diff --git a/sros2/setup.py b/sros2/setup.py
index 29f6f3b1..98f0746d 100644
--- a/sros2/setup.py
+++ b/sros2/setup.py
@@ -66,7 +66,7 @@ def package_files(directory):
':CreatePermissionVerb',
'generate_artifacts = sros2.verb.generate_artifacts:GenerateArtifactsVerb',
# TODO(ivanpauno): Reactivate this after having a way to introspect
- # security context names in rclpy.
+ # enclave names in rclpy.
# Related with https://github.com/ros2/rclpy/issues/529.
# 'generate_policy = sros2.verb.generate_policy:GeneratePolicyVerb',
'list_keys = sros2.verb.list_keys:ListKeysVerb',
diff --git a/sros2/sros2/api/_artifact_generation.py b/sros2/sros2/api/_artifact_generation.py
index 85223e7c..5adef786 100644
--- a/sros2/sros2/api/_artifact_generation.py
+++ b/sros2/sros2/api/_artifact_generation.py
@@ -32,9 +32,9 @@ def generate_artifacts(keystore_path=None, identity_names=[], policy_files=[]):
return False
for policy_file in policy_files:
policy_tree = load_policy(policy_file)
- contexts_element = policy_tree.find('contexts')
- for context in contexts_element:
- identity_name = context.get('path')
+ enclaves_element = policy_tree.find('enclaves')
+ for enclave in enclaves_element:
+ identity_name = enclave.get('path')
if identity_name not in identity_names:
if not _key.create_key(keystore_path, identity_name):
return False
diff --git a/sros2/sros2/api/_key.py b/sros2/sros2/api/_key.py
index 1bcea88d..3f984c0d 100644
--- a/sros2/sros2/api/_key.py
+++ b/sros2/sros2/api/_key.py
@@ -37,7 +37,7 @@ def create_key(keystore_path, identity):
print("creating key for identity: '%s'" % identity)
relative_path = os.path.normpath(identity.lstrip('/'))
- key_dir = os.path.join(_keystore.get_keystore_context_dir(keystore_path), relative_path)
+ key_dir = os.path.join(_keystore.get_keystore_enclaves_dir(keystore_path), relative_path)
os.makedirs(key_dir, exist_ok=True)
# symlink the CA cert in there
@@ -51,7 +51,7 @@ def create_key(keystore_path, identity):
# symlink the governance file in there
keystore_governance_path = os.path.join(
- _keystore.get_keystore_context_dir(keystore_path), 'governance.p7s')
+ _keystore.get_keystore_enclaves_dir(keystore_path), 'governance.p7s')
dest_governance_path = os.path.join(key_dir, 'governance.p7s')
relativepath = os.path.relpath(keystore_governance_path, key_dir)
_utilities.create_symlink(src=relativepath, dst=dest_governance_path)
@@ -79,8 +79,8 @@ def create_key(keystore_path, identity):
# later using a policy if desired
policy_file_path = get_policy_default('policy.xml')
policy_element = _policy.get_policy('/', policy_file_path)
- context_element = policy_element.find('contexts/context')
- context_element.attrib['path'] = identity
+ enclave_element = policy_element.find('enclaves/enclave')
+ enclave_element.attrib['path'] = identity
permissions_path = os.path.join(key_dir, 'permissions.xml')
_permission.create_permission_file(permissions_path, _utilities.domain_id(), policy_element)
@@ -99,19 +99,19 @@ def create_key(keystore_path, identity):
def list_keys(keystore_path):
- contexts_path = _keystore.get_keystore_context_dir(keystore_path)
+ enclaves_path = _keystore.get_keystore_enclaves_dir(keystore_path)
if not os.path.isdir(keystore_path):
raise FileNotFoundError(errno.ENOENT, os.strerror(errno.ENOENT), keystore_path)
- if not os.path.isdir(contexts_path):
+ if not os.path.isdir(enclaves_path):
return True
- for name in os.listdir(contexts_path):
- if os.path.isdir(os.path.join(contexts_path, name)):
+ for name in os.listdir(enclaves_path):
+ if os.path.isdir(os.path.join(enclaves_path, name)):
print(name)
return True
def _is_key_name_valid(name):
- # TODO(ivanpauno): Use validate_security_context_name when it's propagated to `rclpy`.
