security-context -> enclave (#198)

Signed-off-by: Mikael Arguedas <[email protected]>
ros2 · Apr 13, 2020 · ebc1885 · ebc1885
1 parent 4ea3858
commit ebc1885
Show file tree

Hide file tree

Showing 24 changed files with 134 additions and 134 deletions.
diff --git a/sros2/setup.py b/sros2/setup.py
@@ -66,7 +66,7 @@ def package_files(directory):
             ':CreatePermissionVerb',
             'generate_artifacts = sros2.verb.generate_artifacts:GenerateArtifactsVerb',
             # TODO(ivanpauno): Reactivate this after having a way to introspect
-            # security context names in rclpy.
+            # enclave names in rclpy.
             # Related with https://github.com/ros2/rclpy/issues/529.
             # 'generate_policy = sros2.verb.generate_policy:GeneratePolicyVerb',
             'list_keys = sros2.verb.list_keys:ListKeysVerb',

diff --git a/sros2/sros2/api/_artifact_generation.py b/sros2/sros2/api/_artifact_generation.py
@@ -32,9 +32,9 @@ def generate_artifacts(keystore_path=None, identity_names=[], policy_files=[]):
             return False
     for policy_file in policy_files:
         policy_tree = load_policy(policy_file)
-        contexts_element = policy_tree.find('contexts')
-        for context in contexts_element:
-            identity_name = context.get('path')
+        enclaves_element = policy_tree.find('enclaves')
+        for enclave in enclaves_element:
+            identity_name = enclave.get('path')
             if identity_name not in identity_names:
                 if not _key.create_key(keystore_path, identity_name):
                     return False

diff --git a/sros2/sros2/api/_key.py b/sros2/sros2/api/_key.py
@@ -37,7 +37,7 @@ def create_key(keystore_path, identity):
     print("creating key for identity: '%s'" % identity)
 
     relative_path = os.path.normpath(identity.lstrip('/'))
-    key_dir = os.path.join(_keystore.get_keystore_context_dir(keystore_path), relative_path)
+    key_dir = os.path.join(_keystore.get_keystore_enclaves_dir(keystore_path), relative_path)
     os.makedirs(key_dir, exist_ok=True)
 
     # symlink the CA cert in there
@@ -51,7 +51,7 @@ def create_key(keystore_path, identity):
 
     # symlink the governance file in there
     keystore_governance_path = os.path.join(
-        _keystore.get_keystore_context_dir(keystore_path), 'governance.p7s')
+        _keystore.get_keystore_enclaves_dir(keystore_path), 'governance.p7s')
     dest_governance_path = os.path.join(key_dir, 'governance.p7s')
     relativepath = os.path.relpath(keystore_governance_path, key_dir)
     _utilities.create_symlink(src=relativepath, dst=dest_governance_path)
@@ -79,8 +79,8 @@ def create_key(keystore_path, identity):
     # later using a policy if desired
     policy_file_path = get_policy_default('policy.xml')
     policy_element = _policy.get_policy('/', policy_file_path)
-    context_element = policy_element.find('contexts/context')
-    context_element.attrib['path'] = identity
+    enclave_element = policy_element.find('enclaves/enclave')
+    enclave_element.attrib['path'] = identity
 
     permissions_path = os.path.join(key_dir, 'permissions.xml')
     _permission.create_permission_file(permissions_path, _utilities.domain_id(), policy_element)
@@ -99,19 +99,19 @@ def create_key(keystore_path, identity):
 
 
 def list_keys(keystore_path):
-    contexts_path = _keystore.get_keystore_context_dir(keystore_path)
+    enclaves_path = _keystore.get_keystore_enclaves_dir(keystore_path)
     if not os.path.isdir(keystore_path):
         raise FileNotFoundError(errno.ENOENT, os.strerror(errno.ENOENT), keystore_path)
-    if not os.path.isdir(contexts_path):
+    if not os.path.isdir(enclaves_path):
         return True
-    for name in os.listdir(contexts_path):
-        if os.path.isdir(os.path.join(contexts_path, name)):
+    for name in os.listdir(enclaves_path):
+        if os.path.isdir(os.path.join(enclaves_path, name)):
             print(name)
     return True
 
 
 def _is_key_name_valid(name):
-    # TODO(ivanpauno): Use validate_security_context_name when it's propagated to `rclpy`.
+    # TODO(ivanpauno): Use validate_enclave_name when it's propagated to `rclpy`.
     #   This is not to bad for the moment.
     #   Related with https://github.com/ros2/rclpy/issues/528.
     try:

diff --git a/sros2/sros2/api/_keystore.py b/sros2/sros2/api/_keystore.py
@@ -24,7 +24,7 @@
 from . import _utilities
 
