/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include #include #include "check.h" #include "ua_types.h" #include "ua_server.h" #include "ua_server_internal.h" #include "ua_client.h" #include "client/ua_client_internal.h" #include "ua_securitypolicies.h" #include "ua_config_default.h" #include "ua_client_highlevel.h" #include "ua_network_tcp.h" #include "testing_clock.h" #include "testing_networklayers.h" #include "thread_wrapper.h" #include "certificates.h" UA_Server *server; UA_ServerConfig *config; UA_Boolean running; UA_ServerNetworkLayer nl; THREAD_HANDLE server_thread; THREAD_CALLBACK(serverloop) { while(running) UA_Server_run_iterate(server, true); return 0; } static void setup(void) { running = true; /* Load certificate and private key */ UA_ByteString certificate; certificate.length = CERT_DER_LENGTH; certificate.data = CERT_DER_DATA; UA_ByteString privateKey; privateKey.length = KEY_DER_LENGTH; privateKey.data = KEY_DER_DATA; /* Load the trustlist */ size_t trustListSize = 0; UA_ByteString *trustList = NULL; /* TODO test trustList if(argc > 3) trustListSize = (size_t)argc-3; UA_STACKARRAY(UA_ByteString, trustList, trustListSize); for(size_t i = 0; i < trustListSize; i++) trustList[i] = loadFile(argv[i+3]); */ /* Loading of a revocation list currently unsupported */ UA_ByteString *revocationList = NULL; size_t revocationListSize = 0; config = UA_ServerConfig_new_basic128rsa15(4840, &certificate, &privateKey, trustList, trustListSize, revocationList, revocationListSize); for(size_t i = 0; i < trustListSize; i++) UA_ByteString_deleteMembers(&trustList[i]); server = UA_Server_new(config); UA_Server_run_startup(server); THREAD_CREATE(server_thread, serverloop); } static void teardown(void) { running = false; THREAD_JOIN(server_thread); UA_Server_run_shutdown(server); UA_Server_delete(server); UA_ServerConfig_delete(config); } START_TEST(encryption_connect) { UA_Client *client = NULL; UA_EndpointDescription* endpointArray = NULL; size_t endpointArraySize = 0; UA_ByteString *trustList = NULL; size_t trustListSize = 0; /* UA_ByteString *revocationList = NULL; */ /* size_t revocationListSize = 0; */ UA_ByteString *remoteCertificate = NULL; /* Load certificate and private key */ UA_ByteString certificate; certificate.length = CERT_DER_LENGTH; certificate.data = CERT_DER_DATA; ck_assert_int_ne(certificate.length, 0); UA_ByteString privateKey; privateKey.length = KEY_DER_LENGTH; privateKey.data = KEY_DER_DATA; ck_assert_int_ne(privateKey.length, 0); /* The Get endpoint (discovery service) is done with * security mode as none to see the server's capability * and certificate */ client = UA_Client_new(); UA_ClientConfig_setDefault(UA_Client_getConfig(client)); ck_assert_msg(client != NULL); remoteCertificate = UA_ByteString_new(); UA_StatusCode retval = UA_Client_getEndpoints(client, "opc.tcp://localhost:4840", &endpointArraySize, &endpointArray); ck_assert_uint_eq(retval, UA_STATUSCODE_GOOD); for(size_t endPointCount = 0; endPointCount < endpointArraySize; endPointCount++) { if(endpointArray[endPointCount].securityMode == UA_MESSAGESECURITYMODE_SIGNANDENCRYPT) UA_ByteString_copy(&endpointArray[endPointCount].serverCertificate, remoteCertificate); } if(UA_ByteString_equal(remoteCertificate, &UA_BYTESTRING_NULL)) { ck_abort_msg("Server does not support Security Mode of UA_MESSAGESECURITYMODE_SIGNANDENCRYPT"); } UA_Array_delete(endpointArray, endpointArraySize, &UA_TYPES[UA_TYPES_ENDPOINTDESCRIPTION]); /* TODO test trustList Load revocationList is not supported now if(argc > MIN_ARGS) { trustListSize = (size_t)argc-MIN_ARGS; retval = UA_ByteString_allocBuffer(trustList, trustListSize); if(retval != UA_STATUSCODE_GOOD) { cleanupClient(client, remoteCertificate); return (int)retval; } for(size_t trustListCount = 0; trustListCount < trustListSize; trustListCount++) { trustList[trustListCount] = loadFile(argv[trustListCount+3]); } } */ UA_Client_delete(client); /* Secure client initialization */ client = UA_Client_new(); /* UA_ClientConfig *cc = UA_Client_getConfig(client); */ /* UA_ClientConfig_setDefaultEncryption(cc, certificate, privateKey, */ /* trustList, trustListSize, */ /* revocationList, revocationListSize); */ ck_assert_msg(client != NULL); for(size_t deleteCount = 0; deleteCount < trustListSize; deleteCount++) { UA_ByteString_deleteMembers(&trustList[deleteCount]); } /* Secure client connect */ retval = UA_Client_connect(client, "opc.tcp://localhost:4840"); ck_assert_uint_eq(retval, UA_STATUSCODE_GOOD); UA_Variant val; UA_Variant_init(&val); UA_NodeId nodeId = UA_NODEID_NUMERIC(0, UA_NS0ID_SERVER_SERVERSTATUS_STATE); retval = UA_Client_readValueAttribute(client, nodeId, &val); ck_assert_uint_eq(retval, UA_STATUSCODE_GOOD); UA_Variant_deleteMembers(&val); UA_ByteString_delete(remoteCertificate); UA_Client_disconnect(client); UA_Client_delete(client); } END_TEST static Suite* testSuite_encryption(void) { Suite *s = suite_create("Encryption"); TCase *tc_encryption = tcase_create("Encryption basic128rsa15"); tcase_add_checked_fixture(tc_encryption, setup, teardown); #ifdef UA_ENABLE_ENCRYPTION tcase_add_test(tc_encryption, encryption_connect); #endif /* UA_ENABLE_ENCRYPTION */ suite_add_tcase(s,tc_encryption); return s; } int main(void) { Suite *s = testSuite_encryption(); SRunner *sr = srunner_create(s); srunner_set_fork_status(sr, CK_NOFORK); srunner_run_all(sr,CK_NORMAL); int number_failed = srunner_ntests_failed(sr); srunner_free(sr); return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; }