+ # TODO(ivanpauno): Use validate_enclave_name when it's propagated to `rclpy`.
# This is not to bad for the moment.
# Related with https://github.com/ros2/rclpy/issues/528.
try:
diff --git a/sros2/sros2/api/_keystore.py b/sros2/sros2/api/_keystore.py
index 3f75176c..38f00556 100644
--- a/sros2/sros2/api/_keystore.py
+++ b/sros2/sros2/api/_keystore.py
@@ -24,7 +24,7 @@
from . import _utilities
-_KS_CONTEXT = 'contexts'
+_KS_ENCLAVES = 'enclaves'
_KS_PUBLIC = 'public'
_KS_PRIVATE = 'private'
_DEFAULT_COMMON_NAME = 'sros2testCA'
@@ -40,7 +40,7 @@ def create_keystore(keystore_path):
os.makedirs(keystore_path, exist_ok=True)
os.makedirs(os.path.join(keystore_path, _KS_PUBLIC), exist_ok=True)
os.makedirs(os.path.join(keystore_path, _KS_PRIVATE), exist_ok=True)
- os.makedirs(os.path.join(keystore_path, _KS_CONTEXT), exist_ok=True)
+ os.makedirs(os.path.join(keystore_path, _KS_ENCLAVES), exist_ok=True)
keystore_ca_cert_path = os.path.join(keystore_path, _KS_PUBLIC, 'ca.cert.pem')
keystore_ca_key_path = os.path.join(keystore_path, _KS_PRIVATE, 'ca.key.pem')
@@ -72,7 +72,7 @@ def create_keystore(keystore_path):
print('found CA key and cert, not creating new ones!')
# create governance file
- gov_path = os.path.join(keystore_path, _KS_CONTEXT, 'governance.xml')
+ gov_path = os.path.join(keystore_path, _KS_ENCLAVES, 'governance.xml')
if not os.path.isfile(gov_path):
print('creating governance file: %s' % gov_path)
_create_governance_file(gov_path, _utilities.domain_id())
@@ -80,7 +80,7 @@ def create_keystore(keystore_path):
print('found governance file, not creating a new one!')
# sign governance file
- signed_gov_path = os.path.join(keystore_path, _KS_CONTEXT, 'governance.p7s')
+ signed_gov_path = os.path.join(keystore_path, _KS_ENCLAVES, 'governance.p7s')
if not os.path.isfile(signed_gov_path):
print('creating signed governance file: %s' % signed_gov_path)
_utilities.create_smime_signed_file(
@@ -102,12 +102,12 @@ def is_valid_keystore(path):
os.path.isfile(os.path.join(path, _KS_PUBLIC, 'identity_ca.cert.pem')) and
os.path.isfile(os.path.join(path, _KS_PRIVATE, 'permissions_ca.key.pem')) and
os.path.isfile(os.path.join(path, _KS_PRIVATE, 'identity_ca.key.pem')) and
- os.path.isfile(os.path.join(path, _KS_CONTEXT, 'governance.p7s'))
+ os.path.isfile(os.path.join(path, _KS_ENCLAVES, 'governance.p7s'))
)
-def get_keystore_context_dir(keystore_path: str) -> str:
- return os.path.join(keystore_path, _KS_CONTEXT)
+def get_keystore_enclaves_dir(keystore_path: str) -> str:
+ return os.path.join(keystore_path, _KS_ENCLAVES)
def get_keystore_public_dir(keystore_path: str) -> str:
diff --git a/sros2/sros2/api/_permission.py b/sros2/sros2/api/_permission.py
index 7e9007eb..acd1c38c 100644
--- a/sros2/sros2/api/_permission.py
+++ b/sros2/sros2/api/_permission.py
@@ -34,7 +34,7 @@ def create_permission(keystore_path, identity, policy_file_path):
def create_permissions_from_policy_element(keystore_path, identity, policy_element):
relative_path = os.path.normpath(identity.lstrip('/'))
- key_dir = os.path.join(_keystore.get_keystore_context_dir(keystore_path), relative_path)
+ key_dir = os.path.join(_keystore.get_keystore_enclaves_dir(keystore_path), relative_path)
print("creating permission file for identity: '%s'" % identity)
permissions_path = os.path.join(key_dir, 'permissions.xml')
create_permission_file(permissions_path, _utilities.domain_id(), policy_element)
