/src/open62541_15/plugins/ua_config_default.c
Line | Count | Source |
1 | | /* This work is licensed under a Creative Commons CCZero 1.0 Universal License. |
2 | | * See http://creativecommons.org/publicdomain/zero/1.0/ for more information. |
3 | | * |
4 | | * Copyright 2017 (c) Fraunhofer IOSB (Author: Julius Pfrommer) |
5 | | * Copyright 2017 (c) Julian Grothoff |
6 | | * Copyright 2017-2018 (c) Mark Giraud, Fraunhofer IOSB |
7 | | * Copyright 2017 (c) Stefan Profanter, fortiss GmbH |
8 | | * Copyright 2017 (c) Thomas Stalder, Blue Time Concept SA |
9 | | * Copyright 2018 (c) Daniel Feist, Precitec GmbH & Co. KG |
10 | | * Copyright 2018 (c) Fabian Arndt, Root-Core |
11 | | * Copyright 2019 (c) Kalycito Infotech Private Limited |
12 | | * Copyright 2017-2020 (c) HMS Industrial Networks AB (Author: Jonas Green) |
13 | | * Copyright 2020 (c) Wind River Systems, Inc. |
14 | | * Copyright 2024 (c) Siemens AG (Authors: Tin Raic, Thomas Zeschg) |
15 | | * Copyright 2026 (c) o6 Automation GmbH (Author: Andreas Ebner) |
16 | | */ |
17 | | |
18 | | #include <open62541/plugin/accesscontrol_default.h> |
19 | | #include <open62541/plugin/nodestore_default.h> |
20 | | #include <open62541/plugin/log_stdout.h> |
21 | | #include <open62541/plugin/certificategroup_default.h> |
22 | | #include <open62541/plugin/securitypolicy_default.h> |
23 | | #include <open62541/server_config_default.h> |
24 | | #if defined(UA_ENABLE_DISCOVERY) || defined(UA_ENABLE_AMALGAMATION) |
25 | | #include <open62541/client.h> |
26 | | #include <open62541/client_config_default.h> |
27 | | #endif |
28 | | |
29 | | #include "../deps/mp_printf.h" |
30 | | |
31 | | #if defined(UA_ENABLE_ENCRYPTION_MBEDTLS) |
32 | | #include <mbedtls/version.h> |
33 | | #endif |
34 | | |
35 | | #include <stdio.h> |
36 | | #ifdef UA_ARCHITECTURE_WIN32 |
37 | | # include <winsock2.h> |
38 | | #else |
39 | | # include <unistd.h> |
40 | | #endif |
41 | | |
42 | | /* Struct initialization works across ANSI C/C99/C++ if it is done when the |
43 | | * variable is first declared. Assigning values to existing structs is |
44 | | * heterogeneous across the three. */ |
45 | | static UA_INLINE UA_UInt32Range |
46 | 43.4k | UA_UINT32RANGE(UA_UInt32 min, UA_UInt32 max) { |
47 | 43.4k | UA_UInt32Range range = {min, max}; |
48 | 43.4k | return range; |
49 | 43.4k | } |
50 | | |
51 | | static UA_INLINE UA_DurationRange |
52 | 28.9k | UA_DURATIONRANGE(UA_Duration min, UA_Duration max) { |
53 | 28.9k | UA_DurationRange range = {min, max}; |
54 | 28.9k | return range; |
55 | 28.9k | } |
56 | | |
57 | | /* Request the private key password from stdin if no callback is defined */ |
58 | | #ifdef UA_ENABLE_ENCRYPTION |
59 | | static UA_StatusCode |
60 | 0 | readPrivateKeyPassword(UA_ByteString *password) { |
61 | | /* Read from stdin */ |
62 | 0 | char buf[256]; |
63 | 0 | fputs("Private key requires a password. Enter and press return: ", stdout); |
64 | 0 | char *s = fgets(buf, 256, stdin); |
65 | 0 | if(!s) |
66 | 0 | return UA_STATUSCODE_BADINTERNALERROR; |
67 | | |
68 | | /* Get rid of any trailing \n */ |
69 | 0 | size_t len = strlen(buf); |
70 | 0 | if(len == 0) |
71 | 0 | return UA_STATUSCODE_BADINTERNALERROR; |
72 | 0 | if(buf[len-1] == '\n') |
73 | 0 | buf[len-1] = 0; |
74 | |
|
75 | 0 | *password = UA_BYTESTRING_ALLOC(buf); |
76 | 0 | return UA_STATUSCODE_GOOD; |
77 | 0 | } |
78 | | #endif |
79 | | |
80 | | UA_Server * |
81 | 0 | UA_Server_new(void) { |
82 | 0 | UA_ServerConfig config; |
83 | 0 | memset(&config, 0, sizeof(UA_ServerConfig)); |
84 | 0 | UA_StatusCode res = UA_ServerConfig_setDefault(&config); |
85 | 0 | if(res != UA_STATUSCODE_GOOD) |
86 | 0 | return NULL; |
