Mailing-List: contact commits-help@celix.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@celix.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: pnoltes@apache.org
To: commits@celix.apache.org
Date: Mon, 06 Feb 2017 18:34:13 -0000
Message-Id: <42273219a2ea4445aec85a8bb0e8bab8@git.apache.org>
Subject: [01/19] celix git commit: CELIX-396: Implemented security per pubsub
 topic
archived-at: Mon, 06 Feb 2017 18:34:16 -0000

Repository: celix
Updated Branches:
  refs/heads/develop f9a5fb11e -> 2d0923ea4


CELIX-396: Implemented security per pubsub topic


Project: http://git-wip-us.apache.org/repos/asf/celix/repo
Commit: http://git-wip-us.apache.org/repos/asf/celix/commit/f32d071a
Tree: http://git-wip-us.apache.org/repos/asf/celix/tree/f32d071a
Diff: http://git-wip-us.apache.org/repos/asf/celix/diff/f32d071a

Branch: refs/heads/develop
Commit: f32d071a57b5816dc1448047152f0321f5216148
Parents: f9a5fb1
Author: Roy Lenferink <lenferinkroy@gmail.com>
Authored: Mon Feb 6 16:28:29 2017 +0100
Committer: Roy Lenferink <lenferinkroy@gmail.com>
Committed: Mon Feb 6 16:28:29 2017 +0100

----------------------------------------------------------------------
 celix-pubsub/pubsub/CMakeLists.txt              |   2 +-
 .../pubsub/msg_descriptors/poi1.properties      |   2 +-
 celix-pubsub/pubsub/keygen/CMakeLists.txt       |   2 +-
 .../pubsub/pubsub_admin_zmq/CMakeLists.txt      |   4 +-
 .../private/include/topic_subscription.h        |   2 +-
 .../private/src/pubsub_admin_impl.c             |  10 +-
 .../private/src/topic_publication.c             |  87 +++++++++-----
 .../private/src/topic_subscription.c            | 116 ++++++++++++-------
 .../public/include/pubsub_endpoint.h            |   1 +
 9 files changed, 147 insertions(+), 79 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/celix/blob/f32d071a/celix-pubsub/pubsub/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/celix-pubsub/pubsub/CMakeLists.txt b/celix-pubsub/pubsub/CMakeLists.txt
index c61aaeb..7da5184 100644
--- a/celix-pubsub/pubsub/CMakeLists.txt
+++ b/celix-pubsub/pubsub/CMakeLists.txt
@@ -21,7 +21,7 @@ if (PUBSUB)
 	include_directories("${PROJECT_SOURCE_DIR}/utils/public/include")
 	include_directories("${PROJECT_SOURCE_DIR}/framework/public/include")
 
-	option(ENABLE_ZMQ_SECURITY "Enable security for ZeroMQ" OFF)
+	option(BUILD_ZMQ_SECURITY "Build with security for ZeroMQ." OFF)
 	
 	set (PUBSUB_SERIALIZER_SRC "${PROJECT_SOURCE_DIR}/pubsub/pubsub_common/public/src/pubsub_serializer.c")
 	set (SERIALIZER_PATH "" CACHE FILEPATH "Path to the directory which will contain the serializer (include / src).")

http://git-wip-us.apache.org/repos/asf/celix/blob/f32d071a/celix-pubsub/pubsub/examples/pubsub/msg_descriptors/poi1.properties
----------------------------------------------------------------------
diff --git a/celix-pubsub/pubsub/examples/pubsub/msg_descriptors/poi1.properties b/celix-pubsub/pubsub/examples/pubsub/msg_descriptors/poi1.properties
index bd06c13..634a20f 100644
--- a/celix-pubsub/pubsub/examples/pubsub/msg_descriptors/poi1.properties
+++ b/celix-pubsub/pubsub/examples/pubsub/msg_descriptors/poi1.properties
@@ -1,5 +1,5 @@
 #
-# included in the bundle at location META-INF/topics/[pub|sub]/poi2.properties
+# included in the bundle at location META-INF/topics/[pub|sub]/poi1.properties
 #
 
