From 19e4a435c122a5eed34154ecfbbd3314a0789bc5 Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Tue, 17 Feb 2026 14:59:05 +0100 Subject: Decouple LDS and server clients in ClientFindServers Create two independent UA_Client instances in client_find_servers.c: one for LDS discovery calls (FindServers, GetEndpoints) and one for server session calls (readServerTime). This allows different security modes, policies, auth, and trust lists for the LDS vs discovered servers. Config keys are now prefixed: discovery* for LDS connection settings, server* for discovered server settings. All config files updated accordingly with split trust lists (discoveryTrustList for LDS cert, serverTrustList for server cert). --- src/client_find_servers.c | 179 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 135 insertions(+), 44 deletions(-) (limited to 'src') diff --git a/src/client_find_servers.c b/src/client_find_servers.c index a85b63f..2212026 100644 --- a/src/client_find_servers.c +++ b/src/client_find_servers.c @@ -233,56 +233,110 @@ main (int argc, char **argv) if (configLoad (argv[1], &cfg) != 0) return EXIT_FAILURE; + /* ---- Shared keys ---- */ + const char *discoveryServerEndpoint = configRequire (&cfg, "discoveryEndpoint", "ClientFindServers"); const char *applicationUri = configRequire (&cfg, "applicationUri", "ClientFindServers"); - const char *certPath - = configRequire (&cfg, "certificate", "ClientFindServers"); - const char *keyPath - = configRequire (&cfg, "privateKey", "ClientFindServers"); - const char *securityModeStr - = configRequire (&cfg, "securityMode", "ClientFindServers"); - const char *securityPolicyStr - = configRequire (&cfg, "securityPolicy", "ClientFindServers"); - const char *authMode = configRequire (&cfg, "authMode", "ClientFindServers"); - - if (!discoveryServerEndpoint || !applicationUri || !certPath || !keyPath - || !securityModeStr || !securityPolicyStr || !authMode) + + if (!discoveryServerEndpoint || !applicationUri) + { + configFree (&cfg); + return EXIT_FAILURE; + } + + /* ---- Discovery-side config (LDS connection) ---- */ + + const char *discCertPath + = configRequire (&cfg, "discoveryCertificate", "ClientFindServers"); + const char *discKeyPath + = configRequire (&cfg, "discoveryPrivateKey", "ClientFindServers"); + const char *discSecModeStr + = configRequire (&cfg, "discoverySecurityMode", "ClientFindServers"); + const char *discSecPolStr + = configRequire (&cfg, "discoverySecurityPolicy", "ClientFindServers"); + const char *discAuthMode + = configRequire (&cfg, "discoveryAuthMode", "ClientFindServers"); + + if (!discCertPath || !discKeyPath || !discSecModeStr || !discSecPolStr + || !discAuthMode) + { + configFree (&cfg); + return EXIT_FAILURE; + } + + UA_MessageSecurityMode discSecMode = parseSecurityMode (discSecModeStr); + if (discSecMode == UA_MESSAGESECURITYMODE_INVALID) + { + UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, + "Unknown discovery security mode: %s", discSecModeStr); + configFree (&cfg); + return EXIT_FAILURE; + } + + const char *discSecPolUri = resolveSecurityPolicyUri (discSecPolStr); + if (!discSecPolUri) + { + UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, + "Unknown discovery security policy: %s", discSecPolStr); + configFree (&cfg); + return EXIT_FAILURE; + } + + /* ---- Server-side config (connections to discovered servers) ---- */ + + const char *srvCertPath + = configRequire (&cfg, "serverCertificate", "ClientFindServers"); + const char *srvKeyPath + = configRequire (&cfg, "serverPrivateKey", "ClientFindServers"); + const char *srvSecModeStr + = configRequire (&cfg, "serverSecurityMode", "ClientFindServers"); + const char *srvSecPolStr + = configRequire (&cfg, "serverSecurityPolicy", "ClientFindServers"); + const char *srvAuthMode + = configRequire (&cfg, "serverAuthMode", "ClientFindServers"); + + if (!srvCertPath || !srvKeyPath || !srvSecModeStr || !srvSecPolStr + || !srvAuthMode) { configFree (&cfg); return EXIT_FAILURE; } - UA_MessageSecurityMode securityMode = parseSecurityMode (securityModeStr); - if (securityMode == UA_MESSAGESECURITYMODE_INVALID) + UA_MessageSecurityMode srvSecMode = parseSecurityMode (srvSecModeStr); + if (srvSecMode == UA_MESSAGESECURITYMODE_INVALID) { UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, - "Unknown security mode: %s", securityModeStr); + "Unknown server security mode: %s", srvSecModeStr); configFree (&cfg); return EXIT_FAILURE; } - const char *securityPolicyUri = resolveSecurityPolicyUri (securityPolicyStr); - if (!securityPolicyUri) + const char *srvSecPolUri = resolveSecurityPolicyUri (srvSecPolStr); + if (!srvSecPolUri) { UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, - "Unknown security policy: %s", securityPolicyStr); + "Unknown server security policy: %s", srvSecPolStr); configFree (&cfg); return EXIT_FAILURE; } - const char *username = NULL, *password = NULL; + /* ---- Server-side auth ---- */ - if (strcmp (authMode, "anonymous") == 0) + const char *srvUsername = NULL, *srvPassword = NULL; + + if (strcmp (srvAuthMode, "anonymous") == 0) { /* No credentials needed */ } - else if (strcmp (authMode, "user") == 0) + else if (strcmp (srvAuthMode, "user") == 0) { - username = configRequire (&cfg, "username", "ClientFindServers"); - password = configRequire (&cfg, "password", "ClientFindServers"); - if (!username || !password) + srvUsername + = configRequire (&cfg, "serverUsername", "ClientFindServers"); + srvPassword + = configRequire (&cfg, "serverPassword", "ClientFindServers"); + if (!srvUsername || !srvPassword) { configFree (&cfg); return EXIT_FAILURE; @@ -291,56 +345,93 @@ main (int argc, char **argv) else { UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, - "Unknown auth mode: %s " + "Unknown server auth mode: %s " "(expected 'anonymous' or 'user')", - authMode); + srvAuthMode); configFree (&cfg); return EXIT_FAILURE; } - char **trustPaths = NULL; - size_t trustSize = 0; - configGetAll (&cfg, "trustList", &trustPaths, &trustSize); + /* ---- Trust lists ---- */ + + char **discTrustPaths = NULL; + size_t discTrustSize = 0; + configGetAll (&cfg, "discoveryTrustList", &discTrustPaths, &discTrustSize); + + char **srvTrustPaths = NULL; + size_t srvTrustSize = 0; + configGetAll (&cfg, "serverTrustList", &srvTrustPaths, &srvTrustSize); - UA_Client *client = UA_Client_new (); + /* ---- Create discovery client (LDS) ---- */ + + UA_Client *discoveryClient = UA_Client_new (); UA_StatusCode retval = createSecureClientConfig ( - UA_Client_getConfig (client), applicationUri, certPath, keyPath, - trustPaths, trustSize, securityMode, securityPolicyUri); + UA_Client_getConfig (discoveryClient), applicationUri, discCertPath, + discKeyPath, discTrustPaths, discTrustSize, discSecMode, discSecPolUri); if (retval != UA_STATUSCODE_GOOD) { - UA_Client_delete (client); - free (trustPaths); + UA_Client_delete (discoveryClient); + free (discTrustPaths); + free (srvTrustPaths); configFree (&cfg); return EXIT_FAILURE; } - UA_ClientConfig *clientConfig = UA_Client_getConfig (client); - clientConfig->logging->context = (void *)(uintptr_t)logLevel; + UA_Client_getConfig (discoveryClient)->logging->context + = (void *)(uintptr_t)logLevel; + + /* ---- Create server client (discovered servers) ---- */ + + UA_Client *serverClient = UA_Client_new (); + retval = createSecureClientConfig ( + UA_Client_getConfig (serverClient), applicationUri, srvCertPath, + srvKeyPath, srvTrustPaths, srvTrustSize, srvSecMode, srvSecPolUri); + if (retval != UA_STATUSCODE_GOOD) + { + UA_Client_delete (discoveryClient); + UA_Client_delete (serverClient); + free (discTrustPaths); + free (srvTrustPaths); + configFree (&cfg); + return EXIT_FAILURE; + } + UA_Client_getConfig (serverClient)->logging->context + = (void *)(uintptr_t)logLevel; + + /* ---- Discovery calls (use discoveryClient) ---- */ UA_ApplicationDescription *applicationDescriptionArray = NULL; size_t applicationDescriptionArraySize = 0; - retval = findServers (client, discoveryServerEndpoint, + retval = findServers (discoveryClient, discoveryServerEndpoint, &applicationDescriptionArraySize, &applicationDescriptionArray); if (retval != UA_STATUSCODE_GOOD) { - UA_Client_delete (client); - free (trustPaths); + UA_Client_delete (discoveryClient); + UA_Client_delete (serverClient); + free (discTrustPaths); + free (srvTrustPaths); configFree (&cfg); return EXIT_FAILURE; } - getServersEndpoints (client, applicationDescriptionArray, + getServersEndpoints (discoveryClient, applicationDescriptionArray, applicationDescriptionArraySize); - readServerTime (client, applicationDescriptionArray, - applicationDescriptionArraySize, username, password); + /* ---- Server calls (use serverClient) ---- */ + + readServerTime (serverClient, applicationDescriptionArray, + applicationDescriptionArraySize, srvUsername, srvPassword); + + /* ---- Cleanup ---- */ - UA_Client_delete (client); + UA_Client_delete (discoveryClient); + UA_Client_delete (serverClient); UA_Array_delete (applicationDescriptionArray, applicationDescriptionArraySize, &UA_TYPES[UA_TYPES_APPLICATIONDESCRIPTION]); - free (trustPaths); + free (discTrustPaths); + free (srvTrustPaths); configFree (&cfg); return EXIT_SUCCESS; -- cgit v1.2.3