule_nodes->getLength(); trn < trn_len; trn++) {
        const xercesc::DOMNode* topic_rule_node = topic_rule_nodes->item(trn);
        const std::string name = to_string(topic_rule_node->getNodeName());

        bool* bool_value = 0;
        if (name == "topic_expression") {
          t_rules.topic_expression = to_string(topic_rule_node);
        } else if (name == "enable_discovery_protection") {
          bool_value = &t_rules.topic_attrs.is_discovery_protected;
        } else if (name == "enable_liveliness_protection") {
          bool_value = &t_rules.topic_attrs.is_liveliness_protected;
        } else if (name == "enable_read_access_control") {
          bool_value = &t_rules.topic_attrs.is_read_protected;
        } else if (name == "enable_write_access_control") {
          bool_value = &t_rules.topic_attrs.is_write_protected;
        } else if (name == "metadata_protection_kind") {
          t_rules.metadata_protection_kind = to_string(topic_rule_node);
        } else if (name == "data_protection_kind") {
          t_rules.data_protection_kind = to_string(topic_rule_node);
        }

        if (bool_value && !get_bool_tag_value(doc, topic_rule_node,
            ACE_TEXT_CHAR_TO_TCHAR(name.c_str()), *bool_value)) {
          return -1;
        }
      }
      domain_rule.topic_rules.push_back(t_rules);
    }

    access_rules_.push_back(domain_rule);
  } // domain_rule

  return 0;
}

Member Data Documentation

access_rules_

GovernanceAccessRules OpenDDS::Security::Governance::access_rules_

private

Definition at line 56 of file Governance.h.

Referenced by access_rules().

---

The documentation for this class was generated from the following files:

• Governance.h
• Governance.cpp