 #topic info

http://git-wip-us.apache.org/repos/asf/celix/blob/f32d071a/celix-pubsub/pubsub/keygen/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/celix-pubsub/pubsub/keygen/CMakeLists.txt b/celix-pubsub/pubsub/keygen/CMakeLists.txt
index 4cb4f5a..bc42173 100644
--- a/celix-pubsub/pubsub/keygen/CMakeLists.txt
+++ b/celix-pubsub/pubsub/keygen/CMakeLists.txt
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-if (ENABLE_ZMQ_SECURITY)
+if (BUILD_ZMQ_SECURITY)
 
 	find_package(ZMQ REQUIRED)
 	find_package(CZMQ REQUIRED)

http://git-wip-us.apache.org/repos/asf/celix/blob/f32d071a/celix-pubsub/pubsub/pubsub_admin_zmq/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/celix-pubsub/pubsub/pubsub_admin_zmq/CMakeLists.txt b/celix-pubsub/pubsub/pubsub_admin_zmq/CMakeLists.txt
index 9ca4ddc..def6c32 100644
--- a/celix-pubsub/pubsub/pubsub_admin_zmq/CMakeLists.txt
+++ b/celix-pubsub/pubsub/pubsub_admin_zmq/CMakeLists.txt
@@ -39,8 +39,8 @@ if (SERIALIZER_LIB_DIR)
 	link_directories("${SERIALIZER_LIB_DIR}")
 endif()
 
-if (ENABLE_ZMQ_SECURITY)
-	add_definitions(-DUSE_ZMQ_SECURITY=1)
+if (BUILD_ZMQ_SECURITY)
+	add_definitions(-DBUILD_WITH_ZMQ_SECURITY=1)
 
 	find_package(OpenSSL 1.1.0 REQUIRED)
 	include_directories("${OPENSSL_INCLUDE_DIR}")

http://git-wip-us.apache.org/repos/asf/celix/blob/f32d071a/celix-pubsub/pubsub/pubsub_admin_zmq/private/include/topic_subscription.h
----------------------------------------------------------------------
diff --git a/celix-pubsub/pubsub/pubsub_admin_zmq/private/include/topic_subscription.h b/celix-pubsub/pubsub/pubsub_admin_zmq/private/include/topic_subscription.h
index d4c65bb..d6bf8fb 100644
--- a/celix-pubsub/pubsub/pubsub_admin_zmq/private/include/topic_subscription.h
+++ b/celix-pubsub/pubsub/pubsub_admin_zmq/private/include/topic_subscription.h
@@ -37,7 +37,7 @@
 
 typedef struct topic_subscription* topic_subscription_pt;
 
-celix_status_t pubsub_topicSubscriptionCreate(bundle_context_pt bundle_context,char* scope, char* topic,topic_subscription_pt* out);
+celix_status_t pubsub_topicSubscriptionCreate(bundle_context_pt bundle_context, pubsub_endpoint_pt subEP, char* scope, char* topic,topic_subscription_pt* out);
 celix_status_t pubsub_topicSubscriptionDestroy(topic_subscription_pt ts);
 celix_status_t pubsub_topicSubscriptionStart(topic_subscription_pt ts);
 celix_status_t pubsub_topicSubscriptionStop(topic_subscription_pt ts);

http://git-wip-us.apache.org/repos/asf/celix/blob/f32d071a/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/pubsub_admin_impl.c
----------------------------------------------------------------------
diff --git a/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/pubsub_admin_impl.c b/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/pubsub_admin_impl.c
index 47bf094..d83abf0 100644
--- a/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/pubsub_admin_impl.c
+++ b/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/pubsub_admin_impl.c
@@ -73,7 +73,7 @@ static celix_status_t pubsubAdmin_addAnySubscription(pubsub_admin_pt admin,pubsu
 celix_status_t pubsubAdmin_create(bundle_context_pt context, pubsub_admin_pt *admin) {
 	celix_status_t status = CELIX_SUCCESS;
 
