Merge remote-tracking branch 'origin/develop'

Author: alexcamposruiz

examples/connext_dds/asynchronous_publication/py/README.md

@@ -3,6 +3,11 @@
 If you haven't used the RTI Connext Python API before, first check the
 [Getting Started Guide](https://community.rti.com/static/documentation/connext-dds/7.0.0/doc/manuals/connext_dds_professional/getting_started_guide/index.html).
 
+Note that in this example the DDS ``PublishMode`` QoS that allows asynchronous
+publication (see the top-level [README](../README.md)) is unrelated to the
+DataReader method ``take_data_async``, which is a feature specific to the Python
+API that allows the application to receive data in an asynchronous manner.
+
 ## Running the Example
 
 In two separate command prompt windows for the publisher and subscriber run the

examples/connext_dds/basic_security/README.md

@@ -0,0 +1,56 @@
+# Example Code: Basic Security
+
+## Concept
+
+RTI Security Plugins allow you to address your security requirements in a
+granular way. This example assumes that you have a familiarity with RTI Connext.
+
+The main aspects of security that are covered are
+
+-   Authentication - Verifying the identity of the application and/or user that
+invokes actions on DDS.
+-   Access Control - Provides a way to enforce policy decision on what DDS-related
+operations an authenticated entity can perform (i.e. which Domains it can join,
+which topics it can publish and subscribe to, etc)
+-   Cryptography - Implements (or interfaces with libraries that implement)
+cryptographic operations such as encryption, decryption, hashing, digital
+signatures, etc
+-   Logging - Auditing of all DDS security-related events.
+
+Additionally, The Security Plugins can potentially run over any transport,
+including the builtin UDP transport with multicast and TCP transport.
+The OMG DDS Security specification addresses the security aspect of the
+communication in a one-to-many, friendly, data-centric way, enabling
+applications to define different security policies based on the nature of the
+shared data. This gives the benefits of no single point of failure, high
+performance, and high scalability.
+
+In a DDS Secure system, a Governance Document defines the security requirements
+for communication. At the domain level, this file contains a mapping between
+Domain IDs and the security policies that DomainParticipants must follow to
+interact in that Domain.
+
+As you can see, the rules that compose the Governance Document specify how your
+system is protected. All the DomainParticipants in your secure system need to
+load the same Governance Document, either by having a copy of it, or by
+accessing a single Governance Document from a common location.
+
+In addition to meeting the security requirements specified in the Governance
+Document, every DomainParticipant joining a Secure Domain must be associated
+with a Permissions Document. This Permissions Document contains a set of grants,
+which determine what the local participant is allowed to do in the Domain.
+
+For more information about using RTI Connext with security, follow the
+[Getting Started Guide](https://community.rti.com/static/documentation/connext-dds/current/doc/manuals/connext_dds_secure/getting_started_guide/index.html)
+
+## Example Description
+
+This example is available in other programming languages in the
+`rti_workspace/<version>/examples/connext_dds/<language>/hello_security`
+folder created under your home directory when RTI Connext is installed.
+
+In this example, the publisher application sends a message of "Hello World" with
+a number to indicate which sample it is. This number increments by one and by
+default will go until the user stops the programs. By default, the messages are
+sent using ecdsa but can be set to rsa or ecdsa secp384r1 by providing an
+argument at run time.