87 | 0 | return UA_Server_newWithConfig(&config); |
88 | 0 | } |
89 | | |
90 | | #if defined(UA_ARCHITECTURE_POSIX) || defined(UA_ARCHITECTURE_WIN32) || defined(UA_ARCHITECTURE_ZEPHYR) |
91 | | /* Required for the definition of SIGINT */ |
92 | | #include <signal.h> |
93 | | |
94 | | struct InterruptContext { |
95 | | UA_Server *server; |
96 | | UA_Boolean running; |
97 | | }; |
98 | | |
99 | | static void |
100 | 0 | shutdownServer(UA_Server *server, void *context) { |
101 | 0 | struct InterruptContext *ic = (struct InterruptContext*)context; |
102 | 0 | UA_ServerConfig *config = UA_Server_getConfig(ic->server); |
103 | 0 | UA_LOG_INFO(config->logging, UA_LOGCATEGORY_APPLICATION, |
104 | 0 | "Stopping the server"); |
105 | 0 | ic->running = false; |
106 | 0 | } |
107 | | |
108 | | static void |
109 | | interruptServer(UA_InterruptManager *im, uintptr_t interruptHandle, |
110 | 0 | void *context, const UA_KeyValueMap *parameters) { |
111 | 0 | struct InterruptContext *ic = (struct InterruptContext*)context; |
112 | 0 | UA_ServerConfig *config = UA_Server_getConfig(ic->server); |
113 | |
|
114 | 0 | if(config->shutdownDelay <= 0.0) { |
115 | 0 | UA_LOG_INFO(config->logging, UA_LOGCATEGORY_APPLICATION, |
116 | 0 | "Received SIGINT interrupt. Stopping the server."); |
117 | 0 | ic->running = false; |
118 | 0 | return; |
119 | 0 | } |
120 | | |
121 | 0 | UA_LOG_INFO(config->logging, UA_LOGCATEGORY_APPLICATION, |
122 | 0 | "Received SIGINT interrupt. Stopping the server in %.2fs.", |
123 | 0 | config->shutdownDelay / 1000.0); |
124 | |
|
125 | 0 | UA_UInt32 secondsTillShutdown = (UA_UInt32)(config->shutdownDelay / 1000.0); |
126 | 0 | UA_Variant val; |
127 | 0 | UA_Variant_setScalar(&val, &secondsTillShutdown, &UA_TYPES[UA_TYPES_UINT32]); |
128 | 0 | UA_Server_writeValue(ic->server, UA_NS0ID(SERVER_SERVERSTATUS_SECONDSTILLSHUTDOWN), val); |
129 | 0 | UA_Server_addTimedCallback(ic->server, shutdownServer, ic, UA_DateTime_nowMonotonic() + |
130 | 0 | (UA_DateTime)(config->shutdownDelay * UA_DATETIME_MSEC), NULL); |
131 | | |
132 | | /* Notify the application that the server is stopping */ |
133 | 0 | if(config->notifyLifecycleState) |
134 | 0 | config->notifyLifecycleState(ic->server, UA_LIFECYCLESTATE_STOPPING); |
135 | 0 | } |
136 | | |
137 | | UA_StatusCode |
138 | 0 | UA_Server_runUntilInterrupt(UA_Server *server) { |
139 | 0 | if(!server) |
140 | 0 | return UA_STATUSCODE_BADINTERNALERROR; |
141 | 0 | UA_ServerConfig *config = UA_Server_getConfig(server); |
142 | 0 | UA_EventLoop *el = config->eventLoop; |
143 | 0 | if(!el) |
144 | 0 | return UA_STATUSCODE_BADINTERNALERROR; |
145 | | |
146 | | /* Get the interrupt manager */ |
147 | 0 | UA_EventSource *es = el->eventSources; |
148 | 0 | while(es) { |
149 | 0 | if(es->eventSourceType == UA_EVENTSOURCETYPE_INTERRUPTMANAGER) |
150 | 0 | break; |
151 | 0 | es = es->next; |
152 | 0 | } |
153 | 0 | if(!es) { |
154 | 0 | UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION, |
155 | 0 | "No Interrupt EventSource configured"); |
156 | 0 | return UA_STATUSCODE_BADINTERNALERROR; |
157 | 0 | } |
158 | 0 | UA_InterruptManager *im = (UA_InterruptManager*)es; |
159 | | |
160 | | /* Register the interrupt */ |
161 | 0 | struct InterruptContext ic; |
162 | 0 | ic.server = server; |
163 | 0 | ic.running = true; |
164 | 0 | UA_StatusCode retval = |
165 | 0 | im->registerInterrupt(im, SIGINT, &UA_KEYVALUEMAP_NULL, |
166 | 0 | interruptServer, &ic); |
167 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
168 | 0 | UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION, |
169 | 0 | "Could not register the interrupt with status code %s", |
170 | 0 | UA_StatusCode_name(retval)); |
