diff options
Diffstat (limited to 'src/common.h')
| -rw-r--r-- | src/common.h | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/src/common.h b/src/common.h index a531fc9..aff6ff4 100644 --- a/src/common.h +++ b/src/common.h @@ -91,22 +91,25 @@ int parseLogLevel (const char *name); /** * @brief Parses the authMode key from a configuration file. * - * When authMode is "anonymous", sets *allowAnonymous to true and - * *username / *password to NULL. When authMode is "user", sets - * *allowAnonymous to false and loads the username/password keys. + * When authMode is "anonymous", sets *allowAnonymous to true and leaves + * *username / *password as NULL. When authMode is "user", sets + * *allowAnonymous to false and loads the username/password keys. When + * authMode is "cert", sets *allowAnonymous to false and *certAuth to true. * Logs errors internally. * * @param cfg Parsed configuration. * @param program Program name (for error messages). - * @param allowAnonymous Output: true for anonymous, false for user. + * @param allowAnonymous Output: true for anonymous, false otherwise. * May be NULL (ignored — useful for client callers). * @param username Output: username string (owned by cfg), or NULL. * @param password Output: password string (owned by cfg), or NULL. + * @param certAuth Output: true when authMode is "cert", false otherwise. + * May be NULL (ignored — useful for server callers). * @return 0 on success, -1 on error. */ int parseAuthConfig (const Config *cfg, const char *program, UA_Boolean *allowAnonymous, const char **username, - const char **password); + const char **password, UA_Boolean *certAuth); /** * @brief Parses a security mode name into the corresponding enum value. @@ -149,7 +152,9 @@ UA_StatusCode createUnsecureClientConfig (UA_ClientConfig *cc, * * The config must be zero-initialized by the caller before calling this * function. Loads the certificate, private key, and trustlist, then applies - * default encryption settings. + * default encryption settings. When @p certAuth is true, also configures + * X509 certificate identity-token authentication using the same application + * certificate (mutually exclusive with username/password authentication). * * @param cc Pointer to a zero-initialized UA_ClientConfig. * @param applicationUri OPC UA application URI. @@ -161,12 +166,16 @@ UA_StatusCode createUnsecureClientConfig (UA_ClientConfig *cc, * @param securityMode Requested message security mode. * @param securityPolicyUri Security policy URI string (e.g. * "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"). + * @param certAuth When true, use the application certificate as X509 identity + * token. * @return UA_STATUSCODE_GOOD on success, error code otherwise. */ -UA_StatusCode createSecureClientConfig ( - UA_ClientConfig *cc, const char *applicationUri, const char *certPath, - const char *keyPath, char **trustPaths, size_t trustSize, - UA_MessageSecurityMode securityMode, const char *securityPolicyUri); +UA_StatusCode +createSecureClientConfig (UA_ClientConfig *cc, const char *applicationUri, + const char *certPath, const char *keyPath, + char **trustPaths, size_t trustSize, + UA_MessageSecurityMode securityMode, + const char *securityPolicyUri, UA_Boolean certAuth); /** * @brief Logs a UA_ApplicationDescription (server info from FindServers). |