Home Explore Help
Sign In
opc-ua
/
open62541
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fix securityPolicyUri selection (#1713)

* fix example selecting the correct endPoint

* fix ua_client_connect to use the correct policyUri

* fix load certificate order
StalderT 6 years ago
parent
d86bc70b57
commit
f144f0eabc
3 changed files with 37 additions and 19 deletions
Split View Show Diff Stats
  1. 17 8
      examples/encryption/client_basic128rsa15.c
  2. 17 8
      examples/encryption/client_basic256sha256.c
  3. 3 3
      src/client/ua_client_connect.c

+ 17 - 8
examples/encryption/client_basic128rsa15.c
View File 

@@ -40,10 +40,6 @@ int main(int argc, char* argv[]) {
 
     UA_EndpointDescription* endpointArray      = NULL;
 
     size_t                  endpointArraySize  = 0;
 
 
-    /* Load certificate and private key */
 
-    UA_ByteString           certificate        = loadFile(argv[1]);
 
-    UA_ByteString           privateKey         = loadFile(argv[2]);
 
-
 
     if(argc < MIN_ARGS) {
 
         UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
 
                      "The Certificate and key is missing."
 
@@ -53,6 +49,10 @@ int main(int argc, char* argv[]) {
 
         return FAILURE;
 
     }
 
 
+    /* Load certificate and private key */
 
+    UA_ByteString           certificate        = loadFile(argv[1]);
 
+    UA_ByteString           privateKey         = loadFile(argv[2]);
 
+
 
     /* The Get endpoint (discovery service) is done with
 
      * security mode as none to see the server's capability
 
      * and certificate */
 
@@ -67,18 +67,27 @@ int main(int argc, char* argv[]) {
 
         return (int)retval;
 
     }
 
 
+    UA_String securityPolicyUri = UA_STRING("http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15");
 
     printf("%i endpoints found\n", (int)endpointArraySize);
 
     for(size_t endPointCount = 0; endPointCount < endpointArraySize; endPointCount++) {
 
-        printf("URL of endpoint %i is %.*s\n", (int)endPointCount,
 
+        printf("URL of endpoint %i is %.*s / %.*s\n", (int)endPointCount,
 
                (int)endpointArray[endPointCount].endpointUrl.length,
 
-               endpointArray[endPointCount].endpointUrl.data);
 
-        if(endpointArray[endPointCount].securityMode == UA_MESSAGESECURITYMODE_SIGNANDENCRYPT)
 
+               endpointArray[endPointCount].endpointUrl.data,
 
+               (int)endpointArray[endPointCount].securityPolicyUri.length,
 
+               endpointArray[endPointCount].securityPolicyUri.data);
 
+
 
+        if(endpointArray[endPointCount].securityMode != UA_MESSAGESECURITYMODE_SIGNANDENCRYPT)
 
+            continue;
 
+
 
+        if(UA_String_equal(&endpointArray[endPointCount].securityPolicyUri, &securityPolicyUri)) {
 
             UA_ByteString_copy(&endpointArray[endPointCount].serverCertificate, remoteCertificate);
 
+            break;
 
+        }
 
     }
 
 
     if(UA_ByteString_equal(remoteCertificate, &UA_BYTESTRING_NULL)) {
 
         UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
 
-                     "Server does not support Security Mode of"
 
+                     "Server does not support Security Basic128Rsa15 Mode of"
 
                      " UA_MESSAGESECURITYMODE_SIGNANDENCRYPT");
 
         cleanupClient(client, remoteCertificate);
 
         return FAILURE;

+ 17 - 8
examples/encryption/client_basic256sha256.c
View File 

@@ -40,10 +40,6 @@ int main(int argc, char* argv[]) {
 
     UA_EndpointDescription* endpointArray      = NULL;
 
     size_t                  endpointArraySize  = 0;
 
 
-    /* Load certificate and private key */
 
-    UA_ByteString           certificate        = loadFile(argv[1]);
 
-    UA_ByteString           privateKey         = loadFile(argv[2]);
 
-
 
     if(argc < MIN_ARGS) {
 
         UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
 
                      "The Certificate and key is missing."
 
@@ -53,6 +49,10 @@ int main(int argc, char* argv[]) {
 
         return FAILURE;
 
     }
 
 
+    /* Load certificate and private key */
 
+    UA_ByteString           certificate        = loadFile(argv[1]);
 
+    UA_ByteString           privateKey         = loadFile(argv[2]);
 
+
 
     /* The Get endpoint (discovery service) is done with
 
      * security mode as none to see the server's capability
 
      * and certificate */
 
@@ -67,18 +67,27 @@ int main(int argc, char* argv[]) {
 
         return (int)retval;
 
     }
 
 
+    UA_String securityPolicyUri = UA_STRING("http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256");
 
     printf("%i endpoints found\n", (int)endpointArraySize);
 
     for(size_t endPointCount = 0; endPointCount < endpointArraySize; endPointCount++) {
 
-        printf("URL of endpoint %i is %.*s\n", (int)endPointCount,
 
+        printf("URL of endpoint %i is %.*s / %.*s\n", (int)endPointCount,
 
                (int)endpointArray[endPointCount].endpointUrl.length,
 
-               endpointArray[endPointCount].endpointUrl.data);
 
-        if(endpointArray[endPointCount].securityMode == UA_MESSAGESECURITYMODE_SIGNANDENCRYPT)
 
+               endpointArray[endPointCount].endpointUrl.data,
 
+               (int)endpointArray[endPointCount].securityPolicyUri.length,
 
+               endpointArray[endPointCount].securityPolicyUri.data);
 
+
 
+        if(endpointArray[endPointCount].securityMode != UA_MESSAGESECURITYMODE_SIGNANDENCRYPT)
 
+            continue;
 
+
 
+        if(UA_String_equal(&endpointArray[endPointCount].securityPolicyUri, &securityPolicyUri)) {
 
             UA_ByteString_copy(&endpointArray[endPointCount].serverCertificate, remoteCertificate);
 
+            break;
 
+        }
 
     }
 
 
     if(UA_ByteString_equal(remoteCertificate, &UA_BYTESTRING_NULL)) {
 
         UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
 
-                     "Server does not support Security Mode of"
 
+                     "Server does not support Security Basic256Sha256 Mode of"
 
                      " UA_MESSAGESECURITYMODE_SIGNANDENCRYPT");
 
         cleanupClient(client, remoteCertificate);
 
         return FAILURE;

+ 3 - 3
src/client/ua_client_connect.c
View File 

@@ -417,11 +417,11 @@ getEndpoints(UA_Client *client) {
 
         if(endpoint->transportProfileUri.length != 0 &&
 
            !UA_String_equal(&endpoint->transportProfileUri, &binaryTransport))
 
             continue;
 
-        /* look out for an endpoint without security */
 
-        if(!UA_String_equal(&endpoint->securityPolicyUri, &securityNone))
 
+
 
+        /* look for an endpoint corresponding to the client security policy */
 
+        if(!UA_String_equal(&endpoint->securityPolicyUri, &client->securityPolicy.policyUri))
 
             continue;
 
 
-        /* endpoint with no security found */
 
         endpointFound = true;
 
 
         /* look for a user token policy with an anonymous token */