Refactor auth and security params into aggregate types

Introduce AuthConfig tagged union (AUTH_ANONYMOUS/AUTH_USER/AUTH_CERT) and SecurityConfig struct to replace scattered parameters. Add parseSecurityConfig helper to consolidate duplicated security parsing across all three programs. Simplify opReadTime by moving all auth handling into the client config factory functions.
author: Thomas Vanbesien <tvanbesi@proton.me> 2026-02-18 22:01:05 +0100
committer: Thomas Vanbesien <tvanbesi@proton.me> 2026-02-18 22:01:05 +0100
commit: 4a0e0ff8cca00a6e4b4557d468894682d1b91333 (patch)
tree: d5611aa59dfbd2bb5d4ee38bea8f26bb9914977b /src/server_lds.c
parent: deaabd1464784a6fddbfa9e1ac6cb0e1148a8c34 (diff)
download: BobinkCOpcUa-4a0e0ff8cca00a6e4b4557d468894682d1b91333.tar.gz
BobinkCOpcUa-4a0e0ff8cca00a6e4b4557d468894682d1b91333.zip
1 files changed, 25 insertions, 40 deletions
diff --git a/src/server_lds.c b/src/server_lds.c
index 3307073..311be4b 100644
--- a/src/server_lds.c
+++ b/src/server_lds.c
@@ -67,24 +67,6 @@ main (int argc, char *argv[])
       return EXIT_FAILURE;
     }
 
-  /* Security configuration (optional).  When certificate, privateKey, and
-     trustStore are all omitted the server runs with SecurityPolicy#None
-     only.  When any of the three is present, all three are required. */
-  const char *certPath = configGet (&cfg, "certificate");
-  const char *keyPath = configGet (&cfg, "privateKey");
-  const char *trustStore = configGet (&cfg, "trustStore");
-  UA_Boolean secure
-      = (certPath != NULL || keyPath != NULL || trustStore != NULL);
-
-  if (secure && (!certPath || !keyPath || !trustStore))
-    {
-      UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
-                    "Incomplete security config: certificate, privateKey, and "
-                    "trustStore must all be set, or all omitted");
-      configFree (&cfg);
-      return EXIT_FAILURE;
-    }
-
   /* The OPC UA specification requires the cleanup timeout to exceed the
      register-server interval.  open62541 enforces a floor of 10 seconds. */
   if (cleanupTimeout <= 10)
@@ -96,31 +78,27 @@ main (int argc, char *argv[])
       return EXIT_FAILURE;
     }
 
-  UA_Boolean allowAnonymous;
-  const char *username = NULL, *password = NULL;
-  if (parseAuthConfig (&cfg, "ServerLDS", &allowAnonymous, &username,
-                       &password, NULL)
-      != 0)
+  SecurityConfig sec;
+  if (parseSecurityConfig (&cfg, "ServerLDS", false, &sec) != 0)
     {
       configFree (&cfg);
       return EXIT_FAILURE;
     }
 
-  char **trustPaths = NULL;
-  size_t trustSize = 0;
-  if (secure && loadTrustStore (trustStore, &trustPaths, &trustSize) != 0)
+  AuthConfig auth;
+  if (parseAuthConfig (&cfg, "ServerLDS", &auth) != 0)
     {
+      freeTrustStore (sec.trustPaths, sec.trustSize);
       configFree (&cfg);
       return EXIT_FAILURE;
     }
 
   UA_StatusCode retval;
-  UA_Server *server
-      = createServer ((UA_UInt16)port, applicationUri, certPath, keyPath,
-                      trustPaths, trustSize, true, &retval);
+  UA_Server *server = createServer ((UA_UInt16)port, applicationUri,
+                                    sec.certPath ? &sec : NULL, true, &retval);
   if (!server)
     {
-      freeTrustStore (trustPaths, trustSize);
+      freeTrustStore (sec.trustPaths, sec.trustSize);
       configFree (&cfg);
       return EXIT_FAILURE;
     }
@@ -136,21 +114,28 @@ main (int argc, char *argv[])
   /* Configure access control.  UA_ServerConfig_setDefaultWithSecure-
      SecurityPolicies sets certificate-only auth by default, so we must
      always call UA_AccessControl_default to get the desired policy. */
-  if (allowAnonymous)
+  switch (auth.mode)
     {
+    case AUTH_ANONYMOUS:
       retval = UA_AccessControl_default (serverConfig, true, NULL, 0, NULL);
-    }
-  else
-    {
-      UA_UsernamePasswordLogin logins[1];
-      logins[0].username = UA_STRING ((char *)username);
-      logins[0].password = UA_STRING ((char *)password);
-      retval = UA_AccessControl_default (serverConfig, false, NULL, 1, logins);
+      break;
+    case AUTH_USER:
+      {
+        UA_UsernamePasswordLogin logins[1];
+        logins[0].username = UA_STRING ((char *)auth.user.username);
+        logins[0].password = UA_STRING ((char *)auth.user.password);
+        retval
+            = UA_AccessControl_default (serverConfig, false, NULL, 1, logins);
+        break;
+      }
+    case AUTH_CERT:
+      retval = UA_AccessControl_default (serverConfig, false, NULL, 0, NULL);
+      break;
     }
   if (retval != UA_STATUSCODE_GOOD)
     {
       UA_Server_delete (server);
-      freeTrustStore (trustPaths, trustSize);
+      freeTrustStore (sec.trustPaths, sec.trustSize);
       configFree (&cfg);
       return EXIT_FAILURE;
     }
@@ -166,7 +151,7 @@ main (int argc, char *argv[])
   retval = UA_Server_run (server, &running);
 
   UA_Server_delete (server);
-  freeTrustStore (trustPaths, trustSize);
+  freeTrustStore (sec.trustPaths, sec.trustSize);
   configFree (&cfg);
   return retval == UA_STATUSCODE_GOOD ? EXIT_SUCCESS : EXIT_FAILURE;
 }
author	Thomas Vanbesien <tvanbesi@proton.me>	2026-02-18 22:01:05 +0100
committer	Thomas Vanbesien <tvanbesi@proton.me>	2026-02-18 22:01:05 +0100
commit	4a0e0ff8cca00a6e4b4557d468894682d1b91333 (patch)
tree	d5611aa59dfbd2bb5d4ee38bea8f26bb9914977b /src/server_lds.c
parent	deaabd1464784a6fddbfa9e1ac6cb0e1148a8c34 (diff)
download	BobinkCOpcUa-4a0e0ff8cca00a6e4b4557d468894682d1b91333.tar.gz BobinkCOpcUa-4a0e0ff8cca00a6e4b4557d468894682d1b91333.zip