JH-597: merge release/7.7.0 into develop

README.md

@@ -24,9 +24,11 @@ git submodule update --init --recursive
 ## Versioning
 
 The examples contained in this branch were built and tested against **RTI Connext
-7.5.0**. If you need examples that have been built and tested against previous
+7.7.0**. If you need examples that have been built and tested against previous
 versions of RTI Connext, please check out the corresponding release branch:
 
+- [release/7.6.0](https://github.com/rticommunity/rticonnextdds-examples/tree/release/7.6.0)
+- [release/7.5.0](https://github.com/rticommunity/rticonnextdds-examples/tree/release/7.5.0)
 - [release/7.4.0](https://github.com/rticommunity/rticonnextdds-examples/tree/release/7.4.0)
 - [release/7.3.0](https://github.com/rticommunity/rticonnextdds-examples/tree/release/7.3.0)
 - [release/7.2.0](https://github.com/rticommunity/rticonnextdds-examples/tree/release/7.2.0)

examples/connext_dds/asynchronous_publication/cs/AsyncPublicationExample.csproj

@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Rti.ConnextDds.Extra" Version="7.6.0" />
+    <PackageReference Include="Rti.ConnextDds.Extra" Version="7.7.0" />
     <PackageReference Include="System.CommandLine" Version="2.0.0-beta1.21308.1"/>
   </ItemGroup>
 

examples/connext_dds/custom_flow_controller/cs/FlowControllerExample.csproj

@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Rti.ConnextDds.Extra" Version="7.6.0" />
+    <PackageReference Include="Rti.ConnextDds.Extra" Version="7.7.0" />
     <PackageReference Include="System.CommandLine" Version="2.0.0-beta1.21308.1"/>
   </ItemGroup>
 

examples/connext_dds/dynamic_data_sequences/cs/DynamicDataSequencesExample.csproj

@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Rti.ConnextDds" Version="7.6.0" />
+    <PackageReference Include="Rti.ConnextDds" Version="7.7.0" />
     <PackageReference Include="System.CommandLine" Version="2.0.0-beta1.21308.1"/>
   </ItemGroup>
 

examples/connext_dds/dynamic_data_using_publisher_subscriber/cs/Shapes.csproj

@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Rti.ConnextDds.Extra" Version="7.6.0" />
+    <PackageReference Include="Rti.ConnextDds.Extra" Version="7.7.0" />
     <PackageReference Include="System.CommandLine" Version="2.0.0-beta1.21308.1"/>
   </ItemGroup>
 

examples/connext_dds/group_coherent_presentation/cs/GroupCoherentExample.csproj

@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Rti.ConnextDds.Extra" Version="7.6.0" />
+    <PackageReference Include="Rti.ConnextDds.Extra" Version="7.7.0" />
     <PackageReference Include="System.CommandLine" Version="2.0.0-beta1.21308.1"/>
   </ItemGroup>
 

examples/connext_dds/partitions/cs/PartitionsExample.csproj

@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Rti.ConnextDds.Extra" Version="7.6.0" />
+    <PackageReference Include="Rti.ConnextDds.Extra" Version="7.7.0" />
     <PackageReference Include="System.CommandLine" Version="2.0.0-beta1.21308.1"/>
     <PackageReference Include="System.Linq.Async" Version="5.0.0-*" />
   </ItemGroup>

examples/connext_dds/remote_procedure_call/py/inventory_client.py

@@ -21,21 +21,13 @@ class InventoryClient(InventoryService, rpc.ClientBase):
     ...
 
 
-async def wait_for_service(client: InventoryClient):
-    while client.matched_service_count == 0:
-        await sleep(0.1)
-
-
 async def run_client(args):
     participant = dds.DomainParticipant(args.domain)
     client = InventoryClient(
         participant, "Inventory", max_wait_per_call=dds.Duration(20)
     )
 
