File security_types.hpp
File List > astutedds > security > security_types.hpp
Go to the documentation of this file
//
// Copyright (c) 2026, Astute Systems PTY LTD
//
// This file is part of the Astute DDS developed by Astute Systems.
//
// See the commercial LICENSE file in the project root for full license details.
//
#pragma once
#include <chrono>
#include <cstdint>
#include <memory>
#include <string>
#include <vector>
namespace astutedds::security
{
// Security exception types
enum class SecurityErrorKind : uint32_t
{
OK = 0,
INVALID_PARAMETER,
UNSUPPORTED_OPERATION,
ALREADY_EXISTS,
NOT_FOUND,
PRECONDITION_NOT_MET,
RESOURCES_EXHAUSTED,
INVALID_CRYPTO_HANDLE,
INVALID_IDENTITY_HANDLE,
INVALID_PERMISSION_HANDLE,
AUTHENTICATION_FAILED,
AUTHORIZATION_FAILED,
CRYPTO_ERROR,
CERTIFICATE_VALIDATION_FAILED,
SIGNATURE_VERIFICATION_FAILED,
DECRYPTION_FAILED,
ENCRYPTION_FAILED,
UNKNOWN_ERROR
};
// Security exception
struct SecurityException
{
SecurityErrorKind kind{SecurityErrorKind::OK};
std::string message;
SecurityException() = default;
SecurityException(SecurityErrorKind k, std::string msg) : kind(k), message(std::move(msg)) {}
bool is_ok() const { return kind == SecurityErrorKind::OK; }
};
// Opaque handles for security objects
using IdentityHandle = int64_t;
using PermissionsHandle = int64_t;
using CryptoHandle = int64_t;
using ParticipantCryptoHandle = CryptoHandle;
using DatawriterCryptoHandle = CryptoHandle;
using DatareaderCryptoHandle = CryptoHandle;
constexpr IdentityHandle INVALID_IDENTITY_HANDLE = -1;
constexpr PermissionsHandle INVALID_PERMISSIONS_HANDLE = -1;
constexpr CryptoHandle INVALID_CRYPTO_HANDLE = -1;
// Property QoS for plugin configuration
struct Property
{
std::string name;
std::string value;
bool propagate{false};
};
using PropertySeq = std::vector<Property>;
// Binary property (for non-string data)
struct BinaryProperty
{
std::string name;
std::vector<uint8_t> value;
bool propagate{false};
};
using BinaryPropertySeq = std::vector<BinaryProperty>;
// Security token (used for authentication and crypto)
struct Token
{
std::string class_id;
PropertySeq properties;
BinaryPropertySeq binary_properties;
};
using TokenSeq = std::vector<Token>;
// Participant security attributes
struct ParticipantSecurityAttributes
{
bool allow_unauthenticated_participants{false};
bool is_access_protected{true};
bool is_rtps_protected{true};
bool is_discovery_protected{true};
bool is_liveliness_protected{true};
};
// Endpoint security attributes
struct EndpointSecurityAttributes
{
bool is_submessage_protected{false};
bool is_payload_protected{false};
bool is_key_protected{false};
bool is_liveliness_protected{false};
bool is_discovery_protected{false};
};
// Security configuration
struct SecurityConfig
{
// Authentication plugin configuration
PropertySeq auth_properties;
// Access control plugin configuration
PropertySeq access_control_properties;
// Crypto plugin configuration
PropertySeq crypto_properties;
// Logging configuration
PropertySeq logging_properties;
// Enable/disable security features
bool enable_authentication{true};
bool enable_access_control{true};
bool enable_encryption{true};
bool enable_signing{true};
bool enable_logging{true};
};
// Certificate/key data
struct CertificateCredentials
{
std::string identity_certificate;
std::string identity_ca;
std::string private_key;
std::string password;
};
// Permissions data
struct PermissionsCredentials
{
std::string permissions_document;
std::string permissions_ca;
std::string governance_document;
};
// Domain governance rule
struct DomainGovernanceRule
{
uint32_t domain_id{0};
bool enable_join_access_control{true};
bool discovery_protection_kind{false}; // false=NONE, true=SIGN
bool liveliness_protection_kind{false};
bool rtps_protection_kind{false};
};
// Topic access rule
struct TopicAccessRule
{
std::string topic_expression;
std::vector<uint32_t> domain_ids;
bool publish_allowed{true};
bool subscribe_allowed{true};
bool relay_allowed{true};
bool metadata_protection_kind{false}; // false=NONE, true=ENCRYPT
bool data_protection_kind{false};
};
} // namespace astutedds::security