Connext Secure Examples (#641)

Author: akkshaj-rti

examples/CMakeLists.txt

@@ -34,20 +34,33 @@ option(CONNEXTDDS_BUILD_WEB_INTEGRATION_SERVICE_EXAMPLES
     OFF
 )
 
+option(CONNEXTDDS_BUILD_CONNEXT_SECURE_EXAMPLES
+    "Build Connext Secure examples"
+    OFF
+)
+
 add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/connext_dds")
 
 if(CONNEXTDDS_BUILD_PERSISTENCE_SERVICE_EXAMPLES)
     add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/persistence_service")
 endif()
+
 if(CONNEXTDDS_BUILD_RECORDING_SERVICE_EXAMPLES)
     add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/recording_service")
 endif()
+
 if(CONNEXTDDS_BUILD_ROUTING_SERVICE_EXAMPLES)
     add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/routing_service")
 endif()
+
 if(CONNEXTDDS_BUILD_WEB_INTEGRATION_SERVICE_EXAMPLES)
     add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/web_integration_service")
 endif()
+
 if(CONNEXTDDS_BUILD_CLOUD_DISCOVERY_SERVICE_EXAMPLES)
     add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/cloud_discovery_service")
 endif()
+
+if(CONNEXTDDS_BUILD_CONNEXT_SECURE_EXAMPLES)
+    add_subdirectory("${CMAKE_CURRENT_SOURCE_DIR}/connext_secure")
+endif()

examples/connext_secure/CMakeLists.txt

@@ -0,0 +1,35 @@
+#
+# (c) 2023 Copyright, Real-Time Innovations, Inc.  All rights reserved.
+#
+# RTI grants Licensee a license to use, modify, compile, and create derivative
+# works of the Software.  Licensee has the right to distribute object form
+# only for use with RTI products.  The Software is provided "as is", with no
+# warranty of any type, including any warranty for fitness for any purpose.
+# RTI is under no obligation to maintain or support the Software.  RTI shall
+# not be liable for any incidental or consequential damages arising out of the
+# use or inability to use the software.
+#
+
+cmake_minimum_required(VERSION 3.12)
+project(rticonnextdds-examples-secure)
+list(APPEND CMAKE_MODULE_PATH
+    "${CMAKE_CURRENT_SOURCE_DIR}/../../resources/cmake/Modules"
+)
+include(ConnextDdsConfigureCmakeUtils)
+connextdds_configure_cmake_utils()
+
+include(ConnextDdsAddExamplesSubdirectories)
+
+if(NOT DEFINED CONNEXTDDS_CONNEXT_SECURE_EXAMPLES)
+    set(CONNEXTDDS_CONNEXT_SECURE_EXAMPLES
+        "cds"
+        "certificate_revocation_list"
+        "lightweight"
+        "whitelist"
+    )
+endif()
+
+connextdds_add_examples_subdirectories(
+    EXAMPLES
+    ${CONNEXTDDS_CONNEXT_SECURE_EXAMPLES}
+)

examples/connext_secure/README.md

@@ -0,0 +1,11 @@
+# Connext Secure
+
+RTI Security Plugins allow you to address your databus security requirements in
+a granular and pluggable way.
+The Security Plugins are the Connext implementation of the OMG DDS Security
+builtin interoperability plugins.
+
+In this directory you will find some examples that illustrate the use of RTI
+Security Plugins.
+For more information about RTI Security Plugins, please
+refer to the [RTI Security Plugins User's Manual](https://community.rti.com/static/documentation/connext-dds/7.2.0/doc/manuals/connext_dds_secure/users_manual/index.html).