171 | 0 | return retval; |
172 | 0 | } |
173 | | |
174 | | /* Run the server */ |
175 | 0 | retval = UA_Server_run_startup(server); |
176 | 0 | if(retval != UA_STATUSCODE_GOOD) |
177 | 0 | goto deregister_interrupt; |
178 | 0 | while(ic.running) { |
179 | 0 | UA_Server_run_iterate(server, true); |
180 | 0 | } |
181 | | |
182 | | /* Shut down the server */ |
183 | 0 | retval = UA_Server_run_shutdown(server); |
184 | | |
185 | | /* Deregister the interrupt */ |
186 | 0 | deregister_interrupt: |
187 | 0 | im->deregisterInterrupt(im, SIGINT); |
188 | 0 | return retval; |
189 | 0 | } |
190 | | |
191 | | #endif /* defined(UA_ARCHITECTURE_POSIX) || defined(UA_ARCHITECTURE_WIN32) */ |
192 | | |
193 | | /*******************************/ |
194 | | /* Default Connection Settings */ |
195 | | /*******************************/ |
196 | | |
197 | | const UA_ConnectionConfig UA_ConnectionConfig_default = { |
198 | | 0, /* .protocolVersion */ |
199 | | 1 << 16, /* .sendBufferSize, 64k per chunk */ |
200 | | 1 << 16, /* .recvBufferSize, 64k per chunk */ |
201 | | 1 << 29, /* .localMaxMessageSize, 512 MB */ |
202 | | 1 << 29, /* .remoteMaxMessageSize, 512 MB */ |
203 | | 1 << 14, /* .localMaxChunkCount, 16k */ |
204 | | 1 << 14 /* .remoteMaxChunkCount, 16k */ |
205 | | }; |
206 | | |
207 | | /***************************/ |
208 | | /* Default Server Settings */ |
209 | | /***************************/ |
210 | | |
211 | | #define MANUFACTURER_NAME "open62541" |
212 | | #define PRODUCT_NAME "open62541 OPC UA Server" |
213 | | #define PRODUCT_URI "http://open62541.org" |
214 | 14.4k | #define APPLICATION_NAME "open62541-based OPC UA Application" |
215 | | #define APPLICATION_URI "urn:open62541.unconfigured.application" |
216 | | |
217 | | /* Upper bound */ |
218 | | #define SECURITY_POLICY_SIZE 14 |
219 | | |
220 | | #define STRINGIFY(arg) #arg |
221 | | #define VERSION(MAJOR, MINOR, PATCH, LABEL) \ |
222 | | STRINGIFY(MAJOR) "." STRINGIFY(MINOR) "." STRINGIFY(PATCH) LABEL |
223 | | |
224 | | static UA_StatusCode |
225 | | addEndpoint(UA_ServerConfig *conf, |
226 | | const UA_SecurityPolicy *securityPolicy, |
227 | 14.4k | UA_MessageSecurityMode securityMode) { |
228 | | /* Test if the endpoint already exists */ |
229 | 14.4k | for(size_t i = 0; i < conf->endpointsSize; i++) { |
230 | 0 | UA_EndpointDescription *ep = &conf->endpoints[i]; |
231 | 0 | if(!UA_String_equal(&securityPolicy->policyUri, &ep->securityPolicyUri)) |
232 | 0 | continue; |
233 | 0 | if(ep->securityMode != securityMode) |
234 | 0 | continue; |
235 | 0 | return UA_STATUSCODE_GOOD; |
236 | 0 | } |
237 | | |
238 | | /* Reallocate the array size */ |
239 | 14.4k | UA_EndpointDescription *tmp = (UA_EndpointDescription *) |
240 | 14.4k | UA_realloc(conf->endpoints, |
241 | 14.4k | sizeof(UA_EndpointDescription) * (1 + conf->endpointsSize)); |
242 | 14.4k | if(!tmp) |
243 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
244 | 14.4k | conf->endpoints = tmp; |
245 | | |
246 | | /* The following fields are overwritten internally with up-to-date |
247 | | * information from the server config: |
248 | | * |
249 | | * UserTokenPolicies |
250 | | * ApplicationDescription (server) |
251 | | * ServerCertificate |
252 | | * EndpointURL */ |
253 | 14.4k | UA_EndpointDescription *endpoint = &conf->endpoints[conf->endpointsSize]; |
254 | 14.4k | UA_EndpointDescription_init(endpoint); |
255 | 14.4k | endpoint->transportProfileUri = |
256 | 14.4k | UA_STRING_ALLOC("http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary"); |
257 | 14.4k | endpoint->securityMode = securityMode; |
258 | 14.4k | endpoint->securityLevel = securityPolicy->securityLevel; |
