From 08e9edbeb36e4435958b982d3f6b28b0b1b1ee82 Mon Sep 17 00:00:00 2001
From: Olli Huopio <olli.huopio@atostek.com>
Date: Mon, 11 Mar 2024 14:00:58 +0200
Subject: [PATCH] Use named the constants for property names in config creation

---
 .../participant_access_control.rs             |  7 ++---
 .../access_control_builtin/types.rs           |  8 ++++++
 .../authentication_builtin/authentication.rs  | 10 ++-----
 .../authentication_builtin/types.rs           |  7 +++++
 src/security/config.rs                        | 26 +++++++++++++------
 5 files changed, 37 insertions(+), 21 deletions(-)

diff --git a/src/security/access_control/access_control_builtin/participant_access_control.rs b/src/security/access_control/access_control_builtin/participant_access_control.rs
index 149a45f9..53e2f6c1 100644
--- a/src/security/access_control/access_control_builtin/participant_access_control.rs
+++ b/src/security/access_control/access_control_builtin/participant_access_control.rs
@@ -29,14 +29,11 @@ use super::{
   s_mime_config_parser::SignedDocument,
   types::{
     BuiltinPermissionsCredentialToken, BuiltinPermissionsToken,
-    BuiltinPluginParticipantSecurityAttributes,
+    BuiltinPluginParticipantSecurityAttributes, QOS_GOVERNANCE_DOCUMENT_PROPERTY_NAME,
+    QOS_PERMISSIONS_CERTIFICATE_PROPERTY_NAME, QOS_PERMISSIONS_DOCUMENT_PROPERTY_NAME,
   },
 };
 
-const QOS_PERMISSIONS_CERTIFICATE_PROPERTY_NAME: &str = "dds.sec.access.permissions_ca";
-const QOS_GOVERNANCE_DOCUMENT_PROPERTY_NAME: &str = "dds.sec.access.governance";
-const QOS_PERMISSIONS_DOCUMENT_PROPERTY_NAME: &str = "dds.sec.access.permissions";
-
 impl AccessControlBuiltin {
   fn check_participant(
     &self,
diff --git a/src/security/access_control/access_control_builtin/types.rs b/src/security/access_control/access_control_builtin/types.rs
index 33085cf1..731f342c 100644
--- a/src/security/access_control/access_control_builtin/types.rs
+++ b/src/security/access_control/access_control_builtin/types.rs
@@ -233,6 +233,14 @@ impl EndpointSecurityAttributes {
 const PERMISSIONS_TOKEN_CLASS_ID: &str = "DDS:Access:Permissions:1.0";
 const PERMISSIONS_TOKEN_SUBJECT_NAME_PROPERTY_NAME: &str = "dds.perm_ca.sn";
 const PERMISSIONS_TOKEN_ALGORITHM_PROPERTY_NAME: &str = "dds.perm_ca.algo";
+
+pub(in crate::security) const QOS_PERMISSIONS_CERTIFICATE_PROPERTY_NAME: &str =
+  "dds.sec.access.permissions_ca";
+pub(in crate::security) const QOS_GOVERNANCE_DOCUMENT_PROPERTY_NAME: &str =
+  "dds.sec.access.governance";
+pub(in crate::security) const QOS_PERMISSIONS_DOCUMENT_PROPERTY_NAME: &str =
+  "dds.sec.access.permissions";
+
 // 9.4.2.2
 pub(super) struct BuiltinPermissionsToken {
   pub permissions_ca_subject_name: Option<DistinguishedName>,
diff --git a/src/security/authentication/authentication_builtin/authentication.rs b/src/security/authentication/authentication_builtin/authentication.rs
index 9a9c555c..66c82d88 100644
--- a/src/security/authentication/authentication_builtin/authentication.rs
+++ b/src/security/authentication/authentication_builtin/authentication.rs
@@ -35,18 +35,12 @@ use super::{
   types::{
     parse_signature_algo_name_to_ring, BuiltinAuthenticatedPeerCredentialToken,
     BuiltinIdentityToken, DH_MODP_KAGREE_ALGO_NAME, ECDH_KAGREE_ALGO_NAME,
+    QOS_IDENTITY_CA_PROPERTY_NAME, QOS_IDENTITY_CERTIFICATE_PROPERTY_NAME,
+    QOS_PASSWORD_PROPERTY_NAME, QOS_PRIVATE_KEY_PROPERTY_NAME,
   },
   BuiltinHandshakeState, DHKeys, LocalParticipantInfo, RemoteParticipantInfo,
 };
 