examples/connext_secure/cds/README.md

@@ -0,0 +1,12 @@
+# Example Code: Lightweight Security with Cloud Discovery Service
+
+## Concept
+
+This example showcases protection of participant announcement messages (Data(p)
+packets), including those relayed by Cloud Discovery Service through lightweight
+security plugins. This requires Connext Secure 7.2.0 or newer. This example is
+based on a standard rtiddsgen publisher and subscriber example code and a basic
+Cloud Discovery Service configuration. Initial peers are set up so that
+communication can only happen in the presence of Cloud Discovery Service, and in
+particular the secure CDS configuration profile.
+A Wireshark capture is supplied as part of the example.

examples/connext_secure/cds/c++11/CDS.idl

@@ -0,0 +1,15 @@
+/*
+ * (c) Copyright, Real-Time Innovations, 2023.  All rights reserved.
+ * RTI grants Licensee a license to use, modify, compile, and create derivative
+ * works of the software solely for use with RTI Connext DDS. Licensee may
+ * redistribute copies of the software provided that all such copies are subject
+ * to this license. The software is provided "as is", with no warranty of any
+ * type, including any warranty for fitness for any purpose. RTI is under no
+ * obligation to maintain or support the software. RTI shall not be liable for
+ * any incidental or consequential damages arising out of the use or inability
+ * to use the software.
+ */
+
+struct Example {
+    int32 value;
+};

examples/connext_secure/cds/c++11/CDS_publisher.cxx

@@ -0,0 +1,91 @@
+/*
+ * (c) Copyright, Real-Time Innovations, 2023.  All rights reserved.
+ * RTI grants Licensee a license to use, modify, compile, and create derivative
+ * works of the software solely for use with RTI Connext DDS. Licensee may
+ * redistribute copies of the software provided that all such copies are subject
+ * to this license. The software is provided "as is", with no warranty of any
+ * type, including any warranty for fitness for any purpose. RTI is under no
+ * obligation to maintain or support the software. RTI shall not be liable for
+ * any incidental or consequential damages arising out of the use or inability
+ * to use the software.
+ */
+
+#include <iostream>
+
+#include <dds/pub/ddspub.hpp>
+#include <rti/util/util.hpp>      // for sleep()
+#include <rti/config/Logger.hpp>  // for logging
+
+#include "application.hpp"  // for command line parsing and ctrl-c
+#include "CDS.hpp"
+
+void run_publisher_application(
+        unsigned int domain_id,
+        unsigned int sample_count)
+{
+    // DDS objects behave like shared pointers or value types
+    // (see
+    // https://community.rti.com/best-practices/use-modern-c-types-correctly)
+
+    // Start communicating in a domain, usually one participant per application
+    dds::domain::DomainParticipant participant(
+            domain_id,
+            dds::core::QosProvider::Default().participant_qos(
+                    "lite_library::lite_peer"));
+
+    // Create a Topic with a name and a datatype
+    dds::topic::Topic<Example> topic(participant, "CDS LWS Example");
+
+    // Create a Publisher
+    dds::pub::Publisher publisher(participant);
+
+    // Create a DataWriter with default QoS
+    dds::pub::DataWriter<Example> writer(publisher, topic);
+
+    Example data;
+    // Main loop, write data
+    for (unsigned int samples_written = 0;
+         !application::shutdown_requested && samples_written < sample_count;
+         samples_written++) {
+        // Modify the data to be written here
+        data.value(static_cast<int32_t>(samples_written));
+        std::cout << "Writing CDS, count " << samples_written << std::endl;
+
+        writer.write(data);
+
+        // Send once every second
+        rti::util::sleep(dds::core::Duration(1));
+    }
+}
+
+int main(int argc, char *argv[])
+{
+    using namespace application;
+
+    // Parse arguments and handle control-C
+    auto arguments = parse_arguments(argc, argv);
+    if (arguments.parse_result == ParseReturn::exit) {
+        return EXIT_SUCCESS;
+    } else if (arguments.parse_result == ParseReturn::failure) {
+        return EXIT_FAILURE;
+    }
+    setup_signal_handlers();
+
+    // Sets Connext verbosity to help debugging
+    rti::config::Logger::instance().verbosity(arguments.verbosity);
+
+    try {
+        run_publisher_application(arguments.domain_id, arguments.sample_count);
+    } catch (const std::exception &ex) {
+        // This will catch DDS exceptions
+        std::cerr << "Exception in run_publisher_application(): " << ex.what()
+                  << std::endl;
+        return EXIT_FAILURE;
+    }
+
+    // Releases the memory used by the participant factory.  Optional at
+    // application exit
+    dds::domain::DomainParticipant::finalize_participant_factory();
+
+    return EXIT_SUCCESS;
+}

