Strona główna Odkrywaj Pomoc
Zaloguj się
opc-ua
/
open62541
Obserwuj 2
Polub 0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

Add functions to allow for more specific server configurations

Jojakim Stahl 5 lat temu
rodzic
c64322933d
commit
4160545e0a
2 zmienionych plików z 373 dodań i 136 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 120 0
      plugins/include/open62541/server_config_default.h
  2. 253 136
      plugins/ua_config_default.c

+ 120 - 0
plugins/include/open62541/server_config_default.h
Wyświetl plik 

@@ -78,6 +78,126 @@ UA_ServerConfig_setDefault(UA_ServerConfig *config) {
 
     return UA_ServerConfig_setMinimal(config, 4840, NULL);
 
 }
 
 
+/* Creates a new server config with no network layer and no endpoints.
 
+ *
 
+ * It initializes reasonable defaults for many things, but does not
 
+ * add any network layer, security policies and endpoints.
 
+ * Use the various UA_ServerConfig_addXxx functions to add them.
 
+ * 
+ * @param conf The configuration to manipulate
 
+ */
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_setBasics(UA_ServerConfig *conf);
 
+
 
+/* Adds a TCP network layer with custom buffer sizes
 
+ *
 
+ * @param conf The configuration to manipulate
 
+ * @param portNumber The port number for the tcp network layer
 
+ * @param sendBufferSize The size in bytes for the network send buffer. Pass 0
 
+ *        to use defaults.
 
+ * @param recvBufferSize The size in bytes for the network receive buffer.
 
+ *        Pass 0 to use defaults.
 
+ */
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addNetworkLayerTCP(UA_ServerConfig *conf, UA_UInt16 portNumber,
 
+                                   UA_UInt32 sendBufferSize, UA_UInt32 recvBufferSize);
 
+
 
+/* Adds the security policy ``SecurityPolicy#None`` to the server. A
 
+ * server certificate may be supplied but is optional.
 
+ *
 
+ * @param config The configuration to manipulate
 
+ * @param certificate The optional server certificate.
 
+ */
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addSecurityPolicyNone(UA_ServerConfig *config, 
+                                      const UA_ByteString *certificate);
 
+
 
+#ifdef UA_ENABLE_ENCRYPTION
 
+
 
+/* Adds the security policy ``SecurityPolicy#Basic128Rsa15`` to the server. A
 
+ * server certificate may be supplied but is optional.
 
+ * 
+ * Certificate verification should be configured before calling this
 
+ * function. See PKI plugin.
 
+ *
 
+ * @param config The configuration to manipulate
 
+ * @param certificate The server certificate.
 
+ * @param privateKey The private key that corresponds to the certificate.
 
+ */
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addSecurityPolicyBasic128Rsa15(UA_ServerConfig *config, 
+                                               const UA_ByteString *certificate,
 
+                                               const UA_ByteString *privateKey);
 
+
 
+/* Adds the security policy ``SecurityPolicy#Basic256`` to the server. A
 
+ * server certificate may be supplied but is optional.
 
+ *
 
+ * Certificate verification should be configured before calling this
 
+ * function. See PKI plugin.
 
+ * 
+ * @param config The configuration to manipulate
 
+ * @param certificate The server certificate.
 
+ * @param privateKey The private key that corresponds to the certificate.
 
+ */
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addSecurityPolicyBasic256(UA_ServerConfig *config, 
+                                          const UA_ByteString *certificate,
 
+                                          const UA_ByteString *privateKey);
 
+
 
+/* Adds the security policy ``SecurityPolicy#Basic256Sha256`` to the server. A
 
+ * server certificate may be supplied but is optional.
 
+ *
 
+ * Certificate verification should be configured before calling this
 
+ * function. See PKI plugin.
 
+ *
 
+ * @param config The configuration to manipulate
 
+ * @param certificate The server certificate.
 
+ * @param privateKey The private key that corresponds to the certificate.
 
+ */
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addSecurityPolicyBasic256Sha256(UA_ServerConfig *config, 
+                                                const UA_ByteString *certificate,
 
+                                                const UA_ByteString *privateKey);
 
+
 
+/* Adds all supported security policies and sets up certificate
 
+ * validation procedures.
 