diff --git a/sros2/sros2/api/_policy.py b/sros2/sros2/api/_policy.py
index 0caafe19..4986f825 100644
--- a/sros2/sros2/api/_policy.py
+++ b/sros2/sros2/api/_policy.py
@@ -23,12 +23,12 @@ def get_policy(name, policy_file_path):
def get_policy_from_tree(name, policy_tree):
- context_element = policy_tree.find(
- path=f'contexts/context[@path="{name}"]')
- if context_element is None:
- raise RuntimeError(f'unable to find context "{name}"')
- contexts_element = etree.Element('contexts')
- contexts_element.append(context_element)
+ enclave_element = policy_tree.find(
+ path=f'enclaves/enclave[@path="{name}"]')
+ if enclave_element is None:
+ raise RuntimeError(f'unable to find enclave "{name}"')
+ enclaves_element = etree.Element('enclaves')
+ enclaves_element.append(enclave_element)
policy_element = etree.Element('policy')
- policy_element.append(contexts_element)
+ policy_element.append(enclaves_element)
return policy_element
diff --git a/sros2/sros2/policy/defaults/policy.xml b/sros2/sros2/policy/defaults/policy.xml
index e1bbfa73..e1b159fb 100644
--- a/sros2/sros2/policy/defaults/policy.xml
+++ b/sros2/sros2/policy/defaults/policy.xml
@@ -1,8 +1,8 @@
-
-
+
+
@@ -16,6 +16,6 @@
-
-
+
+
diff --git a/sros2/sros2/policy/schemas/policy.xsd b/sros2/sros2/policy/schemas/policy.xsd
index 09a28acb..da0e7c8f 100644
--- a/sros2/sros2/policy/schemas/policy.xsd
+++ b/sros2/sros2/policy/schemas/policy.xsd
@@ -10,18 +10,18 @@
-
+
-
+
-
+
-
+
diff --git a/sros2/sros2/policy/templates/dds/permissions.xsl b/sros2/sros2/policy/templates/dds/permissions.xsl
index 2c87370a..a6287bfb 100644
--- a/sros2/sros2/policy/templates/dds/permissions.xsl
+++ b/sros2/sros2/policy/templates/dds/permissions.xsl
@@ -22,12 +22,12 @@
-
+
-
+
diff --git a/sros2/sros2/verb/create_key.py b/sros2/sros2/verb/create_key.py
index d3491c08..60e9f662 100644
--- a/sros2/sros2/verb/create_key.py
+++ b/sros2/sros2/verb/create_key.py
@@ -28,7 +28,7 @@ class CreateKeyVerb(VerbExtension):
def add_arguments(self, parser, cli_name):
arg = parser.add_argument('ROOT', help='root path of keystore')
arg.completer = DirectoriesCompleter()
- parser.add_argument('NAME', help='key name, aka ROS security context name')
+ parser.add_argument('NAME', help='key name, aka ROS enclave name')
def main(self, *, args):
success = _key.create_key(args.ROOT, args.NAME)
diff --git a/sros2/sros2/verb/create_permission.py b/sros2/sros2/verb/create_permission.py
index 2f656d69..39b774b7 100644
--- a/sros2/sros2/verb/create_permission.py
+++ b/sros2/sros2/verb/create_permission.py
@@ -33,7 +33,7 @@ class CreatePermissionVerb(VerbExtension):
def add_arguments(self, parser, cli_name):
arg = parser.add_argument('ROOT', help='root path of keystore')
arg.completer = DirectoriesCompleter()
- parser.add_argument('NAME', help='key name, aka ROS security context name')
+ parser.add_argument('NAME', help='key name, aka ROS enclave name')
arg = parser.add_argument(
'POLICY_FILE_PATH', help='path of the policy xml file')
arg.completer = FilesCompleter(
diff --git a/sros2/sros2/verb/generate_artifacts.py b/sros2/sros2/verb/generate_artifacts.py
index 912eadcf..59cfacf5 100644
--- a/sros2/sros2/verb/generate_artifacts.py
+++ b/sros2/sros2/verb/generate_artifacts.py
@@ -34,8 +34,8 @@ def add_arguments(self, parser, cli_name):
arg = parser.add_argument('-k', '--keystore-root-path', help='root path of keystore')