259 | | |
260 | 14.4k | UA_StatusCode retval = UA_String_copy(&securityPolicy->policyUri, |
261 | 14.4k | &endpoint->securityPolicyUri); |
262 | | |
263 | 14.4k | if(retval == UA_STATUSCODE_GOOD) { |
264 | 14.4k | conf->endpointsSize++; |
265 | 14.4k | } else { |
266 | 0 | UA_EndpointDescription_clear(endpoint); |
267 | 0 | if(conf->endpointsSize == 0) { |
268 | 0 | UA_free(conf->endpoints); |
269 | 0 | conf->endpoints = NULL; |
270 | 0 | } |
271 | 0 | } |
272 | | |
273 | 14.4k | return retval; |
274 | 14.4k | } |
275 | | |
276 | | static UA_StatusCode |
277 | 14.4k | setDefaultConfig(UA_ServerConfig *conf, UA_UInt16 portNumber) { |
278 | 14.4k | if(!conf) |
279 | 0 | return UA_STATUSCODE_BADINVALIDARGUMENT; |
280 | | |
281 | | /* NodeStore */ |
282 | 14.4k | if(!conf->nodestore) |
283 | 14.4k | conf->nodestore = UA_Nodestore_ZipTree(); |
284 | | |
285 | | /* Logging */ |
286 | 14.4k | if(conf->logging == NULL) |
287 | 14.4k | conf->logging = UA_Log_Stdout_new(UA_LOGLEVEL_INFO); |
288 | | |
289 | | /* EventLoop */ |
290 | 14.4k | if(conf->eventLoop == NULL) { |
291 | | #if defined(UA_ARCHITECTURE_ZEPHYR) |
292 | | conf->eventLoop = UA_EventLoop_new_Zephyr(conf->logging); |
293 | | #elif defined(UA_ARCHITECTURE_LWIP) |
294 | | conf->eventLoop = UA_EventLoop_new_LWIP(conf->logging, NULL); |
295 | | #else |
296 | 14.4k | conf->eventLoop = UA_EventLoop_new_POSIX(conf->logging); |
297 | 14.4k | #endif |
298 | 14.4k | if(conf->eventLoop == NULL) |
299 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
300 | | |
301 | 14.4k | conf->externalEventLoop = false; |
302 | | |
303 | | /* Add the TCP connection manager */ |
304 | | #if defined(UA_ARCHITECTURE_ZEPHYR) |
305 | | UA_ConnectionManager *tcpCM = |
306 | | UA_ConnectionManager_new_Zephyr_TCP(UA_STRING("tcp connection manager")); |
307 | | #elif defined(UA_ARCHITECTURE_LWIP) |
308 | | UA_ConnectionManager *tcpCM = |
309 | | UA_ConnectionManager_new_LWIP_TCP(UA_STRING("tcp connection manager")); |
310 | | #else |
311 | 14.4k | UA_ConnectionManager *tcpCM = |
312 | 14.4k | UA_ConnectionManager_new_POSIX_TCP(UA_STRING("tcp connection manager")); |
313 | 14.4k | #endif |
314 | 14.4k | if(tcpCM) |
315 | 14.4k | conf->eventLoop->registerEventSource(conf->eventLoop, (UA_EventSource *)tcpCM); |
316 | | |
317 | | /* Add the UDP connection manager */ |
318 | | #if defined(UA_ARCHITECTURE_LWIP) |
319 | | UA_ConnectionManager *udpCM = |
320 | | UA_ConnectionManager_new_LWIP_UDP(UA_STRING("udp connection manager")); |
321 | | if(udpCM) |
322 | | conf->eventLoop->registerEventSource(conf->eventLoop, (UA_EventSource *)udpCM); |
323 | | #elif !defined(UA_ARCHITECTURE_ZEPHYR) |
324 | | UA_ConnectionManager *udpCM = |
325 | 14.4k | UA_ConnectionManager_new_POSIX_UDP(UA_STRING("udp connection manager")); |
326 | 14.4k | if(udpCM) |
327 | 14.4k | conf->eventLoop->registerEventSource(conf->eventLoop, (UA_EventSource *)udpCM); |
328 | 14.4k | #endif |
329 | | |
330 | | /* Add the Ethernet connection manager */ |
331 | 14.4k | #if !defined(UA_ARCHITECTURE_ZEPHYR) && !defined(UA_ARCHITECTURE_LWIP) && defined(UA_ARCHITECTURE_POSIX) && (defined(__linux__)) |
332 | 14.4k | UA_ConnectionManager *ethCM = |
333 | 14.4k | UA_ConnectionManager_new_POSIX_Ethernet(UA_STRING("eth connection manager")); |
334 | 14.4k | if(ethCM) |
335 | 14.4k | conf->eventLoop->registerEventSource(conf->eventLoop, (UA_EventSource *)ethCM); |
336 | 14.4k | #endif |
337 | | |
338 | 14.4k | #if !defined(UA_ARCHITECTURE_ZEPHYR) && !defined(UA_ARCHITECTURE_LWIP) |
339 | | /* Add the interrupt manager */ |
340 | 14.4k | UA_InterruptManager *im = UA_InterruptManager_new_POSIX(UA_STRING("interrupt manager")); |
