diff options
Diffstat (limited to 'src/common.c')
| -rw-r--r-- | src/common.c | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/src/common.c b/src/common.c index 67ea135..865fc55 100644 --- a/src/common.c +++ b/src/common.c @@ -174,7 +174,7 @@ parseLogLevel (const char *name) int parseAuthConfig (const Config *cfg, const char *program, UA_Boolean *allowAnonymous, const char **username, - const char **password) + const char **password, UA_Boolean *certAuth) { const char *authMode = configRequire (cfg, "authMode", program); if (!authMode) @@ -182,6 +182,8 @@ parseAuthConfig (const Config *cfg, const char *program, *username = NULL; *password = NULL; + if (certAuth) + *certAuth = false; if (strcmp (authMode, "anonymous") == 0) { @@ -201,8 +203,18 @@ parseAuthConfig (const Config *cfg, const char *program, return 0; } + if (strcmp (authMode, "cert") == 0) + { + if (allowAnonymous) + *allowAnonymous = false; + if (certAuth) + *certAuth = true; + return 0; + } + UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, - "%s: unknown auth mode '%s' (expected 'anonymous' or 'user')", + "%s: unknown auth mode '%s' " + "(expected 'anonymous', 'user', or 'cert')", program, authMode); return -1; } @@ -422,7 +434,7 @@ createSecureClientConfig (UA_ClientConfig *cc, const char *applicationUri, const char *certPath, const char *keyPath, char **trustPaths, size_t trustSize, UA_MessageSecurityMode securityMode, - const char *securityPolicyUri) + const char *securityPolicyUri, UA_Boolean certAuth) { UA_ByteString certificate = loadFile (certPath); UA_ByteString privateKey = loadFile (keyPath); @@ -435,6 +447,14 @@ createSecureClientConfig (UA_ClientConfig *cc, const char *applicationUri, UA_StatusCode retval = UA_ClientConfig_setDefaultEncryption ( cc, certificate, privateKey, trustList, trustSize, NULL, 0); + /* X509 identity token: reuse the application certificate. open62541 + requires that the identity cert matches the SecureChannel cert, so + a separate user cert cannot be used. Call before clearing the local + buffers since setAuthenticationCert makes its own copy. */ + if (retval == UA_STATUSCODE_GOOD && certAuth) + retval + = UA_ClientConfig_setAuthenticationCert (cc, certificate, privateKey); + UA_ByteString_clear (&certificate); UA_ByteString_clear (&privateKey); for (size_t i = 0; i < trustSize; i++) |