diff --git a/rmw_dds_common/include/rmw_dds_common/security.hpp b/rmw_dds_common/include/rmw_dds_common/security.hpp index 3b9f0f5..fb3b14d 100644 --- a/rmw_dds_common/include/rmw_dds_common/security.hpp +++ b/rmw_dds_common/include/rmw_dds_common/security.hpp @@ -52,6 +52,38 @@ bool get_security_files( const std::string & prefix, const std::string & secure_root, std::unordered_map & result); +/// Get the set of security files in a security enclave. +/** + * This function will look through the passed in 'secure root' + * for a set of required filenames that must be in the enclave. + * If any of the required filenames are missing, the 'result' + * will be empty and the function will return false. + * If all of the required filenames are present, then this function + * will fill in the 'result' map with a key-value pair of + * friendy name -> filename. If the prefix is not empty, then + * the prefix will be applied to the filename. + * + * The friendly names that this function will currently fill in are: + * IDENTITY_CA + * CERTIFICATE + * PRIVATE_KEY + * PERMISSIONS_CA + * GOVERNANCE + * PERMISSIONS + * + * \param[in] supports_pkcs11 Whether the RMW has support for PKCS#11 URIs. + * \param[in] prefix An optional prefix to apply to the filenames when storing them. + * \param[in] secure_root The path to the security enclave to look at. + * \param[out] result The map where the friendly name -> filename pairs are stored. + * \return `true` if all required files exist in the security enclave, `false` otherwise. + */ +RMW_DDS_COMMON_PUBLIC +bool get_security_files( + bool supports_pkcs11, + const std::string & prefix, + const std::string & secure_root, + std::unordered_map & result); + } // namespace rmw_dds_common #endif // RMW_DDS_COMMON__SECURITY_HPP_ diff --git a/rmw_dds_common/src/security.cpp b/rmw_dds_common/src/security.cpp index d385449..1c14164 100644 --- a/rmw_dds_common/src/security.cpp +++ b/rmw_dds_common/src/security.cpp @@ -25,6 +25,14 @@ namespace rmw_dds_common bool get_security_files( const std::string & prefix, const std::string & secure_root, std::unordered_map & result) +{ + return get_security_files(false, prefix, secure_root, result); +} + +bool get_security_files( + bool /* supports_pkcs11 */, + const std::string & prefix, const std::string & secure_root, + std::unordered_map & result) { const std::unordered_map required_files{ {"IDENTITY_CA", "identity_ca.cert.pem"},