-    # For versions 7.4.0 and below:
-    await wait_for_service(client)
-    # For newer versions you can use the following:
-    # await client.wait_for_service_async(dds.Duration(20))
+    await client.wait_for_service_async(dds.Duration(20))
 
     print("Initial inventory: ", await client.get_inventory())
 

examples/connext_dds/request_reply/cs/Primes.csproj

@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Rti.ConnextDds.RequestReply" Version="7.6.0"/>
+    <PackageReference Include="Rti.ConnextDds.RequestReply" Version="7.7.0"/>
     <PackageReference Include="System.CommandLine" Version="2.0.0-beta1.21308.1" />
   </ItemGroup>
 

examples/connext_secure/CMakeLists.txt

@@ -24,6 +24,7 @@ if(NOT DEFINED CONNEXTDDS_CONNEXT_SECURE_EXAMPLES)
     set(CONNEXTDDS_CONNEXT_SECURE_EXAMPLES
         "cds"
         "certificate_revocation_list"
+        "dynamic_permissions"
         "lightweight"
         "whitelist"
     )

examples/connext_secure/dynamic_permissions/README.md

@@ -0,0 +1,93 @@
+# Example Code: Dynamic Permissions
+
+## Concept
+
+This example showcases how the Security Plugins enforce Permissions Document
+expiration, and how the Permissions Document can be renewed to resume
+communication.
+
+## Building the Example
+
+Use the following commands to build the example and get the executables that
+you can run:
+
+```sh
+cd c++11/
+mkdir build && cd build
+cmake ..
+cmake --build .
+```
+
+You can optionally pass the
+``-DCONNEXTDDS_DIR=<your_connext_installation_directory>``,
+``-DOPENSSL_ROOT_DIR=<your_openssl_installation_directory>``,
+``-DCONNEXTDDS_ARCH=<your_architecture>``,
+``-DCMAKE_BUILD_TYPE=<Debug/Release>``, and
+``-DBUILD_SHARED_LIBS=<ON/OFF>`` variables to the cmake configuration step.
+
+After building the example, you will have a publisher Permissions Document that
+expires in 1 minute. If you need to re-create it, please remove this file from
+your build directory and re-run the ``createExpiringPermissions`` target.
+
+```sh
+rm security/ecdsa01/xml/Permissions2_expiring.xml && \
+    cmake --build . --target createExpiringPermissions
+```
+
+## Running the example
+
+Demo is based on a standard rtiddsgen publisher and subscriber example code.
+
+Run a publisher and a subscriber in separate terminal windows.
+
+```sh
+./dynamic_permissions_publisher
+```
+
+```sh
+./dynamic_permissions_subscriber
+```
+
+Verify that they communicate and that the subscriber is receiving data.
+
+```sh
+# Publisher
+Writing ::DynamicPermissions, count 0
+Writing ::DynamicPermissions, count 1
+# [...]
+
+# Subscriber
+::DynamicPermissions subscriber sleeping up to 1 sec...
+[value: 0]
+::DynamicPermissions subscriber sleeping up to 1 sec...
+[value: 1]
+::DynamicPermissions subscriber sleeping up to 1 sec...
+# [...]
+```
+
+Once the Permissions Document of the publisher DomainParticipant expires, you
+will see the following error messages:
+
+```sh
+# Publisher
+ERROR [0x831AB06E,0x43876C36,0xFD825600:0x000001C1|ADVANCE NOTIFY INVALID LOCAL PERMISSIONS|CHECK STATUS|LC:Security] RTI_Security_PermissionsGrant_isValidTime:{"DDS:Security:LogTopicV2":{"f":"10","s":"3","t":{"s":"1748517658","n":"108000"},"h":"RTISP-10036","i":"0.0.0.0","a":"RTI Secure DDS Application","p":"85264","k":"50331706","x":[{"DDS":[{"domain_id":"0"},{"guid":"831AB06E.43876C36.FD825600.000001C1"},{"plugin_class":"DDS:Access:Permissions"},{"plugin_method":"RTI_Security_PermissionsGrant_isValidTime"}]}],"m":"now is after not_after of permissions file"}}
+ERROR [0x831AB06E,0x43876C36,0xFD825600:0x000001C1|ADVANCE NOTIFY INVALID LOCAL PERMISSIONS|CHECK STATUS|LC:Security] RTI_Security_AccessControl_validate_status:{"DDS:Security:LogTopicV2":{"f":"10","s":"3","t":{"s":"1748517658","n":"192000"},"h":"RTISP-10036","i":"0.0.0.0","a":"RTI Secure DDS Application","p":"85264","k":"50331706","x":[{"DDS":[{"domain_id":"0"},{"guid":"831AB06E.43876C36.FD825600.000001C1"},{"plugin_class":"DDS:Access:Permissions"},{"plugin_method":"RTI_Security_AccessControl_validate_status"}]}],"m":"permissions' validity period is invalid."}}
