Use rmw_security_common

rmw_fastrtps_shared_cpp/CMakeLists.txt

@@ -40,6 +40,7 @@ find_package(rosidl_dynamic_typesupport REQUIRED)
 find_package(rcpputils REQUIRED)
 find_package(rcutils REQUIRED)
 find_package(rmw_dds_common REQUIRED)
+find_package(rmw_security_common REQUIRED)
 find_package(rosidl_runtime_c REQUIRED)
 find_package(rosidl_typesupport_introspection_c REQUIRED)
 find_package(rosidl_typesupport_introspection_cpp REQUIRED)
@@ -110,6 +111,7 @@ target_link_libraries(rmw_fastrtps_shared_cpp PUBLIC
   rcutils::rcutils
   rmw::rmw
   rmw_dds_common::rmw_dds_common_library
+  rmw_security_common::rmw_security_common_library
   rosidl_dynamic_typesupport::rosidl_dynamic_typesupport
 )
 
@@ -131,7 +133,7 @@ ament_export_libraries(rmw_fastrtps_shared_cpp)
 # Export modern CMake targets
 ament_export_targets(rmw_fastrtps_shared_cpp)
 
-ament_export_dependencies(fastcdr rcpputils rcutils rmw rmw_dds_common rosidl_dynamic_typesupport)
+ament_export_dependencies(fastcdr rcpputils rcutils rmw rmw_dds_common rmw_security_common rosidl_dynamic_typesupport)
 
 if(BUILD_TESTING)
   find_package(ament_lint_auto REQUIRED)

rmw_fastrtps_shared_cpp/package.xml

@@ -28,6 +28,7 @@
   <build_depend>rcutils</build_depend>
   <build_depend>rmw</build_depend>
   <build_depend>rmw_dds_common</build_depend>
+  <build_depend>rmw_security_common</build_depend>
   <build_depend>rosidl_runtime_c</build_depend>
   <build_depend>rosidl_typesupport_introspection_c</build_depend>
   <build_depend>rosidl_typesupport_introspection_cpp</build_depend>
@@ -41,6 +42,7 @@
   <build_export_depend>rcutils</build_export_depend>
   <build_export_depend>rmw</build_export_depend>
   <build_export_depend>rmw_dds_common</build_export_depend>
+  <build_export_depend>rmw_security_common</build_export_depend>
   <build_export_depend>rosidl_typesupport_introspection_c</build_export_depend>
   <build_export_depend>rosidl_typesupport_introspection_cpp</build_export_depend>
   <build_export_depend>tracetools</build_export_depend>

rmw_fastrtps_shared_cpp/src/participant.cpp

@@ -46,7 +46,7 @@
 #include "rmw_fastrtps_shared_cpp/rmw_security_logging.hpp"
 #include "rmw_fastrtps_shared_cpp/utils.hpp"
 
-#include "rmw_dds_common/security.hpp"
+#include "rmw_security_common/security.hpp"
 
 // Private function to create Participant with QoS
 static CustomParticipantInfo *
@@ -316,37 +316,58 @@ rmw_fastrtps_shared_cpp::create_participant(
   if (security_options->security_root_path) {
     // if security_root_path provided, try to find the key and certificate files
 #if HAVE_SECURITY
-    std::unordered_map<std::string, std::string> security_files_paths;
-    if (rmw_dds_common::get_security_files(
-        true, "file://", security_options->security_root_path, security_files_paths))
+    rcutils_allocator_t allocator = rcutils_get_default_allocator();
+    rcutils_string_map_t security_files_paths = rcutils_get_zero_initialized_string_map();
+    rcutils_ret_t ret = rcutils_string_map_init(&security_files_paths, 0, allocator);
+
+    if (ret != RMW_RET_OK) {
+      RMW_SET_ERROR_MSG("Failed to initialize string map for security");
+      return RMW_RET_ERROR;
+    }
+
+    auto scope_exit_ws = rcpputils::make_scope_exit(
+      [&security_files_paths]()
+      {
+        rcutils_ret_t ret = rcutils_string_map_fini(&security_files_paths);
+        if (ret != RMW_RET_OK) {
+          RMW_SET_ERROR_MSG("Failed to fini string map for security");
+        }
+      });
+
+    if (get_security_files_support_pkcs(
+        true, "file://", security_options->security_root_path, security_files_paths) == RMW_RET_OK)
     {
       eprosima::fastrtps::rtps::PropertyPolicy property_policy;
       property_policy.properties().emplace_back(
         "dds.sec.auth.plugin", "builtin.PKI-DH");
       property_policy.properties().emplace_back(
-        "dds.sec.auth.builtin.PKI-DH.identity_ca", security_files_paths["IDENTITY_CA"]);
+        "dds.sec.auth.builtin.PKI-DH.identity_ca",
+        std::string(rcutils_string_map_get(&security_files_paths, "IDENTITY_CA")));
       property_policy.properties().emplace_back(
-        "dds.sec.auth.builtin.PKI-DH.identity_certificate", security_files_paths["CERTIFICATE"]);
+        "dds.sec.auth.builtin.PKI-DH.identity_certificate",
+        std::string(rcutils_string_map_get(&security_files_paths, "CERTIFICATE")));
       property_policy.properties().emplace_back(
-        "dds.sec.auth.builtin.PKI-DH.private_key", security_files_paths["PRIVATE_KEY"]);
+        "dds.sec.auth.builtin.PKI-DH.private_key",
+        std::string(rcutils_string_map_get(&security_files_paths, "PRIVATE_KEY")));
       property_policy.properties().emplace_back(
         "dds.sec.crypto.plugin", "builtin.AES-GCM-GMAC");
 
       property_policy.properties().emplace_back(
         "dds.sec.access.plugin", "builtin.Access-Permissions");
       property_policy.properties().emplace_back(
         "dds.sec.access.builtin.Access-Permissions.permissions_ca",
-        security_files_paths["PERMISSIONS_CA"]);
+        std::string(rcutils_string_map_get(&security_files_paths, "PERMISSIONS_CA")));
       property_policy.properties().emplace_back(
         "dds.sec.access.builtin.Access-Permissions.governance",
-        security_files_paths["GOVERNANCE"]);
+        std::string(rcutils_string_map_get(&security_files_paths, "GOVERNANCE")));
       property_policy.properties().emplace_back(
         "dds.sec.access.builtin.Access-Permissions.permissions",
-        security_files_paths["PERMISSIONS"]);
+        std::string(rcutils_string_map_get(&security_files_paths, "PERMISSIONS")));
 
-      if (security_files_paths.count("CRL") > 0) {
+      if (rcutils_string_map_key_exists(&security_files_paths, "CRL")) {
         property_policy.properties().emplace_back(
-          "dds.sec.auth.builtin.PKI-DH.identity_crl", security_files_paths["CRL"]);
+          "dds.sec.auth.builtin.PKI-DH.identity_crl",
+          std::string(rcutils_string_map_get(&security_files_paths, "CRL")));
       }
 
       // Configure security logging