arg.completer = DirectoriesCompleter()
parser.add_argument(
- '-c', '--security-contexts', nargs='*', default=[],
- help='list of identities, aka ROS security contexts names')
+ '-e', '--enclaves', nargs='*', default=[],
+ help='list of identities, aka ROS security enclave names')
arg = parser.add_argument(
'-p', '--policy-files', nargs='*', default=[],
help='list of policy xml file paths')
@@ -45,7 +45,7 @@ def add_arguments(self, parser, cli_name):
def main(self, *, args):
try:
success = _artifact_generation.generate_artifacts(
- args.keystore_root_path, args.security_contexts, args.policy_files)
+ args.keystore_root_path, args.enclaves, args.policy_files)
except FileNotFoundError as e:
raise RuntimeError(str(e))
return 0 if success else 1
diff --git a/sros2/test/policies/add_two_ints.policy.xml b/sros2/test/policies/add_two_ints.policy.xml
index 9969f4e2..d918beef 100644
--- a/sros2/test/policies/add_two_ints.policy.xml
+++ b/sros2/test/policies/add_two_ints.policy.xml
@@ -1,8 +1,8 @@
-
-
+
+
-
-
+
+
-
-
+
+
diff --git a/sros2/test/policies/minimal_action.policy.xml b/sros2/test/policies/minimal_action.policy.xml
index 1d99f25e..bcc0ed5c 100644
--- a/sros2/test/policies/minimal_action.policy.xml
+++ b/sros2/test/policies/minimal_action.policy.xml
@@ -1,8 +1,8 @@
-
-
+
+
-
-
+
+
-
-
+
+
diff --git a/sros2/test/policies/permissions/single_context/permissions.xml b/sros2/test/policies/permissions/single_context/permissions.xml
index 9bab954c..f17837bc 100644
--- a/sros2/test/policies/permissions/single_context/permissions.xml
+++ b/sros2/test/policies/permissions/single_context/permissions.xml
@@ -1,7 +1,7 @@
-
- CN=/single_context
+
+ CN=/single_enclave
2013-10-26T00:00:00
2023-10-26T22:45:30
diff --git a/sros2/test/policies/sample.policy.xml b/sros2/test/policies/sample.policy.xml
index 22194b15..671a5d8f 100644
--- a/sros2/test/policies/sample.policy.xml
+++ b/sros2/test/policies/sample.policy.xml
@@ -1,14 +1,14 @@
-
+
+ xpointer="xpointer(/policy/enclaves/*)"/>
+ xpointer="xpointer(/policy/enclaves/*)"/>
-
+ xpointer="xpointer(/policy/enclaves/*)"/>
+
-
-
+
+
diff --git a/sros2/test/policies/single_context.policy.xml b/sros2/test/policies/single_context.policy.xml
index 19eeb8fa..55b88baa 100644
--- a/sros2/test/policies/single_context.policy.xml
+++ b/sros2/test/policies/single_context.policy.xml
@@ -1,16 +1,16 @@
-
-
+
+
+ xpointer="xpointer(/policy/enclaves/enclave/profiles/*)"/>
+ xpointer="xpointer(/policy/enclaves/enclave/profiles/*)"/>
+ xpointer="xpointer(/policy/enclaves/enclave/profiles/*)"/>
-
-
+
+
diff --git a/sros2/test/policies/talker_listener.policy.xml b/sros2/test/policies/talker_listener.policy.xml
index de0b396f..5c61a8a6 100644
--- a/sros2/test/policies/talker_listener.policy.xml
+++ b/sros2/test/policies/talker_listener.policy.xml
@@ -1,8 +1,8 @@
-
-
+
+
-
-
+
+
-
-
+
+
diff --git a/sros2/test/sros2/commands/security/verbs/test_create_key.py b/sros2/test/sros2/commands/security/verbs/test_create_key.py
index c93585fa..fe70116d 100644
--- a/sros2/test/sros2/commands/security/verbs/test_create_key.py
+++ b/sros2/test/sros2/commands/security/verbs/test_create_key.py
@@ -33,7 +33,7 @@
# This fixture will run once for the entire module (as opposed to once per test)
@pytest.fixture(scope='module')
-def security_context_keys_dir(tmpdir_factory):
+def enclave_keys_dir(tmpdir_factory):