+ERROR [0x831AB06E,0x43876C36,0xFD825600:0x000001C1|ADVANCE NOTIFY INVALID LOCAL PERMISSIONS|CHECK STATUS|LC:Security] PRESParticipant_onSecurityLocalCredentialValidateEvent:FAILED TO VALIDATE | Local permissions credentials.
+ERROR [0x831AB06E,0x43876C36,0xFD825600:0x000001C1|ADVANCE NOTIFY INVALID LOCAL PERMISSIONS|LC:Security] PRESParticipant_onSecurityLocalCredentialEventListener:FAILED TO VALIDATE | Local credentials.
+
+# Subscriber
+ERROR [PARSE MESSAGE|0xDED844B7,0x87B9550F,0xB66DD964:0x000201C4{Entity=DR,MessageKind=DATA}|RECEIVE FROM 0x831AB06E,0x43876C36,0xFD825600:0x000201C3|:0x000001C1{Domain=0}|RECEIVE SAMPLE|PROCESS HANDSHAKE|GET SECURITY STATE|LC:Security] RTI_Security_PermissionsGrant_isValidTime:{"DDS:Security:LogTopicV2":{"f":"10","s":"3","t":{"s":"1748517682","n":"984966998"},"h":"RTISP-10036","i":"0.0.0.0","a":"RTI Secure DDS Application","p":"85248","k":"50331706","x":[{"DDS":[{"domain_id":"0"},{"guid":"DED844B7.87B9550F.B66DD964.000001C1"},{"plugin_class":"DDS:Access:Permissions"},{"plugin_method":"RTI_Security_PermissionsGrant_isValidTime"}]}],"m":"now is after not_after of permissions file"}}
+ERROR [PARSE MESSAGE|0xDED844B7,0x87B9550F,0xB66DD964:0x000201C4{Entity=DR,MessageKind=DATA}|RECEIVE FROM 0x831AB06E,0x43876C36,0xFD825600:0x000201C3|:0x000001C1{Domain=0}|RECEIVE SAMPLE|PROCESS HANDSHAKE|GET SECURITY STATE|LC:Security] RTI_Security_AccessControl_validatePermissionsDocument:{"DDS:Security:LogTopicV2":{"f":"10","s":"3","t":{"s":"1748517682","n":"985028998"},"h":"RTISP-10036","i":"0.0.0.0","a":"RTI Secure DDS Application","p":"85248","k":"50331706","x":[{"DDS":[{"domain_id":"0"},{"guid":"DED844B7.87B9550F.B66DD964.000001C1"},{"plugin_class":"DDS:Access:Permissions"},{"plugin_method":"RTI_Security_AccessControl_validatePermissionsDocument"}]}],"m":"grant has invalid time"}}
+ERROR [PARSE MESSAGE|0xDED844B7,0x87B9550F,0xB66DD964:0x000201C4{Entity=DR,MessageKind=DATA}|RECEIVE FROM 0x831AB06E,0x43876C36,0xFD825600:0x000201C3|:0x000001C1{Domain=0}|RECEIVE SAMPLE|PROCESS HANDSHAKE|GET SECURITY STATE|LC:Security] RTI_Security_AccessControl_validate_remote_permissions:{"DDS:Security:LogTopicV2":{"f":"10","s":"1","t":{"s":"1748517682","n":"985044998"},"h":"RTISP-10036","i":"0.0.0.0","a":"RTI Secure DDS Application","p":"85248","k":"50331706","x":[{"DDS":[{"domain_id":"0"},{"guid":"DED844B7.87B9550F.B66DD964.000001C1"},{"plugin_class":"DDS:Access:Permissions"},{"plugin_method":"RTI_Security_AccessControl_validate_remote_permissions"}]}],"m":"failed to validate remote permissions"}}
+ERROR [PARSE MESSAGE|0xDED844B7,0x87B9550F,0xB66DD964:0x000201C4{Entity=DR,MessageKind=DATA}|RECEIVE FROM 0x831AB06E,0x43876C36,0xFD825600:0x000201C3|:0x000001C1{Domain=0}|RECEIVE SAMPLE|PROCESS HANDSHAKE|GET SECURITY STATE|LC:Security] DDS_DomainParticipantTrustPlugins_forwardGetAuthenticatedRemoteParticipantSecurityState:FAILED TO VALIDATE | Remote permissions.
+ERROR [PARSE MESSAGE|0xDED844B7,0x87B9550F,0xB66DD964:0x000201C4{Entity=DR,MessageKind=DATA}|RECEIVE FROM 0x831AB06E,0x43876C36,0xFD825600:0x000201C3|:0x000001C1{Domain=0}|RECEIVE SAMPLE|PROCESS HANDSHAKE|LC:Security] PRESParticipant_authorizeRemoteParticipant:{"DDS:Security:LogTopicV2":{"f":"10","s":"3","t":{"s":"1748517682","n":"985078998"},"h":"RTISP-10036","i":"0.0.0.0","a":"RTI Secure DDS Application","p":"85248","k":"50331706","x":[{"DDS":[{"domain_id":"0"},{"guid":"DED844B7.87B9550F.B66DD964.000001C1"},{"plugin_class":"RTI:Auth"},{"plugin_method":"PRESParticipant_authorizeRemoteParticipant"}]}],"m":"unauthorized remote participant 831ab06e.43876c36.fd825600 denied by local participant ded844b7.87b9550f.b66dd964"}}
+ERROR [PARSE MESSAGE|0xDED844B7,0x87B9550F,0xB66DD964:0x000201C4{Entity=DR,MessageKind=DATA}|RECEIVE FROM 0x831AB06E,0x43876C36,0xFD825600:0x000201C3|:0x000001C1{Domain=0}|RECEIVE SAMPLE|PROCESS HANDSHAKE|LC:Security] PRESParticipant_processHandshake:FAILED TO VALIDATE | Failed to authorize remote DP (GUID: 0x831AB06E,0x43876C36,0xFD825600:0x000001C1).
+```
+
+Communication will stop.
+
+## Renewing the Permissions Document
+
+This example updates the publisher DomainParticipant's Permissions Document
+after 70 samples. At that point, communication with the subscriber will
+resume.

