engage-engine 1.236.90760003 → 1.238.90780004

package/include/ConfigurationObjects.h

@@ -2105,6 +2105,22 @@ namespace AppConfigurationObjects
         getOptional<NetworkAddress>("tx", p.tx, j);
     }
 
+    /** @brief Enum describing restriction types. */
+    typedef enum
+    {
+        /** @brief Registration for groups is allowed by default */
+        graptPermissive = 0,
+
+        /** @brief Registration for groups is NOT allowed by default - requires definitive access through something like a whitelist*/
+        graptStrict = 1
+    } GroupRestrictionAccessPolicyType_t;
+
+    static bool isValidGroupRestrictionAccessPolicyType(GroupRestrictionAccessPolicyType_t t)
+    {
+        return (t == GroupRestrictionAccessPolicyType_t::graptPermissive ||
+                t == GroupRestrictionAccessPolicyType_t::graptStrict );
+    }
+
     /** @brief Enum describing restriction types. */
     typedef enum
     {
@@ -2125,6 +2141,43 @@ namespace AppConfigurationObjects
                 t == RestrictionType_t::rtBlacklist );
     }
 
+    /** @brief Enum describing restriction element types. */
+    typedef enum
+    {
+        /** @brief A literal group ID */
+        retGroupId = 0,
+
+        /** @brief Elements are group ID regex patterns */
+        retGroupIdPattern = 1,
+
+        /** @brief Elements are generic access tags regex patterns */
+        retGenericAccessTagPattern = 2,
+
+        /** @brief Elements are X.509 certificate serial number regex patterns */
+        retCertificateSerialNumberPattern = 3,
+
+        /** @brief Elements are X.509 certificate fingerprint regex patterns */
+        retCertificateFingerprintPattern = 4,
+
+        /** @brief Elements are X.509 certificate subject regex patterns */
+        retCertificateSubjectPattern = 5,
+
+        /** @brief Elements are X.509 certificate issuer regex patterns */
+        retCertificateIssuerPattern = 6
+    } RestrictionElementType_t;    
+
+    static bool isValidRestrictionElementType(RestrictionElementType_t t)
+    {
+        return (t == RestrictionElementType_t::retGroupId ||
+                t == RestrictionElementType_t::retGroupIdPattern ||
+                t == RestrictionElementType_t::retGenericAccessTagPattern ||
+                t == RestrictionElementType_t::retCertificateSerialNumberPattern ||
+                t == RestrictionElementType_t::retCertificateFingerprintPattern ||
+                t == RestrictionElementType_t::retCertificateSubjectPattern ||
+                t == RestrictionElementType_t::retCertificateIssuerPattern);
+    }
+
+
     //-----------------------------------------------------------
     JSON_SERIALIZED_CLASS(NetworkAddressRestrictionList)
     /**
@@ -2196,12 +2249,16 @@ namespace AppConfigurationObjects
         /** @brief Type indicating how the elements are to be treated **/
         RestrictionType_t                   type;
 
+        /** @brief Type indicating what kind of data each element contains **/
+        RestrictionElementType_t            elementsType;
+
         /** @brief List of elements */
-        std::vector<std::string>     elements;
+        std::vector<std::string>            elements;
 
         StringRestrictionList()
         {
             type = RestrictionType_t::rtUndefined;
+            elementsType = RestrictionElementType_t::retGroupId;
             clear();
         }
 
@@ -2215,6 +2272,7 @@ namespace AppConfigurationObjects
     {
         j = nlohmann::json{
             TOJSON_IMPL(type),
+            TOJSON_IMPL(elementsType),
             TOJSON_IMPL(elements)
         };
     }
@@ -2222,6 +2280,7 @@ namespace AppConfigurationObjects
     {
         p.clear();
         getOptional<RestrictionType_t>("type", p.type, j, RestrictionType_t::rtUndefined);
+        getOptional<RestrictionElementType_t>("elementsType", p.elementsType, j, RestrictionElementType_t::retGroupId);
         getOptional<std::vector<std::string>>("elements", p.elements, j);
     }
 
