Move libp11 dependency to tests only

CMakeLists.txt

@@ -165,7 +165,6 @@ if(SECURITY)
 else()
     find_package(OpenSSL)
 endif()
-find_package(LibP11)
 
 if(OPENSSL_FOUND)
     message(STATUS "OpenSSL library ${OPENSSL_VERSION} found...")

include/fastrtps/config.h.in

@@ -73,10 +73,6 @@
 #define HAVE_SECURITY @HAVE_SECURITY@
 #endif /* ifndef HAVE_SECURITY */
 
-#ifndef HAVE_LIBP11
-#define HAVE_LIBP11 @HAVE_LIBP11@
-#endif /* ifndef HAVE_LIBP11 */
-
 //Sqlite3 support
 #ifndef HAVE_SQLITE3
 #define HAVE_SQLITE3 @HAVE_SQLITE3@

src/cpp/CMakeLists.txt

@@ -305,14 +305,8 @@ if(SECURITY)
         ${${PROJECT_NAME}_security_source_files}
         )
     set(HAVE_SECURITY 1)
-    if(LIBP11_FOUND)
-        set(HAVE_LIBP11 1)
-    else()
-        set(HAVE_LIBP11 0)
-    endif()
 else()
     set(HAVE_SECURITY 0)
-    set(HAVE_LIBP11 0)
 endif()
 
 if(WIN32 AND (MSVC OR MSVC_IDE))
@@ -445,7 +439,6 @@ target_link_libraries(${PROJECT_NAME} ${PRIVACY} fastcdr foonathan_memory
     $<$<BOOL:${WIN32}>:iphlpapi$<SEMICOLON>Shlwapi>
     ${THIRDPARTY_BOOST_LINK_LIBS}
     PRIVATE eProsima_atomic
-    $<$<BOOL:${LibP11_FOUND}>:eProsima_p11>  # $<TARGET_NAME_IF_EXISTS:eProsima_p11>
     )
 
 if(MSVC OR MSVC_IDE)

src/cpp/security/artifact_providers/Pkcs11Provider.cpp

@@ -91,6 +91,7 @@ Pkcs11Provider::Pkcs11Provider()
     {
         has_initialization_error_ = true;
         initialization_exception_ = _SecurityException_(std::string("Error retrieving 'pkcs11' engine"));
+        return;
     }
 
     // Load the PIN from the environment
@@ -103,6 +104,7 @@ Pkcs11Provider::Pkcs11Provider()
             initialization_exception_ =
                     _SecurityException_(std::string("Error setting the PIN in the 'pkcs11' engine"));
             ENGINE_free(pkcs11_);
+            return;
         }
     }
 
@@ -112,6 +114,7 @@ Pkcs11Provider::Pkcs11Provider()
         has_initialization_error_ = true;
         initialization_exception_ = _SecurityException_(std::string("Error initializing the HSM provider library"));
         ENGINE_free(pkcs11_);
+        return;
     }
 }
 

src/cpp/security/artifact_providers/Pkcs11Provider.hpp

@@ -23,13 +23,8 @@
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
-#if HAVE_LIBP11
-#include <libp11.h>
-#endif // HAVE_LIBP11
-
 #include <fastdds/rtps/security/exceptions/SecurityException.h>
 
-
 namespace eprosima {
 namespace fastrtps {
 namespace rtps {

src/cpp/security/authentication/PKIDH.cpp

@@ -258,27 +258,27 @@ static EVP_PKEY* load_private_key(
         SecurityException& exception,
         PKIDH& pkidh)
 {
+    EVP_PKEY* key = nullptr;
+
     if (file.size() >= 7 && file.compare(0, 7, "file://") == 0)
     {
-        return detail::FileProvider::load_private_key(certificate, file, password, exception);
+        key = detail::FileProvider::load_private_key(certificate, file, password, exception);
     }
     else if (file.size() >= 7 && file.compare(0, 7, "pkcs11:") == 0)
     {
-#if HAVE_LIBP11
         if (!pkidh.pkcs11_provider)
         {
             pkidh.pkcs11_provider.reset(new detail::Pkcs11Provider());
         }
-        return pkidh.pkcs11_provider->load_private_key(certificate, file, password, exception);
-#else  // HAVE_LIBP11
-        static_cast<void>(pkidh);
-        exception = _SecurityException_(std::string("PKCS11 URIs require libp11 ") + file);
-        return nullptr;
-#endif // HAVE_LIBP11
+
+        key = pkidh.pkcs11_provider->load_private_key(certificate, file, password, exception);
+    }
+    else
+    {
+        exception = _SecurityException_(std::string("Unsupported URI format ") + file);
     }
 
-    exception = _SecurityException_(std::string("Unsupported URI format ") + file);
-    return nullptr;
+    return key;
 }
 
 static bool store_certificate_in_buffer(

src/cpp/security/authentication/PKIDH.h

@@ -114,9 +114,7 @@ class PKIDH : public Authentication
             PermissionsCredentialToken* token,
             SecurityException& ex) override;
 
-#if HAVE_LIBP11
     std::unique_ptr<detail::Pkcs11Provider> pkcs11_provider;
-#endif // HAVE_LIBP11
 
 private:
 

test/blackbox/CMakeLists.txt

@@ -203,17 +203,28 @@ if(WIN32)
         )
 endif()
 
-# OpenSSL on Windows requires a hint on which config file to load
-if(WIN32 AND OPENSSL_FOUND)
-    get_filename_component(OPENSSL_DIR "${OPENSSL_INCLUDE_DIR}" DIRECTORY)
-    set(OPENSSL_CONF "${OPENSSL_DIR}/bin/cnf/openssl.cnf")
-    unset(OPENSSL_DIR)
-endif()
-
 ###############################################################################
 # Blackbox tests
 ###############################################################################
 
+# OpenSSL on Windows requires hinting a config file on some specific tests.
+# This tests require a very specific deployment (configuration setup & dependent libraries)
+# that is only available on our CI, thus we enforced the use of EPROSIMA_BUILD to enable them.
+if(OPENSSL_FOUND)
+    # This feature is officially supported only for linux and windows OS.
+    if(EPROSIMA_BUILD AND NOT APPLE)
+        find_package(LibP11 REQUIRED)
+
+        if(WIN32)
+                get_filename_component(OPENSSL_DIR "${OPENSSL_INCLUDE_DIR}" DIRECTORY)
+                set(OPENSSL_CONF "${OPENSSL_DIR}/bin/cnf/openssl.cnf")
+                unset(OPENSSL_DIR)
+        endif()
+    else()
+        find_package(LibP11)
+    endif()
+endif()
+
 # Filter pksc11 related tests if library is not available
 # TODO: restore for windows when CI gets operational
 #if(NOT LibP11_FOUND)

test/blackbox/common/BlackboxTestsSecurity.cpp

@@ -3044,8 +3044,6 @@ TEST_P(Security, BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_valid
     }
 }
 
-#if HAVE_LIBP11
-
 template <typename DataType>
 void prepare_pkcs11_nodes(
         PubSubReader<DataType>& reader,
@@ -3193,7 +3191,6 @@ TEST_F(SecurityPkcs, BuiltinAuthenticationAndAccessAndCryptoPlugin_pkcs11_key)
 #endif // ifdef _WIN32
     }
 }
-#endif // HAVE_LIBP11
 
 static void BuiltinAuthenticationAndAccessAndCryptoPlugin_Permissions_validation_ok_common(
         PubSubReader<HelloWorldPubSubType>& reader,