From 4a0e0ff8cca00a6e4b4557d468894682d1b91333 Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Wed, 18 Feb 2026 22:01:05 +0100 Subject: Refactor auth and security params into aggregate types Introduce AuthConfig tagged union (AUTH_ANONYMOUS/AUTH_USER/AUTH_CERT) and SecurityConfig struct to replace scattered parameters. Add parseSecurityConfig helper to consolidate duplicated security parsing across all three programs. Simplify opReadTime by moving all auth handling into the client config factory functions. --- src/client.c | 107 ++++++++++++++--------------------------------------------- 1 file changed, 24 insertions(+), 83 deletions(-) (limited to 'src/client.c') diff --git a/src/client.c b/src/client.c index f2166a6..ed8b12a 100644 --- a/src/client.c +++ b/src/client.c @@ -108,19 +108,15 @@ opGetEndpoints (UA_Client *client, const char *url) /** * Connects to a server and reads the current time node. * - * @param username Username for session auth, or NULL for anonymous. - * @param password Password for session auth (ignored when username is NULL). + * Authentication (anonymous, username/password, or X509 certificate) is + * configured in the client config before this function is called. + * * @return EXIT_SUCCESS on success, EXIT_FAILURE otherwise. */ static int -opReadTime (UA_Client *client, const char *url, const char *username, - const char *password) +opReadTime (UA_Client *client, const char *url) { - UA_StatusCode retval; - if (username) - retval = UA_Client_connectUsername (client, url, username, password); - else - retval = UA_Client_connect (client, url); + UA_StatusCode retval = UA_Client_connect (client, url); if (retval != UA_STATUSCODE_GOOD) { @@ -212,34 +208,20 @@ main (int argc, char **argv) return EXIT_FAILURE; } - /* Security configuration (optional). When certificate, privateKey, and - trustStore are all omitted the client connects without encryption. - When any of the three is present, all three are required. */ - const char *certPath = configGet (&cfg, "certificate"); - const char *keyPath = configGet (&cfg, "privateKey"); - const char *trustStore = configGet (&cfg, "trustStore"); - UA_Boolean secure - = (certPath != NULL || keyPath != NULL || trustStore != NULL); - - if (secure && (!certPath || !keyPath || !trustStore)) + SecurityConfig sec; + if (parseSecurityConfig (&cfg, "Client", true, &sec) != 0) { - UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, - "Incomplete security config: certificate, privateKey, and " - "trustStore must all be set, or all omitted"); configFree (&cfg); return EXIT_FAILURE; } /* ---- Auth config (read-time only) ---- */ - const char *username = NULL, *password = NULL; - UA_Boolean certAuth = false; + AuthConfig auth = { .mode = AUTH_ANONYMOUS }; - if (op == OP_READ_TIME - && parseAuthConfig (&cfg, "Client", NULL, &username, &password, - &certAuth) - != 0) + if (op == OP_READ_TIME && parseAuthConfig (&cfg, "Client", &auth) != 0) { + freeTrustStore (sec.trustPaths, sec.trustSize); configFree (&cfg); return EXIT_FAILURE; } @@ -247,62 +229,21 @@ main (int argc, char **argv) /* ---- Create client ---- */ UA_Client *client = UA_Client_new (); - char **trustPaths = NULL; - size_t trustSize = 0; - if (secure) - { - const char *secModeStr = configRequire (&cfg, "securityMode", "Client"); - const char *secPolStr = configRequire (&cfg, "securityPolicy", "Client"); - if (!secModeStr || !secPolStr) - { - UA_Client_delete (client); - configFree (&cfg); - return EXIT_FAILURE; - } - - UA_MessageSecurityMode secMode = parseSecurityMode (secModeStr); - if (secMode == UA_MESSAGESECURITYMODE_INVALID) - { - UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, - "Unknown security mode: %s", secModeStr); - UA_Client_delete (client); - configFree (&cfg); - return EXIT_FAILURE; - } - - const char *secPolUri = resolveSecurityPolicyUri (secPolStr); - if (!secPolUri) - { - UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, - "Unknown security policy: %s", secPolStr); - UA_Client_delete (client); - configFree (&cfg); - return EXIT_FAILURE; - } - - if (loadTrustStore (trustStore, &trustPaths, &trustSize) != 0) - { - UA_Client_delete (client); - configFree (&cfg); - return EXIT_FAILURE; - } - - UA_StatusCode retval = createSecureClientConfig ( - UA_Client_getConfig (client), applicationUri, certPath, keyPath, - trustPaths, trustSize, secMode, secPolUri, certAuth); - if (retval != UA_STATUSCODE_GOOD) - { - UA_Client_delete (client); - freeTrustStore (trustPaths, trustSize); - configFree (&cfg); - return EXIT_FAILURE; - } - } + UA_StatusCode retval; + if (sec.certPath) + retval = createSecureClientConfig (UA_Client_getConfig (client), + applicationUri, &sec, &auth); else + retval = createUnsecureClientConfig (UA_Client_getConfig (client), + applicationUri, &auth); + + if (retval != UA_STATUSCODE_GOOD) { - createUnsecureClientConfig (UA_Client_getConfig (client), - applicationUri); + UA_Client_delete (client); + freeTrustStore (sec.trustPaths, sec.trustSize); + configFree (&cfg); + return EXIT_FAILURE; } UA_Client_getConfig (client)->logging->context = (void *)(uintptr_t)logLevel; @@ -319,7 +260,7 @@ main (int argc, char **argv) rc = opGetEndpoints (client, endpointUrl); break; case OP_READ_TIME: - rc = opReadTime (client, endpointUrl, username, password); + rc = opReadTime (client, endpointUrl); break; default: rc = EXIT_FAILURE; @@ -329,7 +270,7 @@ main (int argc, char **argv) /* ---- Cleanup ---- */ UA_Client_delete (client); - freeTrustStore (trustPaths, trustSize); + freeTrustStore (sec.trustPaths, sec.trustSize); configFree (&cfg); return rc; -- cgit v1.2.3