examples/connext_secure/dynamic_permissions/c++11/CMakeLists.txt

@@ -0,0 +1,67 @@
+#
+# (c) 2025 Copyright, Real-Time Innovations, Inc.  All rights reserved.
+#
+# RTI grants Licensee a license to use, modify, compile, and create derivative
+# works of the Software.  Licensee has the right to distribute object form
+# only for use with RTI products.  The Software is provided "as is", with no
+# warranty of any type, including any warranty for fitness for any purpose.
+# RTI is under no obligation to maintain or support the Software.  RTI shall
+# not be liable for any incidental or consequential damages arising out of the
+# use or inability to use the software.
+#
+cmake_minimum_required(VERSION 3.11)
+project(rtiexamples-dynamic-permissions)
+list(APPEND CMAKE_MODULE_PATH
+    "${CMAKE_CURRENT_SOURCE_DIR}/../../../../resources/cmake/Modules"
+)
+include(ConnextDdsConfigureCmakeUtils)
+connextdds_configure_cmake_utils()
+
+find_package(RTIConnextDDS
+    "7.0.0"
+    REQUIRED
+    COMPONENTS
+        security_plugins
+)
+
+if(NOT TARGET RTIConnextDDS::security_plugins)
+    message(WARNING "RTIConnextDDS::security_plugins component is missing. Skipping example")
+    return()
+endif()
+
+# Include ConnextDdsAddExample.cmake from resources/cmake
+include(ConnextDdsAddExample)
+
+connextdds_add_example(
+    IDL "dynamic_permissions"
+    LANG "C++11"
+)
+
+include (ConnextDdsGenerateSecurityArtifacts)
+connextdds_generate_security_artifacts()
+
+# Do a copy of the original subscriber's Permissions Document, but with the
+# validity modified so that it expires in 1 minute.
+add_custom_command(
+    OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/security/ecdsa01/xml/Permissions2_expiring.xml"
+    COMMAND ${CMAKE_COMMAND}
+            -DINPUT_FILE="${CMAKE_CURRENT_BINARY_DIR}/security/ecdsa01/xml/Permissions2.xml"
+            -DOUTPUT_FILE="${CMAKE_CURRENT_BINARY_DIR}/security/ecdsa01/xml/Permissions2_expiring.xml"
+            -P ${CMAKE_SOURCE_DIR}/modify_permissions.cmake
+    DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/security/ecdsa01/xml/Permissions2.xml"
+)
+
+# Sign the modified Permissions Document
+connextdds_openssl_smime_sign(
+    INPUT "${CMAKE_CURRENT_BINARY_DIR}/security/ecdsa01/xml/Permissions2_expiring.xml"
+    OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/security/ecdsa01/xml/signed/signed_Permissions2_expiring.p7s"
+    SIGNER_CERTIFICATE "${CMAKE_CURRENT_BINARY_DIR}/security/ecdsa01/certs/ca_cert.pem"
+    PRIVATE_KEY_FILE "${CMAKE_CURRENT_BINARY_DIR}/security/ecdsa01/certs/ca_key.pem"
+)
+
+# Create a Permissions Document that is about to expire
+add_custom_target(createExpiringPermissions
+    ALL
+    DEPENDS
+        dynamic_permissions_securityArtifacts
+        "${CMAKE_CURRENT_BINARY_DIR}/security/ecdsa01/xml/signed/signed_Permissions2_expiring.p7s")