keystore_dir = Path(str(tmpdir_factory.mktemp('keystore')))
# First, create the keystore
@@ -41,12 +41,12 @@ def security_context_keys_dir(tmpdir_factory):
# Now using that keystore, create a keypair along with other files required by DDS
assert cli.main(
- argv=['security', 'create_key', str(keystore_dir), '/test_security_context']) == 0
- security_context_dir = keystore_dir / 'contexts' / 'test_security_context'
- assert security_context_dir.is_dir()
+ argv=['security', 'create_key', str(keystore_dir), '/test_enclave']) == 0
+ enclave_dir = keystore_dir / 'enclaves' / 'test_enclave'
+ assert enclave_dir.is_dir()
- # Return path to directory containing the security_context's files
- return security_context_dir
+ # Return path to directory containing the enclave's files
+ return enclave_dir
def load_cert(path):
@@ -89,20 +89,20 @@ def verify_signature(cert, signatory):
return True
-def test_create_key(security_context_keys_dir):
+def test_create_key(enclave_keys_dir):
expected_files = (
'cert.pem', 'governance.p7s', 'identity_ca.cert.pem', 'key.pem', 'permissions.p7s',
'permissions.xml', 'permissions_ca.cert.pem'
)
- assert len(list(security_context_keys_dir.iterdir())) == len(expected_files)
+ assert len(list(enclave_keys_dir.iterdir())) == len(expected_files)
for expected_file in expected_files:
- assert (security_context_keys_dir / expected_file).is_file()
+ assert (enclave_keys_dir / expected_file).is_file()
-def test_cert_pem(security_context_keys_dir):
- cert = load_cert(security_context_keys_dir / 'cert.pem')
- check_common_name(cert.subject, u'/test_security_context')
+def test_cert_pem(enclave_keys_dir):
+ cert = load_cert(enclave_keys_dir / 'cert.pem')
+ check_common_name(cert.subject, u'/test_enclave')
check_common_name(cert.issuer, _keystore._DEFAULT_COMMON_NAME)
# Verify that the hash algorithm is as expected
@@ -123,28 +123,28 @@ def test_cert_pem(security_context_keys_dir):
assert value.path_length is None
# Verify this cert is indeed signed by the keystore CA
- signatory = load_cert(security_context_keys_dir / 'identity_ca.cert.pem')
+ signatory = load_cert(enclave_keys_dir / 'identity_ca.cert.pem')
assert verify_signature(cert, signatory)
-def test_governance_p7s(security_context_keys_dir):
+def test_governance_p7s(enclave_keys_dir):
# Would really like to verify the signature, but ffi just can't use
# that part of the OpenSSL API
- with open(security_context_keys_dir / 'governance.p7s') as f:
+ with open(enclave_keys_dir / 'governance.p7s') as f:
lines = f.readlines()
assert lines[0] == 'MIME-Version: 1.0\n'
assert lines[1].startswith(
'Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256";') # noqa
-def test_identity_ca_cert_pem(security_context_keys_dir):
- cert = load_cert(security_context_keys_dir / 'identity_ca.cert.pem')
+def test_identity_ca_cert_pem(enclave_keys_dir):
+ cert = load_cert(enclave_keys_dir / 'identity_ca.cert.pem')
check_common_name(cert.subject, _keystore._DEFAULT_COMMON_NAME)
check_common_name(cert.issuer, _keystore._DEFAULT_COMMON_NAME)
-def test_key_pem(security_context_keys_dir):
- private_key = load_private_key(security_context_keys_dir / 'key.pem')
+def test_key_pem(enclave_keys_dir):
+ private_key = load_private_key(enclave_keys_dir / 'key.pem')
assert isinstance(private_key, ec.EllipticCurvePrivateKey)
assert private_key.key_size == 256
@@ -153,27 +153,27 @@ def test_key_pem(security_context_keys_dir):