 
-_KS_CONTEXT = 'contexts'
+_KS_ENCLAVES = 'enclaves'
 _KS_PUBLIC = 'public'
 _KS_PRIVATE = 'private'
 _DEFAULT_COMMON_NAME = 'sros2testCA'
@@ -40,7 +40,7 @@ def create_keystore(keystore_path):
     os.makedirs(keystore_path, exist_ok=True)
     os.makedirs(os.path.join(keystore_path, _KS_PUBLIC), exist_ok=True)
     os.makedirs(os.path.join(keystore_path, _KS_PRIVATE), exist_ok=True)
-    os.makedirs(os.path.join(keystore_path, _KS_CONTEXT), exist_ok=True)
+    os.makedirs(os.path.join(keystore_path, _KS_ENCLAVES), exist_ok=True)
 
     keystore_ca_cert_path = os.path.join(keystore_path, _KS_PUBLIC, 'ca.cert.pem')
     keystore_ca_key_path = os.path.join(keystore_path, _KS_PRIVATE, 'ca.key.pem')
@@ -72,15 +72,15 @@ def create_keystore(keystore_path):
         print('found CA key and cert, not creating new ones!')
 
     # create governance file
-    gov_path = os.path.join(keystore_path, _KS_CONTEXT, 'governance.xml')
+    gov_path = os.path.join(keystore_path, _KS_ENCLAVES, 'governance.xml')
     if not os.path.isfile(gov_path):
         print('creating governance file: %s' % gov_path)
         _create_governance_file(gov_path, _utilities.domain_id())
     else:
         print('found governance file, not creating a new one!')
 
     # sign governance file
-    signed_gov_path = os.path.join(keystore_path, _KS_CONTEXT, 'governance.p7s')
+    signed_gov_path = os.path.join(keystore_path, _KS_ENCLAVES, 'governance.p7s')
     if not os.path.isfile(signed_gov_path):
         print('creating signed governance file: %s' % signed_gov_path)
         _utilities.create_smime_signed_file(
@@ -102,12 +102,12 @@ def is_valid_keystore(path):
         os.path.isfile(os.path.join(path, _KS_PUBLIC, 'identity_ca.cert.pem')) and
         os.path.isfile(os.path.join(path, _KS_PRIVATE, 'permissions_ca.key.pem')) and
         os.path.isfile(os.path.join(path, _KS_PRIVATE, 'identity_ca.key.pem')) and
-        os.path.isfile(os.path.join(path, _KS_CONTEXT, 'governance.p7s'))
+        os.path.isfile(os.path.join(path, _KS_ENCLAVES, 'governance.p7s'))
     )
 
 
-def get_keystore_context_dir(keystore_path: str) -> str:
-    return os.path.join(keystore_path, _KS_CONTEXT)
+def get_keystore_enclaves_dir(keystore_path: str) -> str:
+    return os.path.join(keystore_path, _KS_ENCLAVES)
 
 
 def get_keystore_public_dir(keystore_path: str) -> str:

diff --git a/sros2/sros2/api/_permission.py b/sros2/sros2/api/_permission.py
@@ -34,7 +34,7 @@ def create_permission(keystore_path, identity, policy_file_path):
 
 def create_permissions_from_policy_element(keystore_path, identity, policy_element):
     relative_path = os.path.normpath(identity.lstrip('/'))
-    key_dir = os.path.join(_keystore.get_keystore_context_dir(keystore_path), relative_path)
+    key_dir = os.path.join(_keystore.get_keystore_enclaves_dir(keystore_path), relative_path)
     print("creating permission file for identity: '%s'" % identity)
     permissions_path = os.path.join(key_dir, 'permissions.xml')
     create_permission_file(permissions_path, _utilities.domain_id(), policy_element)

diff --git a/sros2/sros2/api/_policy.py b/sros2/sros2/api/_policy.py
@@ -23,12 +23,12 @@ def get_policy(name, policy_file_path):
 