341 | 14.4k | if(im) { |
342 | 14.4k | conf->eventLoop->registerEventSource(conf->eventLoop, &im->eventSource); |
343 | 14.4k | } else { |
344 | 0 | UA_LOG_ERROR(conf->logging, UA_LOGCATEGORY_APPLICATION, |
345 | 0 | "Cannot create the Interrupt Manager (only relevant if used)"); |
346 | 0 | } |
347 | 14.4k | #endif |
348 | | #ifdef UA_ENABLE_MQTT |
349 | | /* Add the MQTT connection manager */ |
350 | | UA_ConnectionManager *mqttCM = |
351 | | UA_ConnectionManager_new_MQTT(UA_STRING("mqtt connection manager")); |
352 | | if(mqttCM) |
353 | | conf->eventLoop->registerEventSource(conf->eventLoop, (UA_EventSource *)mqttCM); |
354 | | #endif |
355 | 14.4k | } |
356 | 14.4k | if(conf->eventLoop != NULL) { |
357 | 14.4k | if(conf->eventLoop->state != UA_EVENTLOOPSTATE_STARTED) { |
358 | 14.4k | UA_StatusCode statusCode = conf->eventLoop->start(conf->eventLoop); |
359 | 14.4k | if(statusCode != UA_STATUSCODE_GOOD) { |
360 | 0 | return statusCode; |
361 | 0 | } |
362 | 14.4k | } |
363 | 14.4k | } |
364 | | |
365 | | /* If a second server is started later it can "steal" the port. |
366 | | * Having port reuse enabled is important for development. |
367 | | * Otherwise a long TCP TIME_WAIT is required before the port can be used again. */ |
368 | 14.4k | conf->tcpReuseAddr = true; |
369 | | |
370 | | /* --> Start setting the default static config <-- */ |
371 | | |
372 | 14.4k | conf->shutdownDelay = 0.0; |
373 | | |
374 | | /* Server Description */ |
375 | 14.4k | UA_BuildInfo_clear(&conf->buildInfo); |
376 | 14.4k | conf->buildInfo.productUri = UA_STRING_ALLOC(PRODUCT_URI); |
377 | 14.4k | conf->buildInfo.manufacturerName = UA_STRING_ALLOC(MANUFACTURER_NAME); |
378 | 14.4k | conf->buildInfo.productName = UA_STRING_ALLOC(PRODUCT_NAME); |
379 | 14.4k | conf->buildInfo.softwareVersion = |
380 | 14.4k | UA_STRING_ALLOC(VERSION(UA_OPEN62541_VER_MAJOR, UA_OPEN62541_VER_MINOR, |
381 | 14.4k | UA_OPEN62541_VER_PATCH, UA_OPEN62541_VER_LABEL)); |
382 | 14.4k | conf->buildInfo.buildNumber = UA_STRING_ALLOC(__DATE__ " " __TIME__); |
383 | 14.4k | conf->buildInfo.buildDate = UA_DateTime_now(); |
384 | | |
385 | 14.4k | UA_ApplicationDescription_clear(&conf->applicationDescription); |
386 | 14.4k | conf->applicationDescription.applicationUri = UA_STRING_ALLOC(APPLICATION_URI); |
387 | 14.4k | conf->applicationDescription.productUri = UA_STRING_ALLOC(PRODUCT_URI); |
388 | 14.4k | conf->applicationDescription.applicationName = |
389 | 14.4k | UA_LOCALIZEDTEXT_ALLOC("en", APPLICATION_NAME); |
390 | 14.4k | conf->applicationDescription.applicationType = UA_APPLICATIONTYPE_SERVER; |
391 | | /* conf->applicationDescription.gatewayServerUri = UA_STRING_NULL; */ |
392 | | /* conf->applicationDescription.discoveryProfileUri = UA_STRING_NULL; */ |
393 | | /* conf->applicationDescription.discoveryUrlsSize = 0; */ |
394 | | /* conf->applicationDescription.discoveryUrls = NULL; */ |
395 | | |
396 | 14.4k | #ifdef UA_ENABLE_DISCOVERY_MULTICAST |
397 | 14.4k | UA_MdnsDiscoveryConfiguration_clear(&conf->mdnsConfig); |
398 | 14.4k | # ifdef UA_ENABLE_DISCOVERY_MULTICAST_MDNSD |
399 | 14.4k | conf->mdnsInterfaceIP = UA_STRING_NULL; |
400 | | # if !defined(UA_HAS_GETIFADDR) |
401 | | conf->mdnsIpAddressList = NULL; |
402 | | conf->mdnsIpAddressListSize = 0; |
403 | | # endif |
404 | 14.4k | # endif |
405 | 14.4k | #endif |
406 | | |
407 | | /* Custom DataTypes */ |
408 | | /* conf->customDataTypesSize = 0; */ |
409 | | /* conf->customDataTypes = NULL; */ |
410 | | |
411 | | /* Networking */ |
412 | | /* Set up the local ServerUrls. They are used during startup to initialize |
413 | | * the server sockets. */ |
414 | 14.4k | UA_String serverUrls[1]; |