assert public_key.key_size == 256
-def test_permissions_p7s(security_context_keys_dir):
+def test_permissions_p7s(enclave_keys_dir):
# Would really like to verify the signature, but ffi just can't use
# that part of the OpenSSL API
- with open(security_context_keys_dir / 'permissions.p7s') as f:
+ with open(enclave_keys_dir / 'permissions.p7s') as f:
lines = f.readlines()
assert lines[0] == 'MIME-Version: 1.0\n'
assert lines[1].startswith(
'Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256";') # noqa
-def test_permissions_xml(security_context_keys_dir):
- permissions_xml = etree.parse(str(security_context_keys_dir / 'permissions.xml'))
+def test_permissions_xml(enclave_keys_dir):
+ permissions_xml = etree.parse(str(enclave_keys_dir / 'permissions.xml'))
permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd')
permissions_xsd = etree.XMLSchema(etree.parse(permissions_xsd_path))
permissions_xsd.assertValid(permissions_xml)
-def test_permissions_ca_cert_pem(security_context_keys_dir):
- cert = load_cert(security_context_keys_dir / 'permissions_ca.cert.pem')
+def test_permissions_ca_cert_pem(enclave_keys_dir):
+ cert = load_cert(enclave_keys_dir / 'permissions_ca.cert.pem')
check_common_name(cert.subject, _keystore._DEFAULT_COMMON_NAME)
check_common_name(cert.issuer, _keystore._DEFAULT_COMMON_NAME)
- signatory = load_cert(security_context_keys_dir / 'identity_ca.cert.pem')
+ signatory = load_cert(enclave_keys_dir / 'identity_ca.cert.pem')
assert verify_signature(cert, signatory)
diff --git a/sros2/test/sros2/commands/security/verbs/test_create_keystore.py b/sros2/test/sros2/commands/security/verbs/test_create_keystore.py
index 178ed79f..297232e7 100644
--- a/sros2/test/sros2/commands/security/verbs/test_create_keystore.py
+++ b/sros2/test/sros2/commands/security/verbs/test_create_keystore.py
@@ -40,7 +40,7 @@ def keystore_dir(tmpdir_factory):
def test_create_keystore(keystore_dir):
public = keystore_dir / 'public'
private = keystore_dir / 'private'
- contexts = keystore_dir / 'contexts'
+ enclaves = keystore_dir / 'enclaves'
expected_files_public = (
public / 'ca.cert.pem',
public / 'permissions_ca.cert.pem',
@@ -51,16 +51,16 @@ def test_create_keystore(keystore_dir):
private / 'permissions_ca.key.pem',
private / 'identity_ca.key.pem',
)
- expected_files_contexts = (
- contexts / 'governance.p7s',
- contexts / 'governance.xml',
+ expected_files_enclaves = (
+ enclaves / 'governance.p7s',
+ enclaves / 'governance.xml',
)
assert len(list(keystore_dir.iterdir())) == 3
assert len(list(public.iterdir())) == len(expected_files_public)
assert len(list(private.iterdir())) == len(expected_files_private)
- assert len(list(contexts.iterdir())) == len(expected_files_contexts)
- expected_files = expected_files_public + expected_files_private + expected_files_contexts
+ assert len(list(enclaves.iterdir())) == len(expected_files_enclaves)
+ expected_files = expected_files_public + expected_files_private + expected_files_enclaves
assert all(x.is_file() for x in expected_files)
@@ -84,7 +84,7 @@ def test_ca_key(keystore_dir):
def test_governance_p7s(keystore_dir):
# Would really like to verify the signature, but ffi just can't use
# that part of the OpenSSL API
- with (keystore_dir / 'contexts' / 'governance.p7s').open('r') as f:
+ with (keystore_dir / 'enclaves' / 'governance.p7s').open('r') as f:
lines = f.readlines()