+ *
 
+ * Certificate verification should be configured before calling this
 
+ * function. See PKI plugin.
 
+ * 
+ * @param config The configuration to manipulate
 
+ * @param certificate The server certificate.
 
+ * @param privateKey The private key that corresponds to the certificate.
 
+ * @param trustList The trustList for client certificate validation.
 
+ * @param trustListSize The trustList size.
 
+ * @param revocationList The revocationList for client certificate validation.
 
+ * @param revocationListSize The revocationList size.
 
+ */
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addAllSecurityPolicies(UA_ServerConfig *config,
 
+                                       const UA_ByteString *certificate,
 
+                                       const UA_ByteString *privateKey);
 
+
 
+#endif
 
+
 
+/* Adds an endpoint for the given security policy and mode. The security
 
+ * policy has to be added already. See UA_ServerConfig_addXxx functions.
 
+ *
 
+ * @param config The configuration to manipulate
 
+ * @param securityPolicyUri The security policy for which to add the endpoint.
 
+ * @param securityMode The security mode for which to add the endpoint.
 
+ */
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addEndpoint(UA_ServerConfig *config, const UA_String securityPolicyUri, 
+                            UA_MessageSecurityMode securityMode);
 
+
 
+/* Adds endpoints for all configured security policies in each mode.
 
+ *
 
+ * @param config The configuration to manipulate
 
+ */
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addAllEndpoints(UA_ServerConfig *config);
 
+
 
 _UA_END_DECLS
 
 
 #endif /* UA_SERVER_CONFIG_DEFAULT_H_ */

+ 253 - 136
plugins/ua_config_default.c
Wyświetl plik 

@@ -222,14 +222,26 @@ setDefaultConfig(UA_ServerConfig *conf) {
 
     return UA_STATUSCODE_GOOD;
 
 }
 
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_setBasics(UA_ServerConfig* conf) {
 
+    return setDefaultConfig(conf);
 
+}
 
+
 
 static UA_StatusCode
 
 addDefaultNetworkLayers(UA_ServerConfig *conf, UA_UInt16 portNumber,
 
                         UA_UInt32 sendBufferSize, UA_UInt32 recvBufferSize) {
 
+    return UA_ServerConfig_addNetworkLayerTCP(conf, portNumber, sendBufferSize, recvBufferSize);
 
+}
 
+
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addNetworkLayerTCP(UA_ServerConfig *conf, UA_UInt16 portNumber,
 
+                                   UA_UInt32 sendBufferSize, UA_UInt32 recvBufferSize) {
 
     /* Add a network layer */
 
-    conf->networkLayers = (UA_ServerNetworkLayer *)
 
-        UA_malloc(sizeof(UA_ServerNetworkLayer));
 
-    if(!conf->networkLayers)
 
+    UA_ServerNetworkLayer *tmp = (UA_ServerNetworkLayer *)
 
+        UA_realloc(conf->networkLayers, sizeof(UA_ServerNetworkLayer) * (1 + conf->networkLayersSize));
 
+    if(!tmp)
 
         return UA_STATUSCODE_BADOUTOFMEMORY;
 
+    conf->networkLayers = tmp;
 
 
     UA_ConnectionConfig config = UA_ConnectionConfig_default;
 
     if (sendBufferSize > 0)
 
@@ -237,11 +249,109 @@ addDefaultNetworkLayers(UA_ServerConfig *conf, UA_UInt16 portNumber,
 
     if (recvBufferSize > 0)
 
         config.recvBufferSize = recvBufferSize;
 
 
-    conf->networkLayers[0] =
 
+    conf->networkLayers[conf->networkLayersSize] =
 
         UA_ServerNetworkLayerTCP(config, portNumber, &conf->logger);
 
-    if (!conf->networkLayers[0].handle)
 
+    if (!conf->networkLayers[conf->networkLayersSize].handle)
 
         return UA_STATUSCODE_BADOUTOFMEMORY;
 
-    conf->networkLayersSize = 1;
 
+    conf->networkLayersSize++;
 
+
 
+    return UA_STATUSCODE_GOOD;
 