415 | 14.4k | size_t serverUrlsSize = 0; |
416 | 14.4k | char serverUrlBuffer[1][512]; |
417 | | |
418 | 14.4k | if(portNumber == 0) { |
419 | 0 | UA_LOG_WARNING(conf->logging, UA_LOGCATEGORY_APPLICATION, |
420 | 0 | "Dynamic port assignment will be used."); |
421 | 0 | } |
422 | | |
423 | 14.4k | if(conf->serverUrlsSize > 0) { |
424 | 0 | UA_LOG_WARNING(conf->logging, UA_LOGCATEGORY_APPLICATION, |
425 | 0 | "ServerUrls already set. Overriding."); |
426 | 0 | UA_Array_delete(conf->serverUrls, conf->serverUrlsSize, |
427 | 0 | &UA_TYPES[UA_TYPES_STRING]); |
428 | 0 | conf->serverUrls = NULL; |
429 | 0 | conf->serverUrlsSize = 0; |
430 | 0 | } |
431 | | |
432 | | /* Listen on all interfaces (also external). This must be the first |
433 | | * entry if this is desired. Otherwise some interfaces may be blocked |
434 | | * (already in use) with a hostname that is only locally reachable.*/ |
435 | 14.4k | mp_snprintf(serverUrlBuffer[0], sizeof(serverUrlBuffer[0]), |
436 | 14.4k | "opc.tcp://:%u", portNumber); |
437 | 14.4k | serverUrls[serverUrlsSize] = UA_STRING(serverUrlBuffer[0]); |
438 | 14.4k | serverUrlsSize++; |
439 | | |
440 | | /* Add to the config */ |
441 | 14.4k | UA_StatusCode retval = |
442 | 14.4k | UA_Array_copy(serverUrls, serverUrlsSize, |
443 | 14.4k | (void**)&conf->serverUrls, &UA_TYPES[UA_TYPES_STRING]); |
444 | 14.4k | if(retval != UA_STATUSCODE_GOOD) |
445 | 0 | return retval; |
446 | 14.4k | conf->serverUrlsSize = serverUrlsSize; |
447 | | |
448 | | /* Endpoints */ |
449 | | /* conf->endpoints = {0, NULL}; */ |
450 | | |
451 | | /* Set Logger for Certificate Verification */ |
452 | 14.4k | if(!conf->secureChannelPKI.logging) |
453 | 14.4k | conf->secureChannelPKI.logging = conf->logging; |
454 | 14.4k | if(!conf->sessionPKI.logging) |
455 | 14.4k | conf->sessionPKI.logging = conf->logging; |
456 | | |
457 | 14.4k | #ifdef UA_ENABLE_ENCRYPTION |
458 | | /* Limits for TrustList */ |
459 | 14.4k | conf->maxTrustListSize = 0; |
460 | 14.4k | conf->maxRejectedListSize = 0; |
461 | 14.4k | #endif |
462 | | |
463 | | /* Certificate Verification that accepts every certificate. Can be |
464 | | * overwritten when the policy is specialized. */ |
465 | 14.4k | UA_CertificateGroup_AcceptAll(&conf->secureChannelPKI); |
466 | 14.4k | UA_CertificateGroup_AcceptAll(&conf->sessionPKI); |
467 | | |
468 | | /* * Global Node Lifecycle * */ |
469 | | /* conf->nodeLifecycle.constructor = NULL; */ |
470 | | /* conf->nodeLifecycle.destructor = NULL; */ |
471 | | /* conf->nodeLifecycle.createOptionalChild = NULL; */ |
472 | | /* conf->nodeLifecycle.generateChildNodeId = NULL; */ |
473 | 14.4k | conf->modellingRulesOnInstances = true; |
474 | | |
475 | | /* Limits for SecureChannels */ |
476 | 14.4k | conf->maxSecureChannels = 100; |
477 | 14.4k | conf->maxSecurityTokenLifetime = 10 * 60 * 1000; /* 10 minutes */ |
478 | | |
479 | | /* Limits for Sessions */ |
480 | 14.4k | conf->maxSessions = 100; |
481 | 14.4k | conf->maxSessionTimeout = 60.0 * 60.0 * 1000.0; /* 1h */ |
482 | | |
483 | 14.4k | #ifdef UA_ENABLE_SUBSCRIPTIONS |
484 | | /* Limits for Subscriptions */ |
485 | 14.4k | conf->publishingIntervalLimits = UA_DURATIONRANGE(100.0, 3600.0 * 1000.0); |
486 | 14.4k | conf->lifeTimeCountLimits = UA_UINT32RANGE(3, 15000); |
487 | 14.4k | conf->keepAliveCountLimits = UA_UINT32RANGE(1, 100); |
488 | 14.4k | conf->maxNotificationsPerPublish = 1000; |
489 | 14.4k | conf->enableRetransmissionQueue = true; |
490 | 14.4k | conf->maxRetransmissionQueueSize = 0; /* unlimited */ |
491 | 14.4k | # ifdef UA_ENABLE_SUBSCRIPTIONS_EVENTS |
492 | 14.4k | conf->maxEventsPerNode = 0; /* unlimited */ |
493 | 14.4k | # endif |