assert lines[0] == 'MIME-Version: 1.0\n'
assert lines[1].startswith(
@@ -93,4 +93,4 @@ def test_governance_p7s(keystore_dir):
def test_governance_xml(keystore_dir):
# Validates valid XML
- ElementTree.parse(str(keystore_dir / 'contexts' / 'governance.xml'))
+ ElementTree.parse(str(keystore_dir / 'enclaves' / 'governance.xml'))
diff --git a/sros2/test/sros2/commands/security/verbs/test_create_permission.py b/sros2/test/sros2/commands/security/verbs/test_create_permission.py
index a5ec09bd..3e8fe005 100644
--- a/sros2/test/sros2/commands/security/verbs/test_create_permission.py
+++ b/sros2/test/sros2/commands/security/verbs/test_create_permission.py
@@ -29,14 +29,14 @@
# This fixture will run once for the entire module (as opposed to once per test)
@pytest.fixture(scope='module')
-def security_context_dir(tmpdir_factory, test_policy_dir) -> pathlib.Path:
+def enclave_dir(tmpdir_factory, test_policy_dir) -> pathlib.Path:
keystore_dir = pathlib.Path(str(tmpdir_factory.mktemp('keystore')))
# First, create the keystore as well as a keypair for the talker
assert _keystore.create_keystore(keystore_dir)
assert _key.create_key(keystore_dir, _test_identity)
- security_files_dir = keystore_dir.joinpath(f'contexts{_test_identity}')
+ security_files_dir = keystore_dir.joinpath(f'enclaves{_test_identity}')
assert security_files_dir.is_dir()
# Now using that keystore, create a permissions file using the sample policy
@@ -50,11 +50,11 @@ def security_context_dir(tmpdir_factory, test_policy_dir) -> pathlib.Path:
return security_files_dir
-def test_create_permission(security_context_dir):
- assert security_context_dir.joinpath('permissions.xml').is_file()
- assert security_context_dir.joinpath('permissions.p7s').is_file()
+def test_create_permission(enclave_dir):
+ assert enclave_dir.joinpath('permissions.xml').is_file()
+ assert enclave_dir.joinpath('permissions.p7s').is_file()
- tree = lxml.etree.parse(str(security_context_dir.joinpath('permissions.xml')))
+ tree = lxml.etree.parse(str(enclave_dir.joinpath('permissions.xml')))
# Validate the schema
permissions_xsd_path = get_transport_schema('dds', 'permissions.xsd')
diff --git a/sros2/test/sros2/commands/security/verbs/test_list_keys.py b/sros2/test/sros2/commands/security/verbs/test_list_keys.py
index 27e29af9..9ee2dc1b 100644
--- a/sros2/test/sros2/commands/security/verbs/test_list_keys.py
+++ b/sros2/test/sros2/commands/security/verbs/test_list_keys.py
@@ -26,11 +26,11 @@ def test_list_keys(capsys):
assert _keystore.create_keystore(keystore_dir)
# Now using that keystore, create a keypair
- assert _key.create_key(keystore_dir, '/test_context')
+ assert _key.create_key(keystore_dir, '/test_enclave')
# Now verify that the key we just created is included in the list
assert cli.main(argv=['security', 'list_keys', keystore_dir]) == 0
- assert capsys.readouterr().out.strip() == 'test_context'
+ assert capsys.readouterr().out.strip() == 'test_enclave'
def test_list_keys_no_keys(capsys):
diff --git a/sros2_cmake/README.md b/sros2_cmake/README.md
index 47a94e99..ab2b9201 100644
--- a/sros2_cmake/README.md
+++ b/sros2_cmake/README.md
@@ -6,16 +6,16 @@ In package.xml add:
`sros2_cmake`
In CMakeLists add:
`find_package(sros2_cmake REQUIRED)`
-`sros2_generate_artifacts(SECURITY_CONTEXTS )`
+`sros2_generate_artifacts(ENCLAVES )`
Macro definition:
```
- # sros2_generate_artifacts(SECURITY_CONTEXTS ...)