-#ifdef USE_ZMQ_SECURITY
+#ifdef BUILD_WITH_ZMQ_SECURITY
 	if (!zsys_has_curve()){
 		printf("PSA: zeromq curve unsupported\n");
 		return CELIX_SERVICE_EXCEPTION;
@@ -165,7 +165,7 @@ celix_status_t pubsubAdmin_create(bundle_context_pt context, pubsub_admin_pt *ad
 			}
 		}
 
-#ifdef USE_ZMQ_SECURITY
+#ifdef BUILD_WITH_ZMQ_SECURITY
 		// Setup authenticator
 		zactor_t* auth = zactor_new (zauth, NULL);
 		zstr_sendx(auth, "VERBOSE", NULL);
@@ -232,7 +232,7 @@ celix_status_t pubsubAdmin_destroy(pubsub_admin_pt admin)
 
 	logHelper_destroy(&admin->loghelper);
 
-#ifdef USE_ZMQ_SECURITY
+#ifdef BUILD_WITH_ZMQ_SECURITY
 	if (admin->zmq_auth != NULL){
 		zactor_destroy(&(admin->zmq_auth));
 	}
@@ -254,7 +254,7 @@ static celix_status_t pubsubAdmin_addAnySubscription(pubsub_admin_pt admin,pubsu
 
 		int i;
 
-		status += pubsub_topicSubscriptionCreate(admin->bundle_context, PUBSUB_SUBSCRIBER_SCOPE_DEFAULT, PUBSUB_ANY_SUB_TOPIC, &any_sub);
+		status += pubsub_topicSubscriptionCreate(admin->bundle_context, subEP, PUBSUB_SUBSCRIBER_SCOPE_DEFAULT, PUBSUB_ANY_SUB_TOPIC, &any_sub);
 
 		if (status == CELIX_SUCCESS){
 
@@ -340,7 +340,7 @@ celix_status_t pubsubAdmin_addSubscription(pubsub_admin_pt admin,pubsub_endpoint
 		topic_subscription_pt subscription = hashMap_get(admin->subscriptions, scope_topic);
 
 		if(subscription == NULL) {
-			status += pubsub_topicSubscriptionCreate(admin->bundle_context,subEP->scope, subEP->topic,&subscription);
+			status += pubsub_topicSubscriptionCreate(admin->bundle_context,subEP,subEP->scope, subEP->topic,&subscription);
 
 			if (status==CELIX_SUCCESS){
 

http://git-wip-us.apache.org/repos/asf/celix/blob/f32d071a/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/topic_publication.c
----------------------------------------------------------------------
diff --git a/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/topic_publication.c b/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/topic_publication.c
index 4943884..b76b1ce 100644
--- a/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/topic_publication.c
+++ b/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/topic_publication.c
@@ -53,7 +53,7 @@
 
 #include "pubsub_serializer.h"
 
-#ifdef USE_ZMQ_SECURITY
+#ifdef BUILD_WITH_ZMQ_SECURITY
 	#include "zmq_crypto.h"
 
 	#define MAX_CERT_PATH_LENGTH 512
@@ -109,43 +109,72 @@ static void delay_first_send_for_late_joiners(void);
 celix_status_t pubsub_topicPublicationCreate(bundle_context_pt bundle_context, pubsub_endpoint_pt pubEP,char* bindIP, unsigned int basePort, unsigned int maxPort, topic_publication_pt *out){
 	celix_status_t status = CELIX_SUCCESS;
 