 
 def get_policy_from_tree(name, policy_tree):
-    context_element = policy_tree.find(
-        path=f'contexts/context[@path="{name}"]')
-    if context_element is None:
-        raise RuntimeError(f'unable to find context "{name}"')
-    contexts_element = etree.Element('contexts')
-    contexts_element.append(context_element)
+    enclave_element = policy_tree.find(
+        path=f'enclaves/enclave[@path="{name}"]')
+    if enclave_element is None:
+        raise RuntimeError(f'unable to find enclave "{name}"')
+    enclaves_element = etree.Element('enclaves')
+    enclaves_element.append(enclave_element)
     policy_element = etree.Element('policy')
-    policy_element.append(contexts_element)
+    policy_element.append(enclaves_element)
     return policy_element
diff --git a/sros2/sros2/policy/defaults/policy.xml b/sros2/sros2/policy/defaults/policy.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <policy version="0.2.0"
   xmlns:xi="http://www.w3.org/2001/XInclude">
-  <contexts>
-    <context path="/">
+  <enclaves>
+    <enclave path="/">
       <profiles>
         <profile ns="/" node="default">
           <topics publish="ALLOW" subscribe="ALLOW">
@@ -16,6 +16,6 @@
           </actions>
         </profile>
       </profiles>
-    </context>
-  </contexts>
+    </enclave>
+  </enclaves>
 </policy>
diff --git a/sros2/sros2/policy/schemas/policy.xsd b/sros2/sros2/policy/schemas/policy.xsd
@@ -10,18 +10,18 @@
     <xs:element name="policy" type="Policy" />
     <xs:complexType name="Policy">
         <xs:sequence minOccurs="1" maxOccurs="1">
-            <xs:element name="contexts" type="Contexts" />
+            <xs:element name="enclaves" type="Enclaves" />
         </xs:sequence>
         <xs:attribute name="version" type="xs:string" use="required" fixed="0.2.0"/>
     </xs:complexType>
 
-    <xs:complexType name="Contexts">
+    <xs:complexType name="Enclaves">
         <xs:sequence minOccurs="1" maxOccurs="unbounded">
-            <xs:element name="context" type="Context" />
+            <xs:element name="enclave" type="Enclave" />
         </xs:sequence>
     </xs:complexType>
 
-    <xs:complexType name="Context">
+    <xs:complexType name="Enclave">
         <xs:sequence minOccurs="1" maxOccurs="unbounded">
             <xs:element name="profiles" type="Profiles" />
         </xs:sequence>

diff --git a/sros2/sros2/policy/templates/dds/permissions.xsl b/sros2/sros2/policy/templates/dds/permissions.xsl
@@ -22,12 +22,12 @@
 
 <xsl:param name="allow_ros_discovery_topic" select="0"/>
 
-<xsl:template match="/policy/contexts">
+<xsl:template match="/policy/enclaves">
   <xsl:variable name="dds">
     <dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:noNamespaceSchemaLocation="http://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd">
       <permissions>
-        <xsl:for-each select="context">
+        <xsl:for-each select="enclave">
           <xsl:variable name="common_name">
             <xsl:value-of select="@path"/>
           </xsl:variable>

diff --git a/sros2/sros2/verb/create_key.py b/sros2/sros2/verb/create_key.py
@@ -28,7 +28,7 @@ class CreateKeyVerb(VerbExtension):
     def add_arguments(self, parser, cli_name):
         arg = parser.add_argument('ROOT', help='root path of keystore')
         arg.completer = DirectoriesCompleter()
-        parser.add_argument('NAME', help='key name, aka ROS security context name')
+        parser.add_argument('NAME', help='key name, aka ROS enclave name')
 
     def main(self, *, args):
         success = _key.create_key(args.ROOT, args.NAME)

diff --git a/sros2/sros2/verb/create_permission.py b/sros2/sros2/verb/create_permission.py
@@ -33,7 +33,7 @@ class CreatePermissionVerb(VerbExtension):
     def add_arguments(self, parser, cli_name):
         arg = parser.add_argument('ROOT', help='root path of keystore')
         arg.completer = DirectoriesCompleter()
-        parser.add_argument('NAME', help='key name, aka ROS security context name')
+        parser.add_argument('NAME', help='key name, aka ROS enclave name')
         arg = parser.add_argument(
             'POLICY_FILE_PATH', help='path of the policy xml file')
         arg.completer = FilesCompleter(