@@ -3879,6 +3938,44 @@ namespace AppConfigurationObjects
     ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_SECURITY_CLASSIFICATION_LEVEL_TOO_HIGH = "SecurityClassificationLevelTooHigh";
     /** @brief The Rallypoint has denied the registration for no specific reason **/
     ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_GENERAL_DENIAL = "GeneralDenial";
+
+    /** @brief The Rallypoint denied the registration request because the far-end's certificate does not have an access tag for the group **/
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_NO_ACCESS_TAG = "NoAccessTag";
+    /** @brief The Rallypoint denied the registration request because the far-end's certificate does not have an access tag for the group **/
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_EXCLUDED_ACCESS_TAG = "ExcludedAccessTag";
+    /** @brief The Rallypoint denied the registration request because the far-end's certificate does not have an an approved serial number **/
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_NO_SERIAL = "NoSerial";
+    /** @brief The Rallypoint denied the registration request because the far-end's certificate serial number has been excluded **/
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_EXCLUDED_SERIAL = "ExcludedSerial";
+    /** @brief The Rallypoint denied the registration request because the far-end's certificate does not have an an approved fingerprint **/
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_NO_FINGERPRINT = "NoFingerprint";
+    /** @brief The Rallypoint denied the registration request because the far-end's certificate fingerprint has been excluded **/
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_EXCLUDED_FINGERPRINT = "ExcludedFingerprint";
+    /** @brief The Rallypoint denied the registration request because the far-end's certificate does not have an an approved subject **/
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_NO_SUBJECT = "NoSubject";
+    /** @brief The Rallypoint denied the registration request because the far-end's certificate subject has been excluded **/
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_EXCLUDED_SUBJECT = "ExcludedSubject";
+    /** @brief The Rallypoint denied the registration request because the far-end's certificate does not have an an approved issuer **/
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_NO_ISSUER = "NoIssuer";
+    /** @brief The Rallypoint denied the registration request because the far-end's certificate issuer has been excluded **/
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_EXCLUDED_ISSUER = "ExcludedIssuer";
+    /** @brief The Rallypoint denied the registration request because the far-end does not appear in any whitelist criteria **/
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_NOT_ON_WHITELIST = "NotOnWhitelist";
+    /** @brief The Rallypoint denied the registration request because the far-end does appears in blackist criteria **/
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *GROUP_DISCONNECTED_REASON_ON_BLACKLIST = "OnBlacklist";
+
+    /** @} */
+
+    /** @addtogroup OID IANA-type object identifiers
+     *
+     * Object Identifiers we commonly use
+     *
+     *  @{
+     */
+    /** @brief Rally Tactical Systems' PEN as assigned by IANA */
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *OID_RTS_PEM = "58217";
+    /** @brief The link to the Rallypoint is down */
+    ENGAGE_IGNORE_COMPILER_UNUSED_WARNING static const char *OID_RTS_CERT_SUBJ_ACCESS_TAGS = "1.3.6.1.4.1.58217.1";    
     /** @} */
 
 
@@ -7944,6 +8041,54 @@ namespace AppConfigurationObjects
         getOptional<std::vector<std::string>>("extraMeshes", p.extraMeshes, j);
     }
 
+
+    //-----------------------------------------------------------
+    JSON_SERIALIZED_CLASS(RallypointExtendedGroupRestriction)
+    /**
+     * @brief Defines settings for Rallypoint extended group restrictions
+     *
+     * Example: @include[doc] examples/RallypointExtendedGroupRestriction.json
+     *
+     */
+    class RallypointExtendedGroupRestriction : public ConfigurationObjectBase
+    {
+        IMPLEMENT_JSON_SERIALIZATION()
+        IMPLEMENT_JSON_DOCUMENTATION(RallypointExtendedGroupRestriction)
+
+    public:
+        /** @brief Group ID */
+        std::string                             id;
+
+        /** @brief Restrictions */
+        std::vector<StringRestrictionList>      restrictions;
+
+        RallypointExtendedGroupRestriction()
+        {
+            clear();
+        }
+
+        void clear()
+        {
+            id.clear();
+            restrictions.clear();
+        }
+    };
+
+    static void to_json(nlohmann::json& j, const RallypointExtendedGroupRestriction& p)
+    {
+        j = nlohmann::json{
+            TOJSON_IMPL(id),
+            TOJSON_IMPL(restrictions)
+        };
+    }
+    static void from_json(const nlohmann::json& j, RallypointExtendedGroupRestriction& p)
+    {
+        p.clear();
+        getOptional<std::string>("id", p.id, j);
+        getOptional<std::vector<StringRestrictionList>>("restrictions", p.restrictions, j);
+    }
+
+
     //-----------------------------------------------------------
     JSON_SERIALIZED_CLASS(RallypointServer)
     /**
@@ -8056,6 +8201,12 @@ namespace AppConfigurationObjects
         /** @brief Group IDs to be restricted (inclusive or exclusive) */
         StringRestrictionList                       groupRestrictions;
 
+        /** @brief The policy employed to allow group registration */
+        GroupRestrictionAccessPolicyType_t          groupRestrictionAccessPolicyType;
+
+        /** @brief Extended group restrictions */
+        std::vector<RallypointExtendedGroupRestriction>       extendedGroupRestrictions;
+
         /** @brief Name to use for signalling a configuration check */
         std::string                                 configurationCheckSignalName;
 
@@ -8159,6 +8310,8 @@ namespace AppConfigurationObjects
             websocket.clear();
             nsm.clear();
             advertising.clear();
+            extendedGroupRestrictions.clear();
+            groupRestrictionAccessPolicyType = GroupRestrictionAccessPolicyType_t::graptPermissive;
         }
     };
 
