Crate zerodds_security

Expand description

Crate zerodds-security. Safety classification: SAFE (die Security-Plugins werden gegen Produktions-Vertrauensgrenzen ausgefuehrt; der SPI-Layer selbst ist trust-neutral).

DDS-Security 1.1 (formal/2018-04-01) Plugin-SPI: definiert die abstrakten Plugin-Traits + Datentypen + Generic-Message-Topics; Produktions-Implementationen leben in Schwester-Crates.

§Schichten-Position

Layer 4 — Core Services (SPI-Crate). Pure-Rust + alloc, keine ZeroDDS-Crate-Deps.

§Public API (Stand 1.0.0-rc.1)

Spec	Trait / Modul	Konkrete Impl
§8.3 Authentication	`AuthenticationPlugin` in `authentication`	`zerodds-security-pki` (X.509 + RSA-PSS + ECDSA + OCSP/CRL)
§8.4 Access Control	`AccessControlPlugin` in `access_control`	`zerodds-security-permissions` (Governance + Permissions-XML)
§8.5 Cryptographic	`CryptographicPlugin` in `crypto`	`zerodds-security-crypto` (AES-GCM 128/256 + HMAC-SHA256 + Receiver-Specific-MACs)
§8.6 Logging	`LoggingPlugin` in `logging`	`zerodds-security-logging`
§8.7 Data Tagging	`DataTaggingPlugin` in `data_tagging`	`zerodds-security-runtime` (Built-in DataTagging)

Plus Querschnitt:

token — IdentityToken, PermissionsToken, CryptoToken, DataHolder, BinaryProperty.
generic_message — ParticipantGenericMessage, MessageIdentity + Topic-Konstanten fuer DCPSParticipantStatelessMessage / DCPSParticipantVolatileMessageSecure.
properties — Property / PropertyList fuer Plugin-Konfiguration.
security_topic_qos — Built-in-Security-Topic-QoS-Profile.
error — SecurityError.
mock (Feature std) — Test-Mock-Plugins, niemals produktiv.

§Architektur

Das SPI ist Trait-basiert + Box<dyn Plugin>-erasable, damit verschiedene Backends (rustls vs. ring vs. mbedtls) ohne Crate- Wiring austauschbar sind. Jeder Plugin-Trait ist in sich geschlossen — keine Cross-References — damit Erweiterungen in einem Plugin nicht andere brechen.

§API-Stability-Pledge

Dieses Interface ist API-frozen ab 1.0.0-rc.1. Breaking Changes erfordern ein v2.0-Major-Bump. Semver-Patch + Minor duerfen nur neue Methoden mit Default-Body oder non-breaking Enum-Varianten hinzufuegen.

Re-exports§

pub use access_control::AccessControlPlugin;
pub use authentication::AuthenticationPlugin;
pub use crypto::CryptographicPlugin;
pub use data_tagging::DataTaggingPlugin;
pub use error::SecurityError;
pub use generic_message::MessageIdentity;
pub use generic_message::ParticipantGenericMessage;
pub use generic_message::TOPIC_STATELESS_MESSAGE;
pub use generic_message::TOPIC_VOLATILE_MESSAGE_SECURE;
pub use generic_message::TYPE_NAME_GENERIC_MESSAGE;
pub use logging::LogLevel;
pub use logging::LoggingPlugin;
pub use properties::Property;
pub use properties::PropertyList;
pub use token::BinaryProperty;
pub use token::CryptoToken;
pub use token::DataHolder;
pub use token::IdentityStatusToken;
pub use token::IdentityToken;
pub use token::PermissionsToken;
pub use token::WireProperty;

Modules§

access_control: Access-Control-Plugin SPI (OMG DDS-Security 1.1 §8.4).
authentication: Authentication-Plugin SPI (OMG DDS-Security 1.1 §8.3).
crypto: Cryptographic-Plugin SPI (OMG DDS-Security 1.1 §8.5).
data_tagging: Data-Tagging-Plugin SPI (OMG DDS-Security 1.1 §8.7).
error: Security-Error-Typen. OMG DDS-Security 1.1 §8.1.2 SecurityException.
generic_message: DDS-Security 1.2 §7.5.5 — ParticipantGenericMessage (C3.4).
logging: Logging-Plugin SPI (OMG DDS-Security 1.1 §8.6).
mock: Mock-Plugins fuer Tests.
properties: Property-Liste — Name/Value-Paare für Plugin-Konfiguration.
security_topic_qos: Security-Builtin-Topic QoS-Profile — DDS-Security 1.2 §7.5.3 + §7.5.4.
token: DDS-Security 1.2 Token-Strukturen (DataHolder + Property-Records).