examples/connext_dds/basic_security/py/README.md

@@ -0,0 +1,73 @@
+# Example Code: Basic Security
+
+## Running this Example
+
+### Initial Setup
+
+In order to run this example you require some security artifacts (certificates,
+signed Governance and Permissions Document). The easiest way to acquire them is
+to copy them from the rti_workspace examples. They can be found in
+`<rti_workspace>/<version>/examples/dds_security`. If this folder is copied in
+whole to `examples/connext_dds/basic_security` the example will work with no
+modifications to the SecureQos.xml file. Otherwise, the strings in
+SecureQos.xml must be updated to reflect the locations of these artifacts.
+
+### Linux and macOS systems
+
+Your LD_LIBRARY_PATH or (DYLD_LIBRARY_PATH for macOS) must include
+`$NDDSHOME/lib/<architecture>`.
+You must also include the path to your crypto libraries. They are in
+`$NDDSHOME/third_party/openssl-<version>/<architecture>/<release or debug>/lib`
+(location of libcrypto.so and libssl.so).
+If you are using the Security Plugins for wolfSSL, your LD_LIBRARY_PATH must
+include
+`$NDDSHOME/third_party/wolfssl-<version>/<architecture>/<release or debug>/lib`
+(location of libwolfssl.so).
+
+If using Certicom Security Builder Engine for QNX, your LD_LIBRARY_PATH must
+include
+`$NDDSHOME/third_party/openssl-<version>/<architecture>/release/lib/:$CERTICOM_SBENGINEHOME/tools/sb/sb-$CERTICOMOS/lib/:$CERTICOM_SBENGINEHOME/lib/$CERTICOMOS.`
+
+To run this example, type the following commands in two different command
+shells (one command in each shell), either on the same machine or on different
+machines:
+
+  > python3 secure_publisher.py
+  > python3 secure_subscriber.py
+
+### Windows systems
+
+Your PATH must include
+`%NDDSHOME%\lib\<architecture>` and
+`%NDDSHOME%\third_party\openssl-<version>\<architecture>\<release or debug>\bin`
+(location of the libcrypto and libssl DLLs).
+
+To run this example, type the following commands in two different command
+shells (one command in each shell), either on the same machine or on different
+machines:
+
+  > python3 secure_publisher.py
+  > python3 secure_subscriber.py
+
+### Accepted parameters
+
+The following parameters are accepted:
+
+- `-d` for the domain id
+- `-c` for the number of samples to send
+- `-p` for the profile (A, B, RSA_A, RSA_B, ECDSA_P384_A, or ECDSA_P384_B)
+
+To run this example
+using the "rsa"(**) algorithm suite, add a `-p` command-line argument: "rsa".
+Pass "p384" (***) for the `-p` command-line argument if you want to use the
+"ecdsa secp384r1" algorithm suite.
+
+-   The "ecdsa" algorithm suite consists of ECDSA+P256+SHA256 (digital signature
+for identity trust chain and authentication) and ECDHE-CEUM+P256
+(key establishment).
+-   The "rsa" algorithm suite consists of RSASSA-PKCS1-V1_5+2048+SHA256 (digital
+signature for identity trust chain), RSASSA-PSS-MGF1SHA256+2048+SHA256
+(digital signature for authentication) and ECDHE-CEUM+P256 (key establishment).
+-   The "ecdsa secp384r1" algorithm suite consists of ECDSA+P384+SHA384 (digital
+signature for identity trust chain and authentication), and ECDHE-CEUM+P384
+(key establishment).