494 | | |
495 | | /* Limits for MonitoredItems */ |
496 | 14.4k | conf->samplingIntervalLimits = UA_DURATIONRANGE(50.0, 24.0 * 3600.0 * 1000.0); |
497 | 14.4k | conf->queueSizeLimits = UA_UINT32RANGE(1, 100); |
498 | 14.4k | #endif |
499 | | |
500 | 14.4k | #ifdef UA_ENABLE_DISCOVERY |
501 | 14.4k | conf->discoveryCleanupTimeout = 60 * 60; |
502 | 14.4k | #endif |
503 | | |
504 | 14.4k | #ifdef UA_ENABLE_HISTORIZING |
505 | | /* conf->accessHistoryDataCapability = false; */ |
506 | | /* conf->maxReturnDataValues = 0; */ |
507 | | |
508 | | /* conf->accessHistoryEventsCapability = false; */ |
509 | | /* conf->maxReturnEventValues = 0; */ |
510 | | |
511 | | /* conf->insertDataCapability = false; */ |
512 | | /* conf->insertEventCapability = false; */ |
513 | | /* conf->insertAnnotationsCapability = false; */ |
514 | | |
515 | | /* conf->replaceDataCapability = false; */ |
516 | | /* conf->replaceEventCapability = false; */ |
517 | | |
518 | | /* conf->updateDataCapability = false; */ |
519 | | /* conf->updateEventCapability = false; */ |
520 | | |
521 | | /* conf->deleteRawCapability = false; */ |
522 | | /* conf->deleteEventCapability = false; */ |
523 | | /* conf->deleteAtTimeDataCapability = false; */ |
524 | 14.4k | #endif |
525 | | |
526 | 14.4k | #if UA_MULTITHREADING >= 100 |
527 | 14.4k | conf->maxAsyncOperationQueueSize = 0; |
528 | 14.4k | conf->asyncOperationTimeout = 120000; /* Async Operation Timeout in ms (2 minutes) */ |
529 | 14.4k | #endif |
530 | | |
531 | 14.4k | #ifdef UA_ENABLE_PUBSUB |
532 | 14.4k | conf->pubsubEnabled = true; |
533 | 14.4k | conf->pubSubConfig.enableDeltaFrames = true; |
534 | 14.4k | #ifdef UA_ENABLE_PUBSUB_INFORMATIONMODEL |
535 | 14.4k | conf->pubSubConfig.enableInformationModelMethods = true; |
536 | 14.4k | #endif |
537 | 14.4k | #endif |
538 | | |
539 | | /* --> Finish setting the default static config <-- */ |
540 | | |
541 | 14.4k | return UA_STATUSCODE_GOOD; |
542 | 14.4k | } |
543 | | |
544 | | UA_EXPORT UA_StatusCode |
545 | 0 | UA_ServerConfig_setBasics(UA_ServerConfig* conf) { |
546 | 0 | return UA_ServerConfig_setBasics_withPort(conf, 4840); |
547 | 0 | } |
548 | | |
549 | | UA_EXPORT UA_StatusCode |
550 | 0 | UA_ServerConfig_setBasics_withPort(UA_ServerConfig* conf, UA_UInt16 portNumber) { |
551 | 0 | return setDefaultConfig(conf, portNumber); |
552 | 0 | } |
553 | | |
554 | | UA_EXPORT UA_StatusCode |
555 | | UA_ServerConfig_addSecurityPolicyNone(UA_ServerConfig *config, |
556 | 14.4k | const UA_ByteString *certificate) { |
557 | | /* Allocate the SecurityPolicies */ |
558 | 14.4k | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
559 | 14.4k | UA_realloc(config->securityPolicies, |
560 | 14.4k | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
561 | 14.4k | if(!tmp) |
562 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
563 | 14.4k | config->securityPolicies = tmp; |
564 | | |
565 | | /* Populate the SecurityPolicies */ |
566 | 14.4k | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
567 | 14.4k | if(certificate) |
568 | 0 | localCertificate = *certificate; |
569 | 14.4k | UA_StatusCode retval = |
570 | 14.4k | UA_SecurityPolicy_None(&config->securityPolicies[config->securityPoliciesSize], |
571 | 14.4k | localCertificate, config->logging); |
572 | 14.4k | if(retval != UA_STATUSCODE_GOOD) { |
573 | 0 | if(config->securityPoliciesSize == 0) { |
574 | 0 | UA_free(config->securityPolicies); |
575 | 0 | config->securityPolicies = NULL; |
576 | 0 | } |
577 | 0 | return retval; |
578 | 0 | } |
579 | | |
580 | 14.4k | config->securityPoliciesSize++; |
581 | 14.4k | return UA_STATUSCODE_GOOD; |
582 | 14.4k | } |
583 | | |