+}
 
+
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addSecurityPolicyNone(UA_ServerConfig *config, 
+                                      const UA_ByteString *certificate) {
 
+    UA_StatusCode retval;
 
+
 
+    /* Allocate the SecurityPolicies */
 
+    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
 
+        UA_realloc(config->securityPolicies, sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
 
+    if(!tmp)
 
+        return UA_STATUSCODE_BADOUTOFMEMORY;
 
+    config->securityPolicies = tmp;
 
+    
+    /* Populate the SecurityPolicies */
 
+    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
 
+    if(certificate)
 
+        localCertificate = *certificate;
 
+    retval = UA_SecurityPolicy_None(&config->securityPolicies[config->securityPoliciesSize], NULL,
 
+                                    localCertificate, &config->logger);
 
+    if(retval != UA_STATUSCODE_GOOD)
 
+        return retval;
 
+    config->securityPoliciesSize++;
 
+
 
+    return UA_STATUSCODE_GOOD;
 
+}
 
+
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addEndpoint(UA_ServerConfig *config, const UA_String securityPolicyUri, 
+                            UA_MessageSecurityMode securityMode)
 
+{
 
+    UA_StatusCode retval;
 
+
 
+    /* Allocate the endpoint */
 
+    UA_EndpointDescription * tmp = (UA_EndpointDescription *)
 
+        UA_realloc(config->endpoints, sizeof(UA_EndpointDescription) * (1 + config->endpointsSize));
 
+    if(!tmp) {
 
+        return UA_STATUSCODE_BADOUTOFMEMORY;
 
+    }
 
+    config->endpoints = tmp;
 
+
 
+    /* Lookup the security policy */
 
+    const UA_SecurityPolicy *policy = NULL;
 
+    for (size_t i = 0; i < config->securityPoliciesSize; ++i) {
 
+        if (UA_String_equal(&securityPolicyUri, &config->securityPolicies[i].policyUri)) {
 
+            policy = &config->securityPolicies[i];
 
+            break;
 
+        }
 
+    }
 
+    if (!policy)
 
+        return UA_STATUSCODE_BADINVALIDARGUMENT;
 
+
 
+    /* Populate the endpoint */
 
+    retval = createEndpoint(config, &config->endpoints[config->endpointsSize],
 
+                            policy, securityMode);
 
+    if(retval != UA_STATUSCODE_GOOD)
 
+        return retval;
 
+    config->endpointsSize++;
 
+
 
+    return UA_STATUSCODE_GOOD;
 
+}
 
+
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addAllEndpoints(UA_ServerConfig *config) {
 
+    UA_StatusCode retval;
 
+
 
+    /* Allocate the endpoints */
 
+    UA_EndpointDescription * tmp = (UA_EndpointDescription *)
 
+        UA_realloc(config->endpoints, sizeof(UA_EndpointDescription) * (2 * config->securityPoliciesSize + config->endpointsSize));
 
+    if(!tmp) {
 
+        return UA_STATUSCODE_BADOUTOFMEMORY;
 
+    }
 
+    config->endpoints = tmp;
 
+
 
+    /* Populate the endpoints */
 
+    for (size_t i = 0; i < config->securityPoliciesSize; ++i) {
 
+        if (UA_String_equal(&UA_SECURITY_POLICY_NONE_URI, &config->securityPolicies[i].policyUri)) {
 
+            retval = createEndpoint(config, &config->endpoints[config->endpointsSize],
 
+                                    &config->securityPolicies[i], UA_MESSAGESECURITYMODE_NONE);
 
+            if(retval != UA_STATUSCODE_GOOD)
 
+                return retval;
 
+            config->endpointsSize++;
 
+        } else {
 
+            retval = createEndpoint(config, &config->endpoints[config->endpointsSize],
 
+                                    &config->securityPolicies[i], UA_MESSAGESECURITYMODE_SIGN);
 
+            if(retval != UA_STATUSCODE_GOOD)
 
+                return retval;
 
+            config->endpointsSize++;
 
+
 
+            retval = createEndpoint(config, &config->endpoints[config->endpointsSize],
 