+ # sros2_generate_artifacts(ENCLAVES ...)
- # SECURITY_CONTEXTS (macro multi-arg) takes the security contexts names for which keys will be generated
- # Executables can use a different or the same security contexts.
- # All nodes in the same process use the same security context.
+ # ENCLAVES (macro multi-arg) takes the enclaves names for which keys will be generated
+ # Executables can use a different or the same enclaves.
+ # All nodes in the same process use the same enclave.
# SECURITY (cmake arg) if not define or OFF, will not generate key/keystores
# ROS_SECURITY_ROOT_DIRECTORY (env variable) the location of the keystore
- # POLICY_FILE (cmake arg) if defined, will generate security artifacts for each context defined in the policy file.
+ # POLICY_FILE (cmake arg) if defined, will generate security artifacts for each enclave defined in the policy file.
```
diff --git a/sros2_cmake/cmake/sros2_generate_artifacts.cmake b/sros2_cmake/cmake/sros2_generate_artifacts.cmake
index 31fc7f42..7fffe00b 100644
--- a/sros2_cmake/cmake/sros2_generate_artifacts.cmake
+++ b/sros2_cmake/cmake/sros2_generate_artifacts.cmake
@@ -13,12 +13,12 @@
# limitations under the License.
macro(sros2_generate_artifacts)
- # sros2_generate_artifacts(SECURITY_CONTEXTS ...)
+ # sros2_generate_artifacts(ENCLAVES ...)
#
- # SECURITY_CONTEXTS (macro multi-arg) takes the context names for which artifacts will be generated
+ # ENCLAVES (macro multi-arg) takes the enclave names for which artifacts will be generated
# SECURITY (cmake arg) if not defined or OFF, will not generate keystore/keys/permissions
# POLICY_FILE (cmake arg) if defined, policies defined in the file will used to generate
- # permission files for all the security contexts listed in the policy file.
+ # permission files for all the enclaves listed in the policy file.
# ROS_SECURITY_ROOT_DIRECTORY (env variable) will be the location of the keystore
if(NOT SECURITY)
message(STATUS "Not generating security files")
@@ -31,13 +31,13 @@ macro(sros2_generate_artifacts)
else()
set(SECURITY_KEYSTORE ${DEFAULT_KEYSTORE})
endif()
- cmake_parse_arguments(ros2_generate_security_artifacts "" "" "SECURITY_CONTEXTS" ${ARGN})
+ cmake_parse_arguments(ros2_generate_security_artifacts "" "" "ENCLAVES" ${ARGN})
set(generate_artifacts_command ${PROGRAM} security generate_artifacts -k ${SECURITY_KEYSTORE})
- list(LENGTH ros2_generate_security_artifacts_SECURITY_CONTEXTS nb_security_contexts)
- if(${nb_security_contexts} GREATER "0")
- list(APPEND generate_artifacts_command "-c")
- foreach(security_context ${ros2_generate_security_artifacts_SECURITY_CONTEXTS})
- list(APPEND generate_artifacts_command security_context)
+ list(LENGTH ros2_generate_security_artifacts_ENCLAVES nb_enclaves)
+ if(${nb_enclaves} GREATER "0")
+ list(APPEND generate_artifacts_command "-e")
+ foreach(enclave ${ros2_generate_security_artifacts_ENCLAVES})
+ list(APPEND generate_artifacts_command enclave)
endforeach()
endif()
if(POLICY_FILE)