examples/connext_secure/dynamic_permissions/c++11/USER_QOS_PROFILES.xml

@@ -0,0 +1,68 @@
+<?xml version="1.0"?>
+<!--
+ (c) 2025 Copyright, Real-Time Innovations, Inc.  All rights reserved.
+ RTI grants Licensee a license to use, modify, compile, and create derivative
+ works of the Software.  Licensee has the right to distribute object form only
+ for use with RTI products.  The Software is provided "as is", with no warranty
+ of any type, including any warranty for fitness for any purpose. RTI is under
+ no obligation to maintain or support the Software.  RTI shall not be liable for
+ any incidental or consequential damages arising out of the use or inability to
+ use the software.
+ -->
+<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+     xsi:noNamespaceSchemaLocation="http://community.rti.com/schema/7.0.0/rti_dds_qos_profiles.xsd">
+    <qos_library name="dynamic_permissions_Library">
+        <qos_profile name="subscriber" base_name="BuiltinQosLib::Generic.Security" is_default_qos="true">
+          <domain_participant_qos>
+            <property>
+              <value>
+                <element>
+                  <name>dds.sec.auth.identity_ca</name>
+                  <value>file:security/ecdsa01/certs/ca_cert.pem</value>
+                </element>
+                <element>
+                  <name>dds.sec.auth.identity_certificate</name>
+                  <value>file:security/ecdsa01/certs/peer1_cert.pem</value>
+                </element>
+                <element>
+                  <name>dds.sec.auth.private_key</name>
+                  <value>file:security/ecdsa01/certs/peer1_key.pem</value>
+                </element>
+                <element>
+                  <name>dds.sec.access.permissions_ca</name>
+                  <value>file:security/ecdsa01/certs/ca_cert.pem</value>
+                </element>
+                <element>
+                  <name>dds.sec.access.governance</name>
+                  <value>file:security/ecdsa01/xml/signed/signed_Governance.p7s</value>
+                </element>
+                <element>
+                  <name>dds.sec.access.permissions</name>
+                  <value>file:security/ecdsa01/xml/signed/signed_Permissions1.p7s</value>
+                </element>
+              </value>
+            </property>
+          </domain_participant_qos>
+        </qos_profile>
+      <qos_profile name="publisher" base_name="subscriber">
+        <domain_participant_qos>
+          <property>
+            <value>
+              <element>
+                <name>dds.sec.auth.identity_certificate</name>
+                <value>file:security/ecdsa01/certs/peer2_cert.pem</value>
+              </element>
+              <element>
+                <name>dds.sec.auth.private_key</name>
+                <value>file:security/ecdsa01/certs/peer2_key.pem</value>
+              </element>
+              <element>
+                <name>dds.sec.access.permissions</name>
+                <value>file:security/ecdsa01/xml/signed/signed_Permissions2_expiring.p7s</value>
+              </element>
+            </value>
+          </property>
+        </domain_participant_qos>
+      </qos_profile>
+    </qos_library>
+</dds>