diff --git a/sros2/sros2/verb/generate_artifacts.py b/sros2/sros2/verb/generate_artifacts.py
@@ -34,8 +34,8 @@ def add_arguments(self, parser, cli_name):
         arg = parser.add_argument('-k', '--keystore-root-path', help='root path of keystore')
         arg.completer = DirectoriesCompleter()
         parser.add_argument(
-            '-c', '--security-contexts', nargs='*', default=[],
-            help='list of identities, aka ROS security contexts names')
+            '-e', '--enclaves', nargs='*', default=[],
+            help='list of identities, aka ROS security enclave names')
         arg = parser.add_argument(
             '-p', '--policy-files', nargs='*', default=[],
             help='list of policy xml file paths')
@@ -45,7 +45,7 @@ def add_arguments(self, parser, cli_name):
     def main(self, *, args):
         try:
             success = _artifact_generation.generate_artifacts(
-                args.keystore_root_path, args.security_contexts, args.policy_files)
+                args.keystore_root_path, args.enclaves, args.policy_files)
         except FileNotFoundError as e:
             raise RuntimeError(str(e))
         return 0 if success else 1
diff --git a/sros2/test/policies/add_two_ints.policy.xml b/sros2/test/policies/add_two_ints.policy.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <policy version="0.2.0"
   xmlns:xi="http://www.w3.org/2001/XInclude">
-  <contexts>
-    <context path="/add_two_ints/add_two_ints_server">
+  <enclaves>
+    <enclave path="/add_two_ints/add_two_ints_server">
       <profiles>
         <profile ns="/" node="add_two_ints_server">
           <xi:include href="common/node.xml"
@@ -12,8 +12,8 @@
           </services>
         </profile>
       </profiles>
-    </context>
-    <context path="/add_two_ints/add_two_ints_client">
+    </enclave>
+    <enclave path="/add_two_ints/add_two_ints_client">
       <profiles>
         <profile ns="/" node="add_two_ints_client">
           <xi:include href="common/node.xml"
@@ -23,6 +23,6 @@
           </services>
         </profile>
       </profiles>
-    </context>
-  </contexts>
+    </enclave>
+  </enclaves>
 </policy>
diff --git a/sros2/test/policies/minimal_action.policy.xml b/sros2/test/policies/minimal_action.policy.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <policy version="0.2.0"
   xmlns:xi="http://www.w3.org/2001/XInclude">
-  <contexts>
-    <context path="/minimal_action/minimal_action_server">
+  <enclaves>
+    <enclave path="/minimal_action/minimal_action_server">
       <profiles>
         <profile ns="/" node="minimal_action_server">
           <xi:include href="common/node.xml"
@@ -12,8 +12,8 @@
           </actions>
         </profile>
       </profiles>
-    </context>
-    <context path="/minimal_action/minimal_action_client">
+    </enclave>
+    <enclave path="/minimal_action/minimal_action_client">
       <profiles>
         <profile ns="/" node="minimal_action_client">
           <xi:include href="common/node.xml"
@@ -23,6 +23,6 @@
           </actions>
         </profile>
       </profiles>
-    </context>
-  </contexts>
+    </enclave>
+  </enclaves>
 </policy>
diff --git a/sros2/test/policies/permissions/single_context/permissions.xml b/sros2/test/policies/permissions/single_context/permissions.xml
@@ -1,7 +1,7 @@
 <dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd">
   <permissions>
-    <grant name="/single_context">
-      <subject_name>CN=/single_context</subject_name>
+    <grant name="/single_enclave">
+      <subject_name>CN=/single_enclave</subject_name>
       <validity>
         <not_before>2013-10-26T00:00:00</not_before>
         <not_after>2023-10-26T22:45:30</not_after>

diff --git a/sros2/test/policies/sample.policy.xml b/sros2/test/policies/sample.policy.xml
@@ -1,14 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <policy version="0.2.0"
   xmlns:xi="http://www.w3.org/2001/XInclude">
-  <contexts>
+  <enclaves>
     <xi:include href="talker_listener.policy.xml"
-      xpointer="xpointer(/policy/contexts/*)"/>
+      xpointer="xpointer(/policy/enclaves/*)"/>
     <xi:include href="add_two_ints.policy.xml"
-      xpointer="xpointer(/policy/contexts/*)"/>
+      xpointer="xpointer(/policy/enclaves/*)"/>
     <xi:include href="minimal_action.policy.xml"
-      xpointer="xpointer(/policy/contexts/*)"/>
-    <context path="/sample_policy/admin">
+      xpointer="xpointer(/policy/enclaves/*)"/>
+    <enclave path="/sample_policy/admin">
       <profiles>
         <profile ns="/" node="admin">
           <xi:include href="common/node.xml"
@@ -24,6 +24,6 @@
           </topics>
         </profile>
       </profiles>
-    </context>
-  </contexts>
+    </enclave>
+  </enclaves>
 </policy>
diff --git a/sros2/test/policies/single_context.policy.xml b/sros2/test/policies/single_context.policy.xml
@@ -1,16 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <policy version="0.2.0"
   xmlns:xi="http://www.w3.org/2001/XInclude">
-  <contexts>
-    <context path="/single_context">
+  <enclaves>
+    <enclave path="/single_enclave">
       <profiles>
         <xi:include href="talker_listener.policy.xml"
-          xpointer="xpointer(/policy/contexts/context/profiles/*)"/>
+          xpointer="xpointer(/policy/enclaves/enclave/profiles/*)"/>
         <xi:include href="add_two_ints.policy.xml"
-          xpointer="xpointer(/policy/contexts/context/profiles/*)"/>
+          xpointer="xpointer(/policy/enclaves/enclave/profiles/*)"/>
         <xi:include href="minimal_action.policy.xml"
-          xpointer="xpointer(/policy/contexts/context/profiles/*)"/>
+          xpointer="xpointer(/policy/enclaves/enclave/profiles/*)"/>
       </profiles>
-    </context>
-  </contexts>
+    </enclave>
+  </enclaves>
 </policy>