-#ifdef USE_ZMQ_SECURITY
-	char* keys_bundle_dir = pubsub_getKeysBundleDir(bundle_context);
-	if (keys_bundle_dir == NULL){
-		return CELIX_SERVICE_EXCEPTION;
+#ifdef BUILD_WITH_ZMQ_SECURITY
+	char* secure_topics = NULL;
+	bundleContext_getProperty(bundle_context, "SECURE_TOPICS", (const char **) &secure_topics);
+
+	if (secure_topics){
+		array_list_pt secure_topics_list = pubsub_getTopicsFromString(secure_topics);
+
+		int i;
+		int secure_topics_size = arrayList_size(secure_topics_list);
+		for (i = 0; i < secure_topics_size; i++){
+			char* top = arrayList_get(secure_topics_list, i);
+			if (strcmp(pubEP->topic, top) == 0){
+				printf("TP: Secure topic: '%s'\n", top);
+				pubEP->is_secure = true;
+			}
+			free(top);
+			top = NULL;
+		}
+
+		arrayList_destroy(secure_topics_list);
 	}
 
-	const char* keys_file_path = NULL;
-	const char* keys_file_name = NULL;
-	bundleContext_getProperty(bundle_context, PROPERTY_KEYS_FILE_PATH, &keys_file_path);
-	bundleContext_getProperty(bundle_context, PROPERTY_KEYS_FILE_NAME, &keys_file_name);
+	zcert_t* pub_cert = NULL;
+	if (pubEP->is_secure){
+		char* keys_bundle_dir = pubsub_getKeysBundleDir(bundle_context);
+		if (keys_bundle_dir == NULL){
+			return CELIX_SERVICE_EXCEPTION;
+		}
 
-	char cert_path[MAX_CERT_PATH_LENGTH];
+		const char* keys_file_path = NULL;
+		const char* keys_file_name = NULL;
+		bundleContext_getProperty(bundle_context, PROPERTY_KEYS_FILE_PATH, &keys_file_path);
+		bundleContext_getProperty(bundle_context, PROPERTY_KEYS_FILE_NAME, &keys_file_name);
 
-	//certificate path ".cache/bundle{id}/version0.0/./META-INF/keys/publisher/private/pub_{topic}.key"
-	snprintf(cert_path, MAX_CERT_PATH_LENGTH, "%s/META-INF/keys/publisher/private/pub_%s.key.enc", keys_bundle_dir, pubEP->topic);
-	free(keys_bundle_dir);
-	printf("PSA: Loading key '%s'\n", cert_path);
+		char cert_path[MAX_CERT_PATH_LENGTH];
 
-	zcert_t* pub_cert = get_zcert_from_encoded_file((char *) keys_file_path, (char *) keys_file_name, cert_path);
-	if (pub_cert == NULL){
-		printf("PSA: Cannot load key '%s'\n", cert_path);
-		return CELIX_SERVICE_EXCEPTION;
+		//certificate path ".cache/bundle{id}/version0.0/./META-INF/keys/publisher/private/pub_{topic}.key"
+		snprintf(cert_path, MAX_CERT_PATH_LENGTH, "%s/META-INF/keys/publisher/private/pub_%s.key.enc", keys_bundle_dir, pubEP->topic);
+		free(keys_bundle_dir);
+		printf("TP: Loading key '%s'\n", cert_path);
+
+		pub_cert = get_zcert_from_encoded_file((char *) keys_file_path, (char *) keys_file_name, cert_path);
+		if (pub_cert == NULL){
+			printf("TP: Cannot load key '%s'\n", cert_path);
+			printf("TP: Topic '%s' NOT SECURED !\n", pubEP->topic);
+			pubEP->is_secure = false;
+		}
 	}
 #endif
 
 	zsock_t* socket = zsock_new (ZMQ_PUB);
 	if(socket==NULL){
-		#ifdef USE_ZMQ_SECURITY
-			zcert_destroy(&pub_cert);
+		#ifdef BUILD_WITH_ZMQ_SECURITY
+			if (pubEP->is_secure){
+				zcert_destroy(&pub_cert);
+			}
 		#endif
 