+                                    &config->securityPolicies[i], UA_MESSAGESECURITYMODE_SIGNANDENCRYPT);
 
+            if(retval != UA_STATUSCODE_GOOD)
 
+                return retval;
 
+            config->endpointsSize++;
 
+        }
 
+    }
 
 
     return UA_STATUSCODE_GOOD;
 
 }
 
@@ -267,37 +377,14 @@ UA_ServerConfig_setMinimalCustomBuffer(UA_ServerConfig *config, UA_UInt16 portNu
 
     }
 
 
     /* Allocate the SecurityPolicies */
 
-    config->securityPolicies = (UA_SecurityPolicy *)UA_malloc(sizeof(UA_SecurityPolicy));
 
-    if(!config->securityPolicies) {
 
-        UA_ServerConfig_clean(config);
 
-        return retval;
 
-    }
 
-    config->securityPoliciesSize = 1;
 
-
 
-    /* Populate the SecurityPolicies */
 
-    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
 
-    if(certificate)
 
-        localCertificate = *certificate;
 
-    retval = UA_SecurityPolicy_None(&config->securityPolicies[0], NULL,
 
-                                    localCertificate, &config->logger);
 
+    retval = UA_ServerConfig_addSecurityPolicyNone(config, certificate);
 
     if(retval != UA_STATUSCODE_GOOD) {
 
         UA_ServerConfig_clean(config);
 
         return retval;
 
     }
 
 
     /* Allocate the endpoint */
 
-    config->endpoints = (UA_EndpointDescription *)
 
-        UA_malloc(sizeof(UA_EndpointDescription));
 
-    if(!config->endpoints) {
 
-        UA_ServerConfig_clean(config);
 
-        return retval;
 
-    }
 
-    config->endpointsSize = 1;
 
-
 
-    /* Populate the endpoint */
 
-    retval = createEndpoint(config, &config->endpoints[0],
 
-                            &config->securityPolicies[0],
 
-                            UA_MESSAGESECURITYMODE_NONE);
 
+    retval = UA_ServerConfig_addEndpoint(config, UA_SECURITY_POLICY_NONE_URI, UA_MESSAGESECURITYMODE_NONE);
 
     if(retval != UA_STATUSCODE_GOOD) {
 
         UA_ServerConfig_clean(config);
 
         return retval;
 
@@ -309,48 +396,48 @@ UA_ServerConfig_setMinimalCustomBuffer(UA_ServerConfig *config, UA_UInt16 portNu
 
 #ifdef UA_ENABLE_ENCRYPTION
 
 
 UA_EXPORT UA_StatusCode
 
-UA_ServerConfig_setDefaultWithSecurityPolicies(UA_ServerConfig *conf,
 
-                                               UA_UInt16 portNumber,
 
+UA_ServerConfig_addSecurityPolicyBasic128Rsa15(UA_ServerConfig *config, 
                                                const UA_ByteString *certificate,
 
-                                               const UA_ByteString *privateKey,
 
-                                               const UA_ByteString *trustList,
 
-                                               size_t trustListSize,
 
-                                               const UA_ByteString *revocationList,
 
-                                               size_t revocationListSize) {
 
-    UA_StatusCode retval = setDefaultConfig(conf);
 
-    if(retval != UA_STATUSCODE_GOOD) {
 
-        UA_ServerConfig_clean(conf);
 
-        return retval;
 
-    }
 
+                                               const UA_ByteString *privateKey) {
 
+    UA_StatusCode retval;
 
 
-    retval = UA_CertificateVerification_Trustlist(&conf->certificateVerification,
 
-                                                  trustList, trustListSize,
 
-                                                  revocationList, revocationListSize);
 
-    if(retval != UA_STATUSCODE_GOOD) {
 
-        UA_ServerConfig_clean(conf);
 
+    /* Allocate the SecurityPolicies */
 
+    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
 
+        UA_realloc(config->securityPolicies, sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
 
+    if(!tmp)
 
+        return UA_STATUSCODE_BADOUTOFMEMORY;
 
+    config->securityPolicies = tmp;
 
+    
+    /* Populate the SecurityPolicies */
 
+    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
 
+    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
 
+    if(certificate)
 