@@ -8212,7 +8365,9 @@ namespace AppConfigurationObjects
             TOJSON_IMPL(peerRtBehaviors),
             TOJSON_IMPL(websocket),
             TOJSON_IMPL(nsm),
-            TOJSON_IMPL(advertising)
+            TOJSON_IMPL(advertising),
+            TOJSON_IMPL(extendedGroupRestrictions),
+            TOJSON_IMPL(groupRestrictionAccessPolicyType)
         };
     }
     static void from_json(const nlohmann::json& j, RallypointServer& p)
@@ -8266,6 +8421,8 @@ namespace AppConfigurationObjects
         getOptional<RallypointWebsocketSettings>("websocket", p.websocket, j);
         getOptional<NsmConfiguration>("nsm", p.nsm, j);
         getOptional<RallypointAdvertisingSettings>("advertising", p.advertising, j);
+        getOptional<std::vector<RallypointExtendedGroupRestriction>>("extendedGroupRestrictions", p.extendedGroupRestrictions, j);        
+        getOptional<GroupRestrictionAccessPolicyType_t>("groupRestrictionAccessPolicyType", p.groupRestrictionAccessPolicyType, j, GroupRestrictionAccessPolicyType_t::graptPermissive);
     }
 
     //-----------------------------------------------------------
@@ -8703,6 +8860,53 @@ namespace AppConfigurationObjects
         getOptional<std::vector<CertStoreCertificateElement>>("certificates", p.certificates, j);
     }
 
+    //-----------------------------------------------------------
+    JSON_SERIALIZED_CLASS(CertificateSubjectElement)
+    /**
+    * @brief Description of a certificate subject element
+    *
+    * Helper C++ class to serialize and de-serialize CertificateSubjectElement JSON
+    *
+    */
+    class CertificateSubjectElement : public ConfigurationObjectBase
+    {
+        IMPLEMENT_JSON_SERIALIZATION()
+        IMPLEMENT_JSON_DOCUMENTATION(CertificateSubjectElement)
+
+    public:
+        /** @brief Name */
+        std::string                                     name;
+
+        /** @brief Value */
+        std::string                                     value;
+
+        CertificateSubjectElement()
+        {
+            clear();
+        }
+
+        void clear()
+        {
+            name.clear();
+            value.clear();
+        }
+    };
+
+    static void to_json(nlohmann::json& j, const CertificateSubjectElement& p)
+    {
+        j = nlohmann::json{
+            TOJSON_IMPL(name),
+            TOJSON_IMPL(value)
+        };
+    }
+    static void from_json(const nlohmann::json& j, CertificateSubjectElement& p)
+    {
+        p.clear();
+        getOptional<std::string>("name", p.name, j, EMPTY_STRING);
+        getOptional<std::string>("value", p.value, j, EMPTY_STRING);
+    }
+
+
     //-----------------------------------------------------------
     JSON_SERIALIZED_CLASS(CertificateDescriptor)
     /**
@@ -8741,6 +8945,9 @@ namespace AppConfigurationObjects
         /** @brief Fingerprint */
         std::string                                     fingerprint;
 
+        /** @brief Array of subject elements */
+        std::vector<CertificateSubjectElement>          subjectElements;
+
         CertificateDescriptor()
         {
             clear();
@@ -8756,6 +8963,7 @@ namespace AppConfigurationObjects
             notAfter.clear();
             serial.clear();
             fingerprint.clear();
+            subjectElements.clear();
         }
     };
 
@@ -8769,7 +8977,8 @@ namespace AppConfigurationObjects
             TOJSON_IMPL(notBefore),
             TOJSON_IMPL(notAfter),
             TOJSON_IMPL(serial),
-            TOJSON_IMPL(fingerprint)
+            TOJSON_IMPL(fingerprint),
+            TOJSON_IMPL(subjectElements)
         };
     }
     static void from_json(const nlohmann::json& j, CertificateDescriptor& p)
@@ -8783,6 +8992,7 @@ namespace AppConfigurationObjects
         getOptional<std::string>("notAfter", p.notAfter, j, EMPTY_STRING);
         getOptional<std::string>("serial", p.serial, j, EMPTY_STRING);
         getOptional<std::string>("fingerprint", p.fingerprint, j, EMPTY_STRING);
+        getOptional<std::vector<CertificateSubjectElement>>("subjectElements", p.subjectElements, j);
     }
 
 

package/include/EngageConstants.h

@@ -9,8 +9,11 @@
 #include <stdint.h>
 
 #if 1
-#include <cstddef>
-#include <cstdint>
+
+#if !defined(__APPLE__)
+    #include <cstddef>
+    #include <cstdint>
+#endif
 
 #ifdef WIN32
     #include <winsock2.h>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "engage-engine",
-  "version": "1.236.90760003",
+  "version": "1.238.90780004",
   "description": "Use Engage to communicate with everyone, everywhere, from any device",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1"