         perror("Error for zmq_socket");
 		return CELIX_SERVICE_EXCEPTION;
 	}
-#ifdef USE_ZMQ_SECURITY
-	zcert_apply (pub_cert, socket); // apply certificate to socket
-	zsock_set_curve_server (socket, true); // setup the publisher's socket to use the curve functions
+#ifdef BUILD_WITH_ZMQ_SECURITY
+	if (pubEP->is_secure){
+		zcert_apply (pub_cert, socket); // apply certificate to socket
+		zsock_set_curve_server (socket, true); // setup the publisher's socket to use the curve functions
+	}
 #endif
 
 	int rv = -1, retry=0;
@@ -183,9 +212,11 @@ celix_status_t pubsub_topicPublicationCreate(bundle_context_pt bundle_context, p
 	pub->endpoint = ep;
 	pub->zmq_socket = socket;
 
-	#ifdef USE_ZMQ_SECURITY
-	pub->zmq_cert = pub_cert;
-	#endif
+#ifdef BUILD_WITH_ZMQ_SECURITY
+	if (pubEP->is_secure){
+		pub->zmq_cert = pub_cert;
+	}
+#endif
 
 	pubsub_topicPublicationAddPublisherEP(pub,pubEP);
 
@@ -212,9 +243,9 @@ celix_status_t pubsub_topicPublicationDestroy(topic_publication_pt pub){
 
 	pub->svcFactoryReg = NULL;
 	zsock_destroy(&(pub->zmq_socket));
-	#ifdef USE_ZMQ_SECURITY
+#ifdef BUILD_WITH_ZMQ_SECURITY
 	zcert_destroy(&(pub->zmq_cert));
-	#endif
+#endif
 
 	celixThreadMutex_unlock(&(pub->tp_lock));
 

http://git-wip-us.apache.org/repos/asf/celix/blob/f32d071a/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/topic_subscription.c
----------------------------------------------------------------------
diff --git a/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/topic_subscription.c b/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/topic_subscription.c
index 9e1a47d..f58f516 100644
--- a/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/topic_subscription.c
+++ b/celix-pubsub/pubsub/pubsub_admin_zmq/private/src/topic_subscription.c
@@ -51,7 +51,7 @@
 
 #include "pubsub_serializer.h"
 
-#ifdef USE_ZMQ_SECURITY
+#ifdef BUILD_WITH_ZMQ_SECURITY
 	#include "zmq_crypto.h"
 
 	#define MAX_CERT_PATH_LENGTH 512
@@ -109,60 +109,94 @@ static void destroy_mp_handle(mp_handle_pt mp_handle);
 static void connectPendingPublishers(topic_subscription_pt sub);
 static void disconnectPendingPublishers(topic_subscription_pt sub);
 
-celix_status_t pubsub_topicSubscriptionCreate(bundle_context_pt bundle_context, char* scope, char* topic,topic_subscription_pt* out){
+celix_status_t pubsub_topicSubscriptionCreate(bundle_context_pt bundle_context, pubsub_endpoint_pt subEP, char* scope, char* topic,topic_subscription_pt* out){
 	celix_status_t status = CELIX_SUCCESS;
 
-#ifdef USE_ZMQ_SECURITY
-	char* keys_bundle_dir = pubsub_getKeysBundleDir(bundle_context);
-	if (keys_bundle_dir == NULL){
-		return CELIX_SERVICE_EXCEPTION;
+#ifdef BUILD_WITH_ZMQ_SECURITY
+	if(strcmp(topic,PUBSUB_ANY_SUB_TOPIC) != 0){
+		char* secure_topics = NULL;
+		bundleContext_getProperty(bundle_context, "SECURE_TOPICS", (const char **) &secure_topics);
+
+		if (secure_topics){
+			array_list_pt secure_topics_list = pubsub_getTopicsFromString(secure_topics);
+
+			int i;
+			int secure_topics_size = arrayList_size(secure_topics_list);
+			for (i = 0; i < secure_topics_size; i++){
+				char* top = arrayList_get(secure_topics_list, i);
+				if (strcmp(topic, top) == 0){
+					printf("TS: Secure topic: '%s'\n", top);
+					subEP->is_secure = true;
+				}
+				free(top);
+				top = NULL;
+			}
+
+			arrayList_destroy(secure_topics_list);
+		}
 	}
 