examples/connext_secure/cds/c++11/CDS_subscriber.cxx

@@ -0,0 +1,107 @@
+/*
+ * (c) Copyright, Real-Time Innovations, 2023.  All rights reserved.
+ * RTI grants Licensee a license to use, modify, compile, and create derivative
+ * works of the software solely for use with RTI Connext DDS. Licensee may
+ * redistribute copies of the software provided that all such copies are subject
+ * to this license. The software is provided "as is", with no warranty of any
+ * type, including any warranty for fitness for any purpose. RTI is under no
+ * obligation to maintain or support the software. RTI shall not be liable for
+ * any incidental or consequential damages arising out of the use or inability
+ * to use the software.
+ */
+
+#include <algorithm>
+#include <iostream>
+
+#include <dds/sub/ddssub.hpp>
+#include <dds/core/ddscore.hpp>
+#include <rti/config/Logger.hpp>  // for logging
+
+#include "CDS.hpp"
+#include "application.hpp"  // for command line parsing and ctrl-c
+
+void process_data(dds::sub::DataReader<Example> reader)
+{
+    // Take all samples
+    dds::sub::LoanedSamples<Example> samples = reader.take();
+    for (auto sample : samples) {
+        if (sample.info().valid()) {
+            std::cout << sample.data() << std::endl;
+        } else {
+            std::cout << "Instance state changed to "
+                      << sample.info().state().instance_state() << std::endl;
+        }
+    }
+}  // The LoanedSamples destructor returns the loan
+
+void run_subscriber_application(
+        unsigned int domain_id,
+        unsigned int sample_count)
+{
+    // DDS objects behave like shared pointers or value types
+    // (see
+    // https://community.rti.com/best-practices/use-modern-c-types-correctly)
+
+    // Start communicating in a domain, usually one participant per application
+    dds::domain::DomainParticipant participant(
+            domain_id,
+            dds::core::QosProvider::Default().participant_qos(
+                    "lite_library::lite_peer"));
+
+    // Create a Topic with a name and a datatype
+    dds::topic::Topic<Example> topic(participant, "CDS LWS Example");
+
+    // Create a Subscriber and DataReader with default Qos
+    dds::sub::Subscriber subscriber(participant);
+    dds::sub::DataReader<Example> reader(subscriber, topic);
+
+    // Create a ReadCondition for any data received on this reader and set a
+    // handler to process the data
+    dds::sub::cond::ReadCondition read_condition(
+            reader,
+            dds::sub::status::DataState::any(),
+            [reader]() { process_data(reader); });
+
+    // WaitSet will be woken when the attached condition is triggered
+    dds::core::cond::WaitSet waitset;
+    waitset += read_condition;
+
+    while (!application::shutdown_requested) {
+        std::cout << "Example subscriber sleeping up to 1 sec..." << std::endl;
+
+        // Run the handlers of the active conditions. Wait for up to 1 second.
+        waitset.dispatch(dds::core::Duration(1));
+    }
+}
+
+int main(int argc, char *argv[])
+{
+    using namespace application;
+
+    // Parse arguments and handle control-C
+    auto arguments = parse_arguments(argc, argv);
+    if (arguments.parse_result == ParseReturn::exit) {
+        return EXIT_SUCCESS;
+    } else if (arguments.parse_result == ParseReturn::failure) {
+        return EXIT_FAILURE;
+    }
+    setup_signal_handlers();
+
+    // Sets Connext verbosity to help debugging
+    rti::config::Logger::instance().verbosity(arguments.verbosity);
+
+    try {
+        run_subscriber_application(arguments.domain_id, arguments.sample_count);
+    } catch (const std::exception &ex) {
+        // This will catch DDS exceptions
+        std::cerr << "Exception in run_subscriber_application(): " << ex.what()
+                  << std::endl;
+        return EXIT_FAILURE;
+    }
+
+    // Releases the memory used by the participant factory.  Optional at
+    // application exit
+    dds::domain::DomainParticipant::finalize_participant_factory();
+
+    return EXIT_SUCCESS;
+}

