AccessControl.h 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
  1. // Copyright 2018 Proyectos y Sistemas de Mantenimiento SL (eProsima).
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. /*!
  15. * @file AccessControl.h
  16. */
  17. #ifndef _FASTDDS_RTPS_SECURITY_ACCESSCONTROL_ACCESSCONTROL_H_
  18. #define _FASTDDS_RTPS_SECURITY_ACCESSCONTROL_ACCESSCONTROL_H_
  19. #include <fastdds/rtps/security/common/Handle.h>
  20. #include <fastdds/rtps/common/Token.h>
  21. namespace eprosima {
  22. namespace fastrtps {
  23. namespace rtps {
  24. class RTPSParticipantAttributes;
  25. class ParticipantProxyData;
  26. class WriterProxyData;
  27. class ReaderProxyData;
  28. namespace security {
  29. class Authentication;
  30. class SecurityException;
  31. struct ParticipantSecurityAttributes;
  32. struct EndpointSecurityAttributes;
  33. class Logging;
  34. class AccessControl
  35. {
  36. public:
  37. virtual ~AccessControl() = default;
  38. virtual PermissionsHandle* validate_local_permissions(
  39. Authentication& auth_plugin,
  40. const IdentityHandle& identity,
  41. const uint32_t domain_id,
  42. const RTPSParticipantAttributes& participant_attr,
  43. SecurityException& exception) = 0;
  44. virtual bool get_permissions_token(
  45. PermissionsToken** permissions_token,
  46. const PermissionsHandle& handle,
  47. SecurityException& exception) = 0;
  48. virtual bool return_permissions_token(
  49. PermissionsToken* token,
  50. SecurityException& exception) = 0;
  51. virtual bool get_permissions_credential_token(
  52. PermissionsCredentialToken** permissions_credential_token,
  53. const PermissionsHandle& handle,
  54. SecurityException& exception) = 0;
  55. virtual bool return_permissions_credential_token(
  56. PermissionsCredentialToken* token,
  57. SecurityException& exception) = 0;
  58. virtual bool return_permissions_handle(
  59. PermissionsHandle* permissions_handle,
  60. SecurityException& exception) = 0;
  61. virtual PermissionsHandle* validate_remote_permissions(
  62. Authentication& auth_plugin,
  63. const IdentityHandle& local_identity_handle,
  64. const PermissionsHandle& local_permissions_handle,
  65. const IdentityHandle& remote_identity_handle,
  66. const PermissionsToken& remote_permissions_token,
  67. const PermissionsCredentialToken& remote_credential_token,
  68. SecurityException& exception) = 0;
  69. virtual bool check_create_participant(
  70. const PermissionsHandle& local_handle,
  71. const uint32_t domain_id,
  72. const RTPSParticipantAttributes& qos,
  73. SecurityException& exception) = 0;
  74. virtual bool check_remote_participant(
  75. const PermissionsHandle& remote_handle,
  76. const uint32_t domain_id,
  77. const ParticipantProxyData&,
  78. SecurityException& exception) = 0;
  79. //TODO (Ricardo) Future
  80. /*
  81. virtual bool check_create_datawriter(const PermissionsHandle& local_handle,
  82. const uint32_t domain_id, const std::string& topic_name,
  83. const WriterQos& qos, const PartitionQosPolicy& partition,
  84. SecurityException& exception) = 0;
  85. virtual bool check_create_datareader(const PermissionsHandle& local_handle,
  86. const uint32_t domain_id, const std::string& topic_name,
  87. const ReaderQos& qos, const PartitionQosPolicy& partition,
  88. SecurityException& exception) = 0;
  89. */
  90. virtual bool check_create_datawriter(
  91. const PermissionsHandle& local_handle,
  92. const uint32_t domain_id,
  93. const std::string& topic_name,
  94. const std::vector<std::string>& partitions,
  95. SecurityException& exception) = 0;
  96. virtual bool check_create_datareader(
  97. const PermissionsHandle& local_handle,
  98. const uint32_t domain_id,
  99. const std::string& topic_name,
  100. const std::vector<std::string>& partitions,
  101. SecurityException& exception) = 0;
  102. virtual bool check_remote_datawriter(
  103. const PermissionsHandle& remote_handle,
  104. const uint32_t domain_id,
  105. const WriterProxyData& publication_data,
  106. SecurityException& exception) = 0;
  107. virtual bool check_remote_datareader(
  108. const PermissionsHandle& remote_handle,
  109. const uint32_t domain_id,
  110. const ReaderProxyData& subscription_data,
  111. bool& relay_only,
  112. SecurityException& exception) = 0;
  113. virtual bool get_participant_sec_attributes(
  114. const PermissionsHandle& local_handle,
  115. ParticipantSecurityAttributes& attributes,
  116. SecurityException& exception) = 0;
  117. virtual bool get_datawriter_sec_attributes(
  118. const PermissionsHandle& permissions_handle,
  119. const std::string& topic_name,
  120. const std::vector<std::string>& partitions,
  121. EndpointSecurityAttributes& attributes,
  122. SecurityException& exception) = 0;
  123. virtual bool get_datareader_sec_attributes(
  124. const PermissionsHandle& permissions_handle,
  125. const std::string& topic_name,
  126. const std::vector<std::string>& partitions,
  127. EndpointSecurityAttributes& attributes,
  128. SecurityException& exception) = 0;
  129. bool set_logger(
  130. Logging* logger,
  131. SecurityException& /*exception*/)
  132. {
  133. logger_ = logger;
  134. return true;
  135. }
  136. protected:
  137. const Logging* get_logger()
  138. {
  139. return logger_;
  140. }
  141. private:
  142. Logging* logger_ = nullptr;
  143. };
  144. } //namespace security
  145. } //namespace rtps
  146. } //namespace fastrtps
  147. } //namespace eprosima
  148. #endif // _FASTDDS_RTPS_SECURITY_ACCESSCONTROL_ACCESSCONTROL_H_