+        localCertificate = *certificate;
 
+    if(privateKey)
 
+       localPrivateKey = *privateKey;
 
+    retval = UA_SecurityPolicy_Basic128Rsa15(&config->securityPolicies[config->securityPoliciesSize],
 
+                                             &config->certificateVerification,
 
+                                             localCertificate, localPrivateKey, &config->logger);
 
+    if(retval != UA_STATUSCODE_GOOD)
 
         return retval;
 
-    }
 
+    config->securityPoliciesSize++;
 
 
-    retval = addDefaultNetworkLayers(conf, portNumber, 0, 0);
 
-    if(retval != UA_STATUSCODE_GOOD) {
 
-        UA_ServerConfig_clean(conf);
 
-        return retval;
 
-    }
 
+    return UA_STATUSCODE_GOOD;
 
+}
 
 
-    if(trustListSize == 0)
 
-        UA_LOG_WARNING(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
 
-                       "No CA trust-list provided. "
 
-                       "Any remote certificate will be accepted.");
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addSecurityPolicyBasic256(UA_ServerConfig *config, 
+                                          const UA_ByteString *certificate,
 
+                                          const UA_ByteString *privateKey) {
 
+    UA_StatusCode retval;
 
 
     /* Allocate the SecurityPolicies */
 
-    conf->securityPoliciesSize = 0;
 
-    conf->securityPolicies = (UA_SecurityPolicy *)
 
-        UA_malloc(sizeof(UA_SecurityPolicy) * 4);
 
-    if(!conf->securityPolicies) {
 
-       UA_ServerConfig_clean(conf);
 
-       return retval;
 
-    }
 
-
 
+    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
 
+        UA_realloc(config->securityPolicies, sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
 
+    if(!tmp)
 
+        return UA_STATUSCODE_BADOUTOFMEMORY;
 
+    config->securityPolicies = tmp;
 
+    
     /* Populate the SecurityPolicies */
 
     UA_ByteString localCertificate = UA_BYTESTRING_NULL;
 
     UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
 
@@ -358,110 +445,140 @@ UA_ServerConfig_setDefaultWithSecurityPolicies(UA_ServerConfig *conf,
 
         localCertificate = *certificate;
 
     if(privateKey)
 
        localPrivateKey = *privateKey;
 
-
 
-    retval = UA_SecurityPolicy_None(&conf->securityPolicies[0], NULL,
 
-                                    localCertificate, &conf->logger);
 
-    if(retval != UA_STATUSCODE_GOOD) {
 
-        UA_ServerConfig_clean(conf);
 
+    retval = UA_SecurityPolicy_Basic256(&config->securityPolicies[config->securityPoliciesSize],
 
+                                        &config->certificateVerification,
 
+                                        localCertificate, localPrivateKey, &config->logger);
 
+    if(retval != UA_STATUSCODE_GOOD)
 
         return retval;
 
-    }
 
-    ++conf->securityPoliciesSize;
 
+    config->securityPoliciesSize++;
 
 
-    retval = UA_SecurityPolicy_Basic128Rsa15(&conf->securityPolicies[1],
 
-                                             &conf->certificateVerification,
 
-                                             localCertificate, localPrivateKey,
 
-                                             &conf->logger);
 
-    if(retval != UA_STATUSCODE_GOOD) {
 
-        UA_ServerConfig_clean(conf);
 
-        return retval;
 
-    }
 
-    ++conf->securityPoliciesSize;
 
+    return UA_STATUSCODE_GOOD;
 
+}
 
 
-    retval = UA_SecurityPolicy_Basic256(&conf->securityPolicies[2],
 
-                                        &conf->certificateVerification,
 
-                                        localCertificate, localPrivateKey,
 
-                                        &conf->logger);
 
-    if(retval != UA_STATUSCODE_GOOD) {
 
-        UA_ServerConfig_clean(conf);
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addSecurityPolicyBasic256Sha256(UA_ServerConfig *config, 
+                                                const UA_ByteString *certificate,
 
+                                                const UA_ByteString *privateKey) {
 
+    UA_StatusCode retval;
 
