Skip to main content

PeerCapabilities

zerodds_security_runtime::caps

Struct PeerCapabilities 

Source 
pub struct PeerCapabilities {
    pub auth_plugin_class: Option<String>,
    pub crypto_plugin_class: Option<String>,
    pub access_plugin_class: Option<String>,
    pub supported_suites: Vec<SuiteHint>,
    pub offered_protection: ProtectionLevel,
    pub has_valid_cert: bool,
    pub validity_window: Option<Validity>,
    pub vendor_hint: Option<String>,
    pub cert_cn: Option<String>,
    pub delegation_chain: Option<DelegationChain>,
}
Expand description

Security-relevante Capabilities eines Remote-Peers.

Wird aus SPDP-Properties (Auth-/Crypto-/Access-Plugin-Class, zerodds.sec.supported_suites, zerodds.sec.offered_protection) sowie aus SEDP-Permissions-Tokens befuellt. Legacy-Peers ohne Security-Properties landen mit auth_plugin_class=None hier — kein Drop, die crate::PolicyEngine entscheidet pro Domain-Rule, ob Legacy akzeptiert wird.

Alle Felder sind Option-/Vec-basiert, damit Partial-Updates (Upgrade-Pfad in §4.3 der Architektur-Doc) sauber moeglich sind.

Fields§

§auth_plugin_class: Option<String>

DDS:Auth:PKI-DH:1.2 (Spec 1.2 §10.3.2.1) etc. None = Legacy- Peer ohne Auth-Plugin.

§crypto_plugin_class: Option<String>

DDS:Crypto:AES-GCM-GMAC:1.2 (Spec 1.2 §10.5) etc.

§access_plugin_class: Option<String>

DDS:Access:Permissions:1.2 (Spec 1.2 §10.4) etc.

§supported_suites: Vec<SuiteHint>

Suites, die der Peer laut SPDP-Annonce akzeptieren wuerde.

§offered_protection: ProtectionLevel

Protection-Level, das der Peer selbst anbietet.

§has_valid_cert: bool

true wenn Cert-Chain + OCSP geprueft und ok — wird vom Authentication-Plugin gesetzt, nicht aus SPDP.

§validity_window: Option<Validity>

Validity-Window aus dem Permissions-Token.

§vendor_hint: Option<String>

Vendor-Identifikation (z.B. "Cyclone DDS", "Fast DDS") fuer Quirks.

§cert_cn: Option<String>

Subject-Common-Name aus dem Peer-Cert (z.B. "writer1.fast.example"). Wird vom Authentication-Plugin nach erfolgreichem Handshake gesetzt; nicht via SPDP propagiert. Genutzt fuer <zerodds:peer_class><match cert_cn_pattern=...> .

§delegation_chain: Option<DelegationChain>

Delegation-Chain. Wird vom Edge- oder Sub-Gateway via SPDP-Property zerodds.sec.delegation_chain propagiert. Validation gegen ein Delegation-Profile passiert in peer_matches_class (j-d). None = Peer ohne Chain (= direkt authentifizierter Peer oder Legacy).

Implementations§

Source§

impl PeerCapabilities

Source

pub fn merge_update(&mut self, other: &PeerCapabilities)

Mischt nicht-leere Felder aus other in self. Leere Felder (None, []) bleiben unveraendert — damit sind mehrere partielle SPDP-Updates idempotent und reihenfolge-tolerant.

Sonderregeln:

  • offered_protection wird immer uebernommen (monoton steigend via ProtectionLevel::stronger) — ein Peer kann sein Level upgraden, aber nicht still herunterstufen.
  • has_valid_cert=true ist sticky: einmal validiert, kann es nicht zu false zurueckfallen (Cert-Rotation erfordert explizites PeerCache::forget).

Trait Implementations§

Source§

impl Clone for PeerCapabilities

Source§

fn clone(&self) -> PeerCapabilities

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for PeerCapabilities

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for PeerCapabilities

Source§

fn default() -> PeerCapabilities

Returns the “default value” for a type. Read more
Source§

impl PartialEq for PeerCapabilities

Source§

fn eq(&self, other: &PeerCapabilities) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Eq for PeerCapabilities

Source§

impl StructuralPartialEq for PeerCapabilities

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.