-	const char* keys_file_path = NULL;
-	const char* keys_file_name = NULL;
-	bundleContext_getProperty(bundle_context, PROPERTY_KEYS_FILE_PATH, &keys_file_path);
-	bundleContext_getProperty(bundle_context, PROPERTY_KEYS_FILE_NAME, &keys_file_name);
+	zcert_t* sub_cert = NULL;
+	zcert_t* pub_cert = NULL;
+	const char* pub_key = NULL;
+	if (subEP->is_secure){
+		char* keys_bundle_dir = pubsub_getKeysBundleDir(bundle_context);
+		if (keys_bundle_dir == NULL){
+			return CELIX_SERVICE_EXCEPTION;
+		}
 
-	char sub_cert_path[MAX_CERT_PATH_LENGTH];
-	char pub_cert_path[MAX_CERT_PATH_LENGTH];
+		const char* keys_file_path = NULL;
+		const char* keys_file_name = NULL;
+		bundleContext_getProperty(bundle_context, PROPERTY_KEYS_FILE_PATH, &keys_file_path);
+		bundleContext_getProperty(bundle_context, PROPERTY_KEYS_FILE_NAME, &keys_file_name);
 
-	//certificate path ".cache/bundle{id}/version0.0/./META-INF/keys/subscriber/private/sub_{topic}.key.enc"
-	snprintf(sub_cert_path, MAX_CERT_PATH_LENGTH, "%s/META-INF/keys/subscriber/private/sub_%s.key.enc", keys_bundle_dir, topic);
-	snprintf(pub_cert_path, MAX_CERT_PATH_LENGTH, "%s/META-INF/keys/publisher/public/pub_%s.pub", keys_bundle_dir, topic);
-	free(keys_bundle_dir);
+		char sub_cert_path[MAX_CERT_PATH_LENGTH];
+		char pub_cert_path[MAX_CERT_PATH_LENGTH];
 
-	printf("PSA: Loading subscriber key '%s'\n", sub_cert_path);
-	printf("PSA: Loading publisher key '%s'\n", pub_cert_path);
+		//certificate path ".cache/bundle{id}/version0.0/./META-INF/keys/subscriber/private/sub_{topic}.key.enc"
+		snprintf(sub_cert_path, MAX_CERT_PATH_LENGTH, "%s/META-INF/keys/subscriber/private/sub_%s.key.enc", keys_bundle_dir, topic);
+		snprintf(pub_cert_path, MAX_CERT_PATH_LENGTH, "%s/META-INF/keys/publisher/public/pub_%s.pub", keys_bundle_dir, topic);
+		free(keys_bundle_dir);
 
-	zcert_t* sub_cert = get_zcert_from_encoded_file((char *) keys_file_path, (char *) keys_file_name, sub_cert_path);
-	if (sub_cert == NULL){
-		printf("PSA: Cannot load key '%s'\n", sub_cert_path);
-		return CELIX_SERVICE_EXCEPTION;
-	}
+		printf("TS: Loading subscriber key '%s'\n", sub_cert_path);
+		printf("TS: Loading publisher key '%s'\n", pub_cert_path);
 
-	zcert_t* pub_cert = zcert_load(pub_cert_path);
-	if (pub_cert == NULL){
-		zcert_destroy(&sub_cert);
-		printf("PSA: Cannot load key '%s'\n", pub_cert_path);
-		return CELIX_SERVICE_EXCEPTION;
-	}
+		sub_cert = get_zcert_from_encoded_file((char *) keys_file_path, (char *) keys_file_name, sub_cert_path);
+		if (sub_cert == NULL){
+			printf("TS: Cannot load key '%s'\n", sub_cert_path);
+			printf("TS: Topic '%s' NOT SECURED !\n", topic);
+			subEP->is_secure = false;
+		}
+
+		pub_cert = zcert_load(pub_cert_path);
+		if (sub_cert != NULL && pub_cert == NULL){
+			zcert_destroy(&sub_cert);
+			printf("TS: Cannot load key '%s'\n", pub_cert_path);
+			printf("TS: Topic '%s' NOT SECURED !\n", topic);
+			subEP->is_secure = false;
+		}
 