+
 
+    /* Allocate the SecurityPolicies */
 
+    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
 
+        UA_realloc(config->securityPolicies, sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
 
+    if(!tmp)
 
+        return UA_STATUSCODE_BADOUTOFMEMORY;
 
+    config->securityPolicies = tmp;
 
+    
+    /* Populate the SecurityPolicies */
 
+    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
 
+    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
 
+    if(certificate)
 
+        localCertificate = *certificate;
 
+    if(privateKey)
 
+       localPrivateKey = *privateKey;
 
+    retval = UA_SecurityPolicy_Basic256Sha256(&config->securityPolicies[config->securityPoliciesSize],
 
+                                              &config->certificateVerification,
 
+                                              localCertificate, localPrivateKey, &config->logger);
 
+    if(retval != UA_STATUSCODE_GOOD)
 
         return retval;
 
-    }
 
-    ++conf->securityPoliciesSize;
 
+    config->securityPoliciesSize++;
 
 
-    retval = UA_SecurityPolicy_Basic256Sha256(&conf->securityPolicies[3],
 
-                                              &conf->certificateVerification,
 
-                                              localCertificate, localPrivateKey,
 
-                                              &conf->logger);
 
-    if(retval != UA_STATUSCODE_GOOD) {
 
-        UA_ServerConfig_clean(conf);
 
+    return UA_STATUSCODE_GOOD;
 
+}
 
+
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_addAllSecurityPolicies(UA_ServerConfig *config,
 
+                                       const UA_ByteString *certificate,
 
+                                       const UA_ByteString *privateKey) {
 
+    UA_StatusCode retval;
 
+
 
+    /* Allocate the SecurityPolicies */
 
+    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
 
+        UA_realloc(config->securityPolicies, sizeof(UA_SecurityPolicy) * (4 + config->securityPoliciesSize));
 
+    if(!tmp)
 
+        return UA_STATUSCODE_BADOUTOFMEMORY;
 
+    config->securityPolicies = tmp;
 
+    
+    /* Populate the SecurityPolicies */
 
+    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
 
+    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
 
+    if(certificate)
 
+        localCertificate = *certificate;
 
+    if(privateKey)
 
+       localPrivateKey = *privateKey;
 
+
 
+    retval = UA_SecurityPolicy_None(&config->securityPolicies[config->securityPoliciesSize], NULL,
 
+                                    localCertificate, &config->logger);
 
+    if(retval != UA_STATUSCODE_GOOD)
 
         return retval;
 
-    }
 
-    ++conf->securityPoliciesSize;
 
+    config->securityPoliciesSize++;
 
 
-    /* Allocate the endpoints */
 
-    conf->endpointsSize = 0;
 
-    conf->endpoints = (UA_EndpointDescription *)
 
-        UA_malloc(sizeof(UA_EndpointDescription) * 7);
 
-    if(!conf->endpoints) {
 
-        UA_ServerConfig_clean(conf);
 
+    retval = UA_SecurityPolicy_Basic128Rsa15(&config->securityPolicies[config->securityPoliciesSize],
 
+                                             &config->certificateVerification,
 
+                                             localCertificate, localPrivateKey, &config->logger);
 
+    if(retval != UA_STATUSCODE_GOOD)
 
         return retval;
 
-    }
 
+    config->securityPoliciesSize++;
 
 
-    /* Populate the endpoints */
 
-    retval = createEndpoint(conf, &conf->endpoints[conf->endpointsSize],
 
-                            &conf->securityPolicies[0], UA_MESSAGESECURITYMODE_NONE);
 
-    if(retval != UA_STATUSCODE_GOOD) {
 
-        UA_ServerConfig_clean(conf);
 
+    retval = UA_SecurityPolicy_Basic256(&config->securityPolicies[config->securityPoliciesSize],
 
+                                        &config->certificateVerification,
 
+                                        localCertificate, localPrivateKey, &config->logger);
 
+    if(retval != UA_STATUSCODE_GOOD)
 
         return retval;
 
-    }
 
-    ++conf->endpointsSize;
 
+    config->securityPoliciesSize++;
 