examples/connext_dds/basic_security/py/SecureQos.xml

@@ -0,0 +1,163 @@
+<?xml version="1.0"?>
+<!--
+ (c) 2023 Copyright, Real-Time Innovations, Inc.  All rights reserved.
+ RTI grants Licensee a license to use, modify, compile, and create derivative
+ works of the Software.  Licensee has the right to distribute object form only
+ for use with RTI products.  The Software is provided "as is", with no warranty
+ of any type, including any warranty for fitness for any purpose. RTI is under
+ no obligation to maintain or support the Software.  RTI shall not be liable for
+ any incidental or consequential damages arising out of the use or inability to
+ use the software.
+ -->
+<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://community.rti.com/schema/7.2.0/rti_dds_qos_profiles.xsd">
+
+  <qos_library name="SecurityExampleProfiles">
+
+    <!-- Default QoS:
+
+             This profile contains the QoS that applications would use by
+             default. We can use it as a base profile to inherit from and
+             override some parameters.
+         -->
+    <qos_profile name="A" base_name="BuiltinQosLib::Generic.Security" is_default_qos="true">
+      <domain_participant_qos>
+        <property>
+          <value>
+            <element>
+              <name>dds.sec.auth.identity_ca</name>
+              <value>file:../dds_security/cert/ecdsa01/ca/ecdsa01RootCaCert.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.auth.identity_certificate</name>
+              <value>file:../dds_security/cert/ecdsa01/identities/ecdsa01Peer01Cert.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.auth.private_key</name>
+              <value>file:../dds_security/cert/ecdsa01/identities/ecdsa01Peer01Key.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.access.permissions_ca</name>
+              <value>file:../dds_security/cert/ecdsa01/ca/ecdsa01RootCaCert.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.access.governance</name>
+              <value>file:../dds_security/xml/signed/signed_Governance.p7s</value>
+            </element>
+            <element>
+              <name>dds.sec.access.permissions</name>
+              <value>file:../dds_security/xml/signed/signed_PermissionsA.p7s</value>
+            </element>
+          </value>
+        </property>
+      </domain_participant_qos>
+    </qos_profile>
+    <qos_profile name="B" base_name="A">
+      <domain_participant_qos>
+        <property>
+          <value>
+            <element>
+              <name>dds.sec.auth.identity_certificate</name>
+              <value>file:../dds_security/cert/ecdsa01/identities/ecdsa01Peer02Cert.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.auth.private_key</name>
+              <value>file:../dds_security/cert/ecdsa01/identities/ecdsa01Peer02Key.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.auth.password</name>
+              <value>VG9tQjEy</value>
+            </element>
+            <element>
+              <name>dds.sec.access.permissions</name>
+              <value>file:../dds_security/xml/signed/signed_PermissionsB.p7s</value>
+            </element>
+          </value>
+        </property>
+      </domain_participant_qos>
+    </qos_profile>
+    <qos_profile name="RSA_A" base_name="A">
+      <domain_participant_qos>
+        <property>
+          <value>
+            <element>
+              <name>dds.sec.auth.identity_ca</name>
+              <value>file:../dds_security/cert/rsa01/ca/rsa01RootCaCert.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.auth.identity_certificate</name>
+              <value>file:../dds_security/cert/rsa01/identities/rsa01Peer01Cert.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.auth.private_key</name>
+              <value>file:../dds_security/cert/rsa01/identities/rsa01Peer01Key.pem</value>
+            </element>
+          </value>
+        </property>
+      </domain_participant_qos>
+    </qos_profile>
+    <qos_profile name="RSA_B" base_name="RSA_A">
+      <domain_participant_qos>
+        <property>
+          <value>
+            <element>
+              <name>dds.sec.auth.identity_certificate</name>
+              <value>file:../dds_security/cert/rsa01/identities/rsa01Peer02Cert.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.auth.private_key</name>
+              <value>file:../dds_security/cert/rsa01/identities/rsa01Peer02Key.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.auth.password</name>
+              <value>Um9iRzg3</value>
+            </element>
+            <element>
+              <name>dds.sec.access.permissions</name>
+              <value>file:../dds_security/xml/signed/signed_PermissionsB.p7s</value>
+            </element>
+          </value>
+        </property>
+      </domain_participant_qos>
+    </qos_profile>
+    <qos_profile name="ECDSA_P384_A" base_name="A">
+      <domain_participant_qos>
+        <property>
+          <value>
+            <element>
+              <name>dds.sec.auth.identity_ca</name>
+              <value>file:../dds_security/cert/ecdsa07_p384/ca/ecdsa07RootCaCert.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.auth.identity_certificate</name>
+              <value>file:../dds_security/cert/ecdsa07_p384/identities/ecdsa07Peer02Cert.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.auth.private_key</name>
+              <value>file:../dds_security/cert/ecdsa07_p384/identities/ecdsa07Peer02Key.pem</value>
+            </element>
+          </value>
+        </property>
+      </domain_participant_qos>
+    </qos_profile>
+    <qos_profile name="ECDSA_P384_B" base_name="ECDSA_P384_A">
+      <domain_participant_qos>
+        <property>
+          <value>
+            <element>
+              <name>dds.sec.auth.identity_certificate</name>
+              <value>file:../dds_security/cert/ecdsa07_p384/identities/ecdsa07Peer03Cert.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.auth.private_key</name>
+              <value>file:../dds_security/cert/ecdsa07_p384/identities/ecdsa07Peer03Key.pem</value>
+            </element>
+            <element>
+              <name>dds.sec.access.permissions</name>
+              <value>file:../dds_security/xml/signed/signed_PermissionsB.p7s</value>
+            </element>
+          </value>
+        </property>
+      </domain_participant_qos>
+    </qos_profile>
+  </qos_library>
+</dds>

examples/connext_dds/basic_security/py/hello.idl

@@ -0,0 +1,3 @@
+struct HelloWorld {
+    string<128> msg;
+};

examples/connext_dds/basic_security/py/hello.py

@@ -0,0 +1,26 @@
+#
+# (c) 2023 Copyright, Real-Time Innovations, Inc.  All rights reserved.
+#
+# RTI grants Licensee a license to use, modify, compile, and create derivative
+# works of the Software solely for use with RTI products.  The Software is
+# provided "as is", with no warranty of any type, including any warranty for
+# fitness for any purpose. RTI is under no obligation to maintain or support
+# the Software.  RTI shall not be liable for any incidental or consequential
+# damages arising out of the use or inability to use the software.
+#
+
+from dataclasses import field
+from typing import Union, Sequence, Optional
+import rti.idl as idl
+from enum import IntEnum
+import sys
+import os
+
+
+@idl.struct(
+    member_annotations={
+        "msg": [idl.bound(128)],
+    }
+)
+class HelloWorld:
+    msg: str = ""