-	const char* pub_key = zcert_public_txt(pub_cert);
+		pub_key = zcert_public_txt(pub_cert);
+	}
 #endif
 
 	zsock_t* zmq_s = zsock_new (ZMQ_SUB);
 	if(zmq_s==NULL){
-		#ifdef USE_ZMQ_SECURITY
-		zcert_destroy(&sub_cert);
-		zcert_destroy(&pub_cert);
+		#ifdef BUILD_WITH_ZMQ_SECURITY
+		if (subEP->is_secure){
+			zcert_destroy(&sub_cert);
+			zcert_destroy(&pub_cert);
+		}
 		#endif
 
 		return CELIX_SERVICE_EXCEPTION;
 	}
 
-	#ifdef USE_ZMQ_SECURITY
-	zcert_apply (sub_cert, zmq_s);
-	zsock_set_curve_serverkey (zmq_s, pub_key); //apply key of publisher to socket of subscriber
+	#ifdef BUILD_WITH_ZMQ_SECURITY
+	if (subEP->is_secure){
+		zcert_apply (sub_cert, zmq_s);
+		zsock_set_curve_serverkey (zmq_s, pub_key); //apply key of publisher to socket of subscriber
+	}
 	#endif
 
 	if(strcmp(topic,PUBSUB_ANY_SUB_TOPIC)==0){
@@ -178,9 +212,11 @@ celix_status_t pubsub_topicSubscriptionCreate(bundle_context_pt bundle_context,
 	ts->running = false;
 	ts->nrSubscribers = 0;
 
-	#ifdef USE_ZMQ_SECURITY
-	ts->zmq_cert = sub_cert;
-	ts->zmq_pub_cert = pub_cert;
+	#ifdef BUILD_WITH_ZMQ_SECURITY
+	if (subEP->is_secure){
+		ts->zmq_cert = sub_cert;
+		ts->zmq_pub_cert = pub_cert;
+	}
 	#endif
 
 	celixThreadMutex_create(&ts->socket_lock, NULL);
@@ -246,7 +282,7 @@ celix_status_t pubsub_topicSubscriptionDestroy(topic_subscription_pt ts){
 
 	celixThreadMutex_lock(&ts->socket_lock);
 	zsock_destroy(&(ts->zmq_socket));
-	#ifdef USE_ZMQ_SECURITY
+	#ifdef BUILD_WITH_ZMQ_SECURITY
 	zcert_destroy(&(ts->zmq_cert));
 	zcert_destroy(&(ts->zmq_pub_cert));
 	#endif

http://git-wip-us.apache.org/repos/asf/celix/blob/f32d071a/celix-pubsub/pubsub/pubsub_common/public/include/pubsub_endpoint.h
----------------------------------------------------------------------
diff --git a/celix-pubsub/pubsub/pubsub_common/public/include/pubsub_endpoint.h b/celix-pubsub/pubsub/pubsub_common/public/include/pubsub_endpoint.h
index ae6bcf8..193b3fd 100644
--- a/celix-pubsub/pubsub/pubsub_common/public/include/pubsub_endpoint.h
+++ b/celix-pubsub/pubsub/pubsub_common/public/include/pubsub_endpoint.h
@@ -35,6 +35,7 @@ struct pubsub_endpoint {
     char *topic;
     long serviceID;
     char* endpoint;
+    bool is_secure;
 };
 
 typedef struct pubsub_endpoint *pubsub_endpoint_pt;