1 files changed, 24 insertions, 83 deletions

diff --git a/src/client.c b/src/client.c
index f2166a6..ed8b12a 100644
--- a/src/client.c
+++ b/src/client.c
@@ -108,19 +108,15 @@ opGetEndpoints (UA_Client *client, const char *url)
 /**
  * Connects to a server and reads the current time node.
  *
- * @param username Username for session auth, or NULL for anonymous.
- * @param password Password for session auth (ignored when username is NULL).
+ * Authentication (anonymous, username/password, or X509 certificate) is
+ * configured in the client config before this function is called.
+ *
  * @return EXIT_SUCCESS on success, EXIT_FAILURE otherwise.
  */
 static int
-opReadTime (UA_Client *client, const char *url, const char *username,
-            const char *password)
+opReadTime (UA_Client *client, const char *url)
 {
-  UA_StatusCode retval;
-  if (username)
-    retval = UA_Client_connectUsername (client, url, username, password);
-  else
-    retval = UA_Client_connect (client, url);
+  UA_StatusCode retval = UA_Client_connect (client, url);
 
   if (retval != UA_STATUSCODE_GOOD)
     {
@@ -212,34 +208,20 @@ main (int argc, char **argv)
       return EXIT_FAILURE;
     }
 
-  /* Security configuration (optional).  When certificate, privateKey, and
-     trustStore are all omitted the client connects without encryption.
-     When any of the three is present, all three are required. */
-  const char *certPath = configGet (&cfg, "certificate");
-  const char *keyPath = configGet (&cfg, "privateKey");
-  const char *trustStore = configGet (&cfg, "trustStore");
-  UA_Boolean secure
-      = (certPath != NULL || keyPath != NULL || trustStore != NULL);
-
-  if (secure && (!certPath || !keyPath || !trustStore))
+  SecurityConfig sec;
+  if (parseSecurityConfig (&cfg, "Client", true, &sec) != 0)
     {
-      UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
-                    "Incomplete security config: certificate, privateKey, and "
-                    "trustStore must all be set, or all omitted");
       configFree (&cfg);
       return EXIT_FAILURE;
     }
 
   /* ---- Auth config (read-time only) ---- */
 
-  const char *username = NULL, *password = NULL;
-  UA_Boolean certAuth = false;
+  AuthConfig auth = { .mode = AUTH_ANONYMOUS };
 
-  if (op == OP_READ_TIME
-      && parseAuthConfig (&cfg, "Client", NULL, &username, &password,
-                          &certAuth)
-             != 0)
+  if (op == OP_READ_TIME && parseAuthConfig (&cfg, "Client", &auth) != 0)
     {
+      freeTrustStore (sec.trustPaths, sec.trustSize);
       configFree (&cfg);
       return EXIT_FAILURE;
     }
@@ -247,62 +229,21 @@ main (int argc, char **argv)
   /* ---- Create client ---- */
 
   UA_Client *client = UA_Client_new ();
-  char **trustPaths = NULL;
-  size_t trustSize = 0;
 
-  if (secure)
-    {
-      const char *secModeStr = configRequire (&cfg, "securityMode", "Client");
-      const char *secPolStr = configRequire (&cfg, "securityPolicy", "Client");
-      if (!secModeStr || !secPolStr)
-        {
-          UA_Client_delete (client);
-          configFree (&cfg);
-          return EXIT_FAILURE;
-        }
-
-      UA_MessageSecurityMode secMode = parseSecurityMode (secModeStr);
-      if (secMode == UA_MESSAGESECURITYMODE_INVALID)
-        {
-          UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
-                        "Unknown security mode: %s", secModeStr);
-          UA_Client_delete (client);
-          configFree (&cfg);
-          return EXIT_FAILURE;
-        }
-
-      const char *secPolUri = resolveSecurityPolicyUri (secPolStr);
-      if (!secPolUri)
-        {
-          UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
-                        "Unknown security policy: %s", secPolStr);
-          UA_Client_delete (client);
-          configFree (&cfg);
-          return EXIT_FAILURE;
-        }
-
-      if (loadTrustStore (trustStore, &trustPaths, &trustSize) != 0)
-        {
-          UA_Client_delete (client);
-          configFree (&cfg);
-          return EXIT_FAILURE;
-        }
-
-      UA_StatusCode retval = createSecureClientConfig (
-          UA_Client_getConfig (client), applicationUri, certPath, keyPath,
-          trustPaths, trustSize, secMode, secPolUri, certAuth);
-      if (retval != UA_STATUSCODE_GOOD)
-        {
-          UA_Client_delete (client);
-          freeTrustStore (trustPaths, trustSize);
-          configFree (&cfg);
-          return EXIT_FAILURE;
-        }
-    }
+  UA_StatusCode retval;
+  if (sec.certPath)
+    retval = createSecureClientConfig (UA_Client_getConfig (client),
+                                       applicationUri, &sec, &auth);
   else
+    retval = createUnsecureClientConfig (UA_Client_getConfig (client),
+                                         applicationUri, &auth);
+
+  if (retval != UA_STATUSCODE_GOOD)
     {
-      createUnsecureClientConfig (UA_Client_getConfig (client),
-                                  applicationUri);
+      UA_Client_delete (client);
+      freeTrustStore (sec.trustPaths, sec.trustSize);
+      configFree (&cfg);
+      return EXIT_FAILURE;
     }
 
   UA_Client_getConfig (client)->logging->context = (void *)(uintptr_t)logLevel;
@@ -319,7 +260,7 @@ main (int argc, char **argv)
       rc = opGetEndpoints (client, endpointUrl);
       break;
     case OP_READ_TIME:
-      rc = opReadTime (client, endpointUrl, username, password);
+      rc = opReadTime (client, endpointUrl);
       break;
     default:
       rc = EXIT_FAILURE;
@@ -329,7 +270,7 @@ main (int argc, char **argv)
   /* ---- Cleanup ---- */
 
   UA_Client_delete (client);
-  freeTrustStore (trustPaths, trustSize);
+  freeTrustStore (sec.trustPaths, sec.trustSize);
   configFree (&cfg);
 
   return rc;