Home Explore Help
Sign In
thomas
/
open62541
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

CTT: Individual configuration for disabling Security Policies

Signed-off-by: Jayanth Velusamy <jayanth.v@kalycito.com>
Jayanth Velusamy 5 years ago
parent
a4cfd801b2
commit
19f8b89d7d
1 changed files with 100 additions and 0 deletions
Split View Show Diff Stats
  1. 100 0
      examples/server_ctt.c

+ 100 - 0
examples/server_ctt.c
View File 

@@ -527,6 +527,7 @@ disableUnencrypted(UA_ServerConfig *config) {
 
         config->endpoints = NULL;
 
     }
 
 }
 
+
 
 static void
 
 disableOutdatedSecurityPolicy(UA_ServerConfig *config) {
 
     for(size_t i = 0; i < config->endpointsSize; i++) {
 
@@ -549,6 +550,77 @@ disableOutdatedSecurityPolicy(UA_ServerConfig *config) {
 
         config->endpoints = NULL;
 
     }
 
 }
 
+
 
+static void
 
+disableBasic128SecurityPolicy(UA_ServerConfig *config) {
 
+    for(size_t i = 0; i < config->endpointsSize; i++) {
 
+        UA_EndpointDescription *ep = &config->endpoints[i];
 
+        UA_ByteString basic128uri = UA_BYTESTRING("http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15");
 
+        if(!UA_String_equal(&ep->securityPolicyUri, &basic128uri))
 
+            continue;
 
+
 
+        UA_EndpointDescription_clear(ep);
 
+        /* Move the last to this position */
 
+        if(i + 1 < config->endpointsSize) {
 
+            config->endpoints[i] = config->endpoints[config->endpointsSize-1];
 
+            i--;
 
+        }
 
+        config->endpointsSize--;
 
+    }
 
+    /* Delete the entire array if the last Endpoint was removed */
 
+    if(config->endpointsSize== 0) {
 
+        UA_free(config->endpoints);
 
+        config->endpoints = NULL;
 
+    }
 
+}
 
+
 
+static void
 
+disableBasic256SecurityPolicy(UA_ServerConfig *config) {
 
+    for(size_t i = 0; i < config->endpointsSize; i++) {
 
+        UA_EndpointDescription *ep = &config->endpoints[i];
 
+        UA_ByteString basic256uri = UA_BYTESTRING("http://opcfoundation.org/UA/SecurityPolicy#Basic256");
 
+        if(!UA_String_equal(&ep->securityPolicyUri, &basic256uri))
 
+            continue;
 
+
 
+        UA_EndpointDescription_clear(ep);
 
+        /* Move the last to this position */
 
+        if(i + 1 < config->endpointsSize) {
 
+            config->endpoints[i] = config->endpoints[config->endpointsSize-1];
 
+            i--;
 
+        }
 
+        config->endpointsSize--;
 
+    }
 
+    /* Delete the entire array if the last Endpoint was removed */
 
+    if(config->endpointsSize== 0) {
 
+        UA_free(config->endpoints);
 
+        config->endpoints = NULL;
 
+    }
 
+}
 
+
 
+
 
+static void
 
+disableBasic256Sha256SecurityPolicy(UA_ServerConfig *config) {
 
+    for(size_t i = 0; i < config->endpointsSize; i++) {
 
+        UA_EndpointDescription *ep = &config->endpoints[i];
 
+        UA_ByteString basic256sha256uri = UA_BYTESTRING("http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256");
 
+        if(!UA_String_equal(&ep->securityPolicyUri, &basic256sha256uri))
 
+            continue;
 
+
 
+        UA_EndpointDescription_clear(ep);
 
+        /* Move the last to this position */
 
+        if(i + 1 < config->endpointsSize) {
 
+            config->endpoints[i] = config->endpoints[config->endpointsSize-1];
 
+            i--;
 
+        }
 
+        config->endpointsSize--;
 
+    }
 
+    /* Delete the entire array if the last Endpoint was removed */
 
+    if(config->endpointsSize== 0) {
 
+        UA_free(config->endpoints);
 
+        config->endpoints = NULL;
 
+    }
 
+}
 
+
 
 #endif
 
 
 UA_Boolean running = true;
 
@@ -573,6 +645,9 @@ usage(void) {
 
                    "\t[--enableUnencrypted]\n"
 
                    "\t[--enableOutdatedSecurityPolicy]\n"
 
                    "\t[--enableTimestampCheck]\n"
 
+                   "\t[--disableBasic128]\n"
 
+                   "\t[--disableBasic256]\n"
 
+                   "\t[--disableBasic256Sha256]\n"
 
 #endif
 
                    "\t[--enableAnonymous]\n");
 
 }
 
@@ -628,6 +703,9 @@ int main(int argc, char **argv) {
 
     UA_Boolean enableUnencr = false;
 
     UA_Boolean enableSec = false;
 
     UA_Boolean enableTime = false;
 
+    UA_Boolean disableBasic128 = false;
 
+    UA_Boolean disableBasic256 = false;
 
+    UA_Boolean disableBasic256Sha256 = false;
 
 
 #endif
 
 
@@ -657,6 +735,21 @@ int main(int argc, char **argv) {
 
             continue;
 
         }
 
 
+        if(strcmp(argv[pos], "--disableBasic128") == 0) {
 
+            disableBasic128 = true;
 
+            continue;
 
+        }
 
+
 
+        if(strcmp(argv[pos], "--disableBasic256") == 0) {
 
+            disableBasic256 = true;
 
+            continue;
 
+        }
 
+
 
+        if(strcmp(argv[pos], "--disableBasic256Sha256") == 0) {
 
+            disableBasic256Sha256 = true;
 
+            continue;
 
+        }        
+
 
         if(strcmp(argv[pos], "--trustlist") == 0) {
 
             filetype = 't';
 
             continue;
 
@@ -736,6 +829,13 @@ int main(int argc, char **argv) {
 
     if(!enableSec)
 
         disableOutdatedSecurityPolicy(&config);
 
 
+    if(disableBasic128)
 
+        disableBasic128SecurityPolicy(&config);
 
+    if(disableBasic256)
 
+        disableBasic256SecurityPolicy(&config);
 
+    if(disableBasic256Sha256)
 
+        disableBasic256Sha256SecurityPolicy(&config);
 
+
 
     /* Set operation limits */
 
     config.maxNodesPerRead = MAX_OPERATION_LIMIT;
 
     config.maxNodesPerWrite = MAX_OPERATION_LIMIT;