 
-    retval = createEndpoint(conf, &conf->endpoints[conf->endpointsSize],
 
-                            &conf->securityPolicies[1], UA_MESSAGESECURITYMODE_SIGN);
 
-    if(retval != UA_STATUSCODE_GOOD) {
 
-        UA_ServerConfig_clean(conf);
 
+    retval = UA_SecurityPolicy_Basic256Sha256(&config->securityPolicies[config->securityPoliciesSize],
 
+                                              &config->certificateVerification,
 
+                                              localCertificate, localPrivateKey, &config->logger);
 
+    if(retval != UA_STATUSCODE_GOOD)
 
         return retval;
 
-    }
 
-    ++conf->endpointsSize;
 
+    config->securityPoliciesSize++;
 
+
 
+    return retval;
 
+}
 
 
-    retval = createEndpoint(conf, &conf->endpoints[conf->endpointsSize],
 
-                            &conf->securityPolicies[1], UA_MESSAGESECURITYMODE_SIGNANDENCRYPT);
 
+UA_EXPORT UA_StatusCode
 
+UA_ServerConfig_setDefaultWithSecurityPolicies(UA_ServerConfig *conf,
 
+                                               UA_UInt16 portNumber,
 
+                                               const UA_ByteString *certificate,
 
+                                               const UA_ByteString *privateKey,
 
+                                               const UA_ByteString *trustList,
 
+                                               size_t trustListSize,
 
+                                               const UA_ByteString *revocationList,
 
+                                               size_t revocationListSize) {
 
+    UA_StatusCode retval = setDefaultConfig(conf);
 
     if(retval != UA_STATUSCODE_GOOD) {
 
         UA_ServerConfig_clean(conf);
 
         return retval;
 
     }
 
-    ++conf->endpointsSize;
 
 
-    retval = createEndpoint(conf, &conf->endpoints[conf->endpointsSize],
 
-                            &conf->securityPolicies[2], UA_MESSAGESECURITYMODE_SIGN);
 
-    if(retval != UA_STATUSCODE_GOOD) {
 
-        UA_ServerConfig_clean(conf);
 
+    retval = UA_CertificateVerification_Trustlist(&conf->certificateVerification,
 
+                                                  trustList, trustListSize,
 
+                                                  revocationList, revocationListSize);
 
+    if (retval != UA_STATUSCODE_GOOD)
 
         return retval;
 
-    }
 
-    ++conf->endpointsSize;
 
 
-    retval = createEndpoint(conf, &conf->endpoints[conf->endpointsSize],
 
-                            &conf->securityPolicies[2], UA_MESSAGESECURITYMODE_SIGNANDENCRYPT);
 
+    if(trustListSize == 0)
 
+        UA_LOG_WARNING(&conf->logger, UA_LOGCATEGORY_USERLAND,
 
+                       "No CA trust-list provided. "
 
+                       "Any remote certificate will be accepted.");
 
+
 
+    retval = addDefaultNetworkLayers(conf, portNumber, 0, 0);
 
     if(retval != UA_STATUSCODE_GOOD) {
 
         UA_ServerConfig_clean(conf);
 
         return retval;
 
     }
 
-    ++conf->endpointsSize;
 
 
-    retval = createEndpoint(conf, &conf->endpoints[conf->endpointsSize],
 
-                            &conf->securityPolicies[3], UA_MESSAGESECURITYMODE_SIGN);
 
+    retval = UA_ServerConfig_addAllSecurityPolicies(conf, certificate, privateKey);
 
     if(retval != UA_STATUSCODE_GOOD) {
 
         UA_ServerConfig_clean(conf);
 
         return retval;
 
     }
 
-    ++conf->endpointsSize;
 
 
-    retval = createEndpoint(conf, &conf->endpoints[conf->endpointsSize],
 
-                            &conf->securityPolicies[3], UA_MESSAGESECURITYMODE_SIGNANDENCRYPT);
 
+    retval = UA_ServerConfig_addAllEndpoints(conf);
 
     if(retval != UA_STATUSCODE_GOOD) {
 
         UA_ServerConfig_clean(conf);
 
         return retval;
 
     }
 
-    ++conf->endpointsSize;
 
 
     return UA_STATUSCODE_GOOD;
 
 }