Add direct connect, auto-detect PKI, and rework demo flow

- connectDirect(policy, mode): connect without endpoint discovery, for servers with no unencrypted endpoint. Sets user identity token policy matching the auth mode. - autoDetectPki(): scan own/certs/*.der and own/private/*.pem|crt, called automatically at startup. - Demo: discovery auto-starts, PKI section hidden behind toggle with auto-detected cert summary, direct connect appears on connect failure. File/folder dialogs for manual PKI override.
author: Thomas Vanbesien <tvanbesi@proton.me> 2026-02-18 12:03:16 +0100
committer: Thomas Vanbesien <tvanbesi@proton.me> 2026-02-18 12:03:16 +0100
commit: 23916cbb98e952aab752a647ac96020aab709bb6 (patch)
tree: 81fc9b5e551300ab348b48fa6bffbc5fddf2c95a /src/BobinkClient.cpp
parent: 1a79ab468d8cc23cfdf28ddfa85d3e03ffddf44c (diff)
download: BobinkQtOpcUa-23916cbb98e952aab752a647ac96020aab709bb6.tar.gz
BobinkQtOpcUa-23916cbb98e952aab752a647ac96020aab709bb6.zip
1 files changed, 79 insertions, 0 deletions
diff --git a/src/BobinkClient.cpp b/src/BobinkClient.cpp
index a067489..565868c 100644
--- a/src/BobinkClient.cpp
+++ b/src/BobinkClient.cpp
@@ -6,6 +6,7 @@
 #include "BobinkAuth.h"
 
 #include <QDir>
+#include <QOpcUaUserTokenPolicy>
 #include <QStandardPaths>
 
 BobinkClient *BobinkClient::s_instance = nullptr;
@@ -33,6 +34,8 @@ BobinkClient::BobinkClient(QObject *parent)
 {
     ensurePkiDirs(m_pkiDir);
     setupClient();
+    autoDetectPki();
+    applyPki();
     connect(&m_discoveryTimer, &QTimer::timeout, this, &BobinkClient::doDiscovery);
 }
 
@@ -129,6 +132,65 @@ void BobinkClient::connectToServer()
     m_client->requestEndpoints(url);
 }
 
+static QString securityPolicyUri(BobinkClient::SecurityPolicy policy)
+{
+    switch (policy) {
+    case BobinkClient::Basic256Sha256:
+        return QStringLiteral(
+            "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256");
+    case BobinkClient::Aes128_Sha256_RsaOaep:
+        return QStringLiteral(
+            "http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep");
+    case BobinkClient::Aes256_Sha256_RsaPss:
+        return QStringLiteral(
+            "http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss");
+    }
+    return {};
+}
+
+void BobinkClient::connectDirect(SecurityPolicy policy, SecurityMode mode)
+{
+    if (!m_client) {
+        emit connectionError(QStringLiteral("OPC UA backend not available"));
+        return;
+    }
+    if (m_serverUrl.isEmpty()) {
+        emit connectionError(QStringLiteral("No server URL set"));
+        return;
+    }
+    if (m_client->state() != QOpcUaClient::Disconnected) {
+        emit connectionError(QStringLiteral("Already connected or connecting"));
+        return;
+    }
+
+    QOpcUaEndpointDescription endpoint;
+    endpoint.setEndpointUrl(m_serverUrl);
+    endpoint.setSecurityPolicy(securityPolicyUri(policy));
+    endpoint.setSecurityMode(
+        static_cast<QOpcUaEndpointDescription::MessageSecurityMode>(mode));
+
+    QOpcUaUserTokenPolicy tokenPolicy;
+    if (m_auth) {
+        switch (m_auth->mode()) {
+        case BobinkAuth::Anonymous:
+            tokenPolicy.setTokenType(QOpcUaUserTokenPolicy::TokenType::Anonymous);
+            break;
+        case BobinkAuth::UserPass:
+            tokenPolicy.setTokenType(QOpcUaUserTokenPolicy::TokenType::Username);
+            break;
+        case BobinkAuth::Certificate:
+            tokenPolicy.setTokenType(QOpcUaUserTokenPolicy::TokenType::Certificate);
+            break;
+        }
+        m_client->setAuthenticationInformation(m_auth->toAuthenticationInformation());
+    } else {
+        tokenPolicy.setTokenType(QOpcUaUserTokenPolicy::TokenType::Anonymous);
+    }
+    endpoint.setUserIdentityTokens({tokenPolicy});
+
+    m_client->connectToEndpoint(endpoint);
+}
+
 void BobinkClient::disconnectFromServer()
 {
     if (m_client)
@@ -223,6 +285,23 @@ void BobinkClient::setKeyFile(const QString &path)
     emit keyFileChanged();
 }
 
+void BobinkClient::autoDetectPki()
+{
+    if (m_pkiDir.isEmpty())
+        return;
+
+    QDir certDir(m_pkiDir + QStringLiteral("/own/certs"));
+    QStringList certs = certDir.entryList({QStringLiteral("*.der")}, QDir::Files);
+    if (!certs.isEmpty())
+        setCertFile(certDir.filePath(certs.first()));
+
+    QDir keyDir(m_pkiDir + QStringLiteral("/own/private"));
+    QStringList keys = keyDir.entryList(
+        {QStringLiteral("*.pem"), QStringLiteral("*.crt")}, QDir::Files);
+    if (!keys.isEmpty())
+        setKeyFile(keyDir.filePath(keys.first()));
+}
+
 void BobinkClient::applyPki()
 {
     if (!m_client || m_pkiDir.isEmpty())
author	Thomas Vanbesien <tvanbesi@proton.me>	2026-02-18 12:03:16 +0100
committer	Thomas Vanbesien <tvanbesi@proton.me>	2026-02-18 12:03:16 +0100
commit	23916cbb98e952aab752a647ac96020aab709bb6 (patch)
tree	81fc9b5e551300ab348b48fa6bffbc5fddf2c95a /src/BobinkClient.cpp
parent	1a79ab468d8cc23cfdf28ddfa85d3e03ffddf44c (diff)
download	BobinkQtOpcUa-23916cbb98e952aab752a647ac96020aab709bb6.tar.gz BobinkQtOpcUa-23916cbb98e952aab752a647ac96020aab709bb6.zip