examples/connext_secure/cds/c++11/CMakeLists.txt

@@ -0,0 +1,29 @@
+#
+# (c) 2023 Copyright, Real-Time Innovations, Inc.  All rights reserved.
+#
+# RTI grants Licensee a license to use, modify, compile, and create derivative
+# works of the Software.  Licensee has the right to distribute object form
+# only for use with RTI products.  The Software is provided "as is", with no
+# warranty of any type, including any warranty for fitness for any purpose.
+# RTI is under no obligation to maintain or support the Software.  RTI shall
+# not be liable for any incidental or consequential damages arising out of the
+# use or inability to use the software.
+#
+cmake_minimum_required(VERSION 3.11)
+project(rtiexamples-cds-lws)
+list(APPEND CMAKE_MODULE_PATH
+    "${CMAKE_CURRENT_SOURCE_DIR}/../../../../resources/cmake/Modules"
+)
+include(ConnextDdsConfigureCmakeUtils)
+connextdds_configure_cmake_utils()
+
+# Include ConnextDdsAddExample.cmake from resources/cmake
+include(ConnextDdsAddExample)
+
+connextdds_add_example(
+    IDL "CDS"
+    LANG "C++11"
+)
+
+file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/USER_QOS_PROFILES.xml" DESTINATION "${CMAKE_CURRENT_BINARY_DIR}")
+file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/../cds.xml" DESTINATION "${CMAKE_CURRENT_BINARY_DIR}")

examples/connext_secure/cds/c++11/README.md

@@ -0,0 +1,51 @@
+# Example Code: Lightweight Security with Cloud Discovery Service
+
+## Building the Example
+
+Remember to set your environment variables with the script in your Connext
+installation directory before building.
+
+```sh
+cd c++11/
+mkdir build
+cd build
+cmake ..
+cmake --build .
+```
+
+Note: The build process also copies USER_QOS_PROFILES.xml into the build
+directory to ensure that it is loaded when you run the examples within the build
+directory.
+
+## Running the example
+
+This example is based on a standard rtiddsgen publisher and subscriber example
+code and a basic Cloud Discovery Service configuration. Initial peers are set up
+so that communication can only happen in the presence of Cloud Discovery
+Service, and in particular the secure CDS configuration profile.
+A Wireshark capture is supplied as part of the example.
+
+Run the publisher and subscriber in separate terminal windows.
+
+```sh
+./CDS_publisher
+```
+
+```sh
+./CDS_subscriber
+```
+
+Then, start Cloud Discovery Service (in a different terminal) using the
+`rticlouddiscoveryservice` script from your installation directory. Configure
+CDS by passing the `-cfgFile cds.xml -cfgName secure_cds` options to the
+application. You can also use the `insecure_cds` profile to compare the
+Wireshark output without lightweight security. Optionally, generate a Wireshark capture.
+
+```sh
+rticlouddiscoveryservice -cfgFile cds.xml -cfgName secure_cds
+```
+
+To filter traffic going to CDS in Wireshark, use udp.dstport == 9999. To filter
+traffic relayed by CDS, use rtps.flag.cloud_discovery_service_announcer == 1.
+You will that all traffic is SIGNED when using the secure configuration.
+This means that the secure prefix and postfix are present for all Data(p)s.