#ifndef DISCOVERY_COMMON_H #define DISCOVERY_COMMON_H /** * @file common.h * @brief Shared helpers for the OPC UA discovery demo programs. * * Provides file-loading, factory, and output formatting functions used by * the LDS, the registering server, and the FindServers client. */ #include #include #include #include #include "config.h" /** * @brief Loads a DER-encoded certificate or key file into a UA_ByteString. * * @param path File path to read. * @return The file contents, or UA_BYTESTRING_NULL on error. */ UA_ByteString loadFile (const char *const path); /** * @brief Collects all *.der file paths from a trust store directory. * * Opens the directory, finds every file ending in ".der", and builds * heap-allocated full paths (dirPath/filename). The caller must free * the result with freeTrustStore(). * * @param dirPath Path to the trust store directory. * @param outPaths Output: heap-allocated array of heap-allocated strings. * Set to NULL when the directory is empty. * @param outSize Output: number of entries in outPaths. * @return 0 on success, -1 on error (logged via UA_LOG_ERROR). */ int loadTrustStore (const char *dirPath, char ***outPaths, size_t *outSize); /** * @brief Frees the array returned by loadTrustStore(). * * @param paths The array of strings (may be NULL). * @param size Number of entries. */ void freeTrustStore (char **paths, size_t size); /** * @brief Creates a UA_Server, optionally configured with security policies. * * When @p certPath is non-NULL the server is initialized with encryption * (certificate, private key, trustlist). When @p discovery is true the * server additionally offers SecurityPolicy#None restricted to discovery * services (FindServers, GetEndpoints) so that unencrypted clients can * still discover the server. When @p discovery is false the server is * purely secure — no None security policy, no None endpoint. When * @p certPath is NULL the server runs with SecurityPolicy#None only * (keyPath, trustPaths and discovery are ignored). The applicationUri * is set in both cases. * * @param port Server port number. * @param applicationUri OPC UA application URI. * @param certPath Path to server certificate (.der), or NULL for unsecure. * @param keyPath Path to private key (.der), or NULL when certPath is NULL. * @param trustPaths Array of trustlist file paths (may be NULL). * @param trustSize Number of entries in trustPaths. * @param discovery When true and certPath is non-NULL, add a None * endpoint restricted to discovery services. * @param retval Output parameter set to the status code on failure. * @return A configured UA_Server, or NULL on error. */ UA_Server *createServer (UA_UInt16 port, const char *applicationUri, const char *certPath, const char *keyPath, char **trustPaths, size_t trustSize, UA_Boolean discovery, UA_StatusCode *retval); /** * @brief Parses a log-level name into the corresponding UA_LogLevel value. * * Accepted names (case-sensitive): "trace", "debug", "info", "warning", * "error", "fatal". * * @param name Log-level name string. * @return The matching UA_LogLevel, or -1 if the name is not recognized. */ int parseLogLevel (const char *name); /** * @brief Parses the authMode key from a configuration file. * * When authMode is "anonymous", sets *allowAnonymous to true and leaves * *username / *password as NULL. When authMode is "user", sets * *allowAnonymous to false and loads the username/password keys. When * authMode is "cert", sets *allowAnonymous to false and *certAuth to true. * Logs errors internally. * * @param cfg Parsed configuration. * @param program Program name (for error messages). * @param allowAnonymous Output: true for anonymous, false otherwise. * May be NULL (ignored — useful for client callers). * @param username Output: username string (owned by cfg), or NULL. * @param password Output: password string (owned by cfg), or NULL. * @param certAuth Output: true when authMode is "cert", false otherwise. * May be NULL (ignored — useful for server callers). * @return 0 on success, -1 on error. */ int parseAuthConfig (const Config *cfg, const char *program, UA_Boolean *allowAnonymous, const char **username, const char **password, UA_Boolean *certAuth); /** * @brief Parses a security mode name into the corresponding enum value. * * Accepted names: "None", "Sign", "SignAndEncrypt". * * @param name Mode name string. * @return The matching UA_MessageSecurityMode, or * UA_MESSAGESECURITYMODE_INVALID if the name is not recognized. */ UA_MessageSecurityMode parseSecurityMode (const char *name); /** * @brief Maps a short security policy name to its full OPC UA URI. * * Accepted names: "None", "Basic256Sha256", "Aes256_Sha256_RsaPss", * "Aes128_Sha256_RsaOaep", "ECC_nistP256". * * @param shortName Short policy name. * @return The full URI string, or NULL if the name is not recognized. */ const char *resolveSecurityPolicyUri (const char *shortName); /** * @brief Initializes a UA_ClientConfig without encryption. * * Sets up a default client config with SecurityPolicy#None and the given * application URI. Explicitly sets securityMode and securityPolicyUri so * that internal endpoint negotiation matches None endpoints. * * @param cc Pointer to a zero-initialized UA_ClientConfig. * @param applicationUri OPC UA application URI. * @return UA_STATUSCODE_GOOD on success, error code otherwise. */ UA_StatusCode createUnsecureClientConfig (UA_ClientConfig *cc, const char *applicationUri); /** * @brief Initializes a UA_ClientConfig with encryption from file paths. * * The config must be zero-initialized by the caller before calling this * function. Loads the certificate, private key, and trustlist, then applies * default encryption settings. When @p certAuth is true, also configures * X509 certificate identity-token authentication using the same application * certificate (mutually exclusive with username/password authentication). * * @param cc Pointer to a zero-initialized UA_ClientConfig. * @param applicationUri OPC UA application URI. * @param certPath Path to client certificate (.der). * @param keyPath Path to private key (.der). * @param trustPaths Array of trustlist file paths (may be NULL if trustSize is * 0). * @param trustSize Number of entries in trustPaths. * @param securityMode Requested message security mode. * @param securityPolicyUri Security policy URI string (e.g. * "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"). * @param certAuth When true, use the application certificate as X509 identity * token. * @return UA_STATUSCODE_GOOD on success, error code otherwise. */ UA_StatusCode createSecureClientConfig (UA_ClientConfig *cc, const char *applicationUri, const char *certPath, const char *keyPath, char **trustPaths, size_t trustSize, UA_MessageSecurityMode securityMode, const char *securityPolicyUri, UA_Boolean certAuth); /** * @brief Logs a UA_ApplicationDescription (server info from FindServers). * * Outputs the application URI, name, product URI, type, and discovery URLs * via UA_LOG_INFO. * * @param description The application description to print. * @param index Display index (e.g. position in the FindServers result array). */ void printApplicationDescription (const UA_ApplicationDescription *description, size_t index); /** * @brief Logs a UA_EndpointDescription in a compact one-line format. * * Outputs the endpoint URL, security level, security mode, and the short * policy name (the part after '#') via UA_LOG_INFO. * * @param endpoint The endpoint description to print. * @param index Display index (e.g. position in the GetEndpoints result array). */ void printEndpoint (const UA_EndpointDescription *endpoint, size_t index); #endif /* DISCOVERY_COMMON_H */