-// DDS Security spec v1.1
-// Section "9.3.1 Configuration" , Table 44
-
-const QOS_IDENTITY_CA_PROPERTY_NAME: &str = "dds.sec.auth.identity_ca";
-const QOS_IDENTITY_CERTIFICATE_PROPERTY_NAME: &str = "dds.sec.auth.identity_certificate";
-const QOS_PRIVATE_KEY_PROPERTY_NAME: &str = "dds.sec.auth.private_key";
-const QOS_PASSWORD_PROPERTY_NAME: &str = "dds.sec.auth.password";
-
 impl Authentication for AuthenticationBuiltin {
   fn validate_local_identity(
     &mut self,
diff --git a/src/security/authentication/authentication_builtin/types.rs b/src/security/authentication/authentication_builtin/types.rs
index 01d16de8..715f9fea 100644
--- a/src/security/authentication/authentication_builtin/types.rs
+++ b/src/security/authentication/authentication_builtin/types.rs
@@ -11,6 +11,13 @@ use crate::{
 
 pub const IDENTITY_TOKEN_CLASS_ID: &str = "DDS:Auth:PKI-DH:1.0";
 
+// Section "9.3.1 Configuration" , Table 44
+pub(in crate::security) const QOS_IDENTITY_CA_PROPERTY_NAME: &str = "dds.sec.auth.identity_ca";
+pub(in crate::security) const QOS_IDENTITY_CERTIFICATE_PROPERTY_NAME: &str =
+  "dds.sec.auth.identity_certificate";
+pub(in crate::security) const QOS_PRIVATE_KEY_PROPERTY_NAME: &str = "dds.sec.auth.private_key";
+pub(in crate::security) const QOS_PASSWORD_PROPERTY_NAME: &str = "dds.sec.auth.password";
+
 // Expected property names in IdentityToken
 pub(in crate::security) const CERT_SN_PROPERTY_NAME: &str = "dds.cert.sn";
 const CERT_ALGO_PROPERTY_NAME: &str = "dds.cert.algo";
diff --git a/src/security/config.rs b/src/security/config.rs
index 2cc8cb7c..d29014cf 100644
--- a/src/security/config.rs
+++ b/src/security/config.rs
@@ -9,6 +9,16 @@ use crate::{
     authentication::authentication_builtin::types::CertificateAlgorithm, private_key::PrivateKey,
   },
 };
+use super::{
+  access_control::access_control_builtin::types::{
+    QOS_GOVERNANCE_DOCUMENT_PROPERTY_NAME, QOS_PERMISSIONS_CERTIFICATE_PROPERTY_NAME,
+    QOS_PERMISSIONS_DOCUMENT_PROPERTY_NAME,
+  },
+  authentication::authentication_builtin::types::{
+    QOS_IDENTITY_CA_PROPERTY_NAME, QOS_IDENTITY_CERTIFICATE_PROPERTY_NAME,
+    QOS_PASSWORD_PROPERTY_NAME, QOS_PRIVATE_KEY_PROPERTY_NAME,
+  },
+};
 
 /// How to access Certificate's private key for signing.
 pub enum PrivateSigningKey {
@@ -118,14 +128,14 @@ impl DomainParticipantSecurityConfigFiles {
 
   pub fn into_property_policy(self) -> qos::policy::Property {
     let mut value = vec![
-      mk_file_prop("dds.sec.auth.identity_ca", &self.identity_ca_certificate),
+      mk_file_prop(QOS_IDENTITY_CA_PROPERTY_NAME, &self.identity_ca_certificate),
       mk_file_prop(
-        "dds.sec.auth.identity_certificate",
+        QOS_IDENTITY_CERTIFICATE_PROPERTY_NAME,
         &self.participant_identity_certificate,
       ),
       match self.participant_identity_private_key {
         PrivateSigningKey::Files { ref file_path, .. } => {
-          mk_file_prop("dds.sec.auth.private_key", file_path)
+          mk_file_prop(QOS_PRIVATE_KEY_PROPERTY_NAME, file_path)
         }
         PrivateSigningKey::Pkcs11 {
           ref token_label,
@@ -143,24 +153,24 @@ impl DomainParticipantSecurityConfigFiles {
               hsm_access_library.display()
             ));
           }
-          mk_string_prop("dds.sec.auth.private_key", pkcs11_uri)
+          mk_string_prop(QOS_PRIVATE_KEY_PROPERTY_NAME, pkcs11_uri)
         }
       },
       mk_file_prop(
-        "dds.sec.access.permissions_ca",
+        QOS_PERMISSIONS_CERTIFICATE_PROPERTY_NAME,
         &self.permissions_ca_certificate,
       ),
       mk_file_prop(
-        "dds.sec.access.governance",
+        QOS_GOVERNANCE_DOCUMENT_PROPERTY_NAME,
         &self.domain_governance_document,
       ),
       mk_file_prop(
-        "dds.sec.access.permissions",
+        QOS_PERMISSIONS_DOCUMENT_PROPERTY_NAME,
         &self.participant_permissions_document,
       ),
     ];
     if let PrivateSigningKey::Files { file_password, .. } = self.participant_identity_private_key {
-      value.push(mk_string_prop("dds.sec.auth.password", file_password));
+      value.push(mk_string_prop(QOS_PASSWORD_PROPERTY_NAME, file_password));
     }
 
     qos::policy::Property {