584 | | UA_EXPORT UA_StatusCode |
585 | | UA_ServerConfig_addEndpoint(UA_ServerConfig *config, const UA_String securityPolicyUri, |
586 | 14.4k | UA_MessageSecurityMode securityMode) { |
587 | | /* Lookup the security policy */ |
588 | 14.4k | const UA_SecurityPolicy *policy = NULL; |
589 | 14.4k | for (size_t i = 0; i < config->securityPoliciesSize; ++i) { |
590 | 14.4k | if (UA_String_equal(&securityPolicyUri, &config->securityPolicies[i].policyUri)) { |
591 | 14.4k | policy = &config->securityPolicies[i]; |
592 | 14.4k | break; |
593 | 14.4k | } |
594 | 14.4k | } |
595 | 14.4k | if(!policy) |
596 | 0 | return UA_STATUSCODE_BADINVALIDARGUMENT; |
597 | | |
598 | | /* Populate the endpoint */ |
599 | 14.4k | return addEndpoint(config, policy, securityMode); |
600 | 14.4k | } |
601 | | |
602 | | UA_EXPORT UA_StatusCode |
603 | 0 | UA_ServerConfig_addAllEndpoints(UA_ServerConfig *config) { |
604 | | /* Populate the endpoints */ |
605 | 0 | for(size_t i = 0; i < config->securityPoliciesSize; ++i) { |
606 | 0 | if(UA_String_equal(&UA_SECURITY_POLICY_NONE_URI, &config->securityPolicies[i].policyUri)) { |
607 | 0 | UA_StatusCode retval = |
608 | 0 | addEndpoint(config, &config->securityPolicies[i], UA_MESSAGESECURITYMODE_NONE); |
609 | 0 | if(retval != UA_STATUSCODE_GOOD) |
610 | 0 | return retval; |
611 | 0 | } else { |
612 | 0 | UA_StatusCode retval = |
613 | 0 | addEndpoint(config, &config->securityPolicies[i], UA_MESSAGESECURITYMODE_SIGN); |
614 | 0 | if(retval != UA_STATUSCODE_GOOD) |
615 | 0 | return retval; |
616 | 0 | retval = addEndpoint(config, &config->securityPolicies[i], |
617 | 0 | UA_MESSAGESECURITYMODE_SIGNANDENCRYPT); |
618 | 0 | if(retval != UA_STATUSCODE_GOOD) |
619 | 0 | return retval; |
620 | 0 | } |
621 | 0 | } |
622 | | |
623 | 0 | return UA_STATUSCODE_GOOD; |
624 | 0 | } |
625 | | |
626 | | UA_EXPORT UA_StatusCode |
627 | 0 | UA_ServerConfig_addAllSecureEndpoints(UA_ServerConfig *config) { |
628 | | |
629 | | /* Delete all predefined endpoints. */ |
630 | 0 | if(config->endpointsSize > 0) { |
631 | 0 | for(size_t i = 0; i < config->endpointsSize; ++i) |
632 | 0 | UA_EndpointDescription_clear(&config->endpoints[i]); |
633 | |
|
634 | 0 | UA_free(config->endpoints); |
635 | 0 | config->endpoints = NULL; |
636 | 0 | config->endpointsSize = 0; |
637 | 0 | } |
638 | | |
639 | | /* Populate the endpoints */ |
640 | 0 | for(size_t i = 0; i < config->securityPoliciesSize; ++i) { |
641 | | /* Skip the None and all deprecated policies */ |
642 | 0 | if(config->securityPolicies[i].securityLevel == 0) |
643 | 0 | continue; |
644 | 0 | UA_StatusCode retval = |
645 | 0 | addEndpoint(config, &config->securityPolicies[i], UA_MESSAGESECURITYMODE_SIGN); |
646 | 0 | if(retval != UA_STATUSCODE_GOOD) |
647 | 0 | return retval; |
648 | 0 | retval = addEndpoint(config, &config->securityPolicies[i], |
649 | 0 | UA_MESSAGESECURITYMODE_SIGNANDENCRYPT); |
650 | 0 | if(retval != UA_STATUSCODE_GOOD) |
651 | 0 | return retval; |
652 | 0 | } |
653 | | |
654 | 0 | return UA_STATUSCODE_GOOD; |
655 | 0 | } |
656 | | |
657 | | UA_EXPORT UA_StatusCode |
658 | | UA_ServerConfig_setMinimalCustomBuffer(UA_ServerConfig *config, UA_UInt16 portNumber, |
659 | | const UA_ByteString *certificate, |
660 | | UA_UInt32 sendBufferSize, |
661 | 14.4k | UA_UInt32 recvBufferSize) { |
662 | 14.4k | if(!config) |
663 | 0 | return UA_STATUSCODE_BADINVALIDARGUMENT; |
664 | | |
665 | 14.4k | UA_StatusCode retval = setDefaultConfig(config, portNumber); |
666 | 14.4k | if(retval != UA_STATUSCODE_GOOD) { |
667 | 0 | UA_ServerConfig_clear(config); |
668 | 0 | return retval; |
669 | 0 | } |
670 | | |
671 | | /* Set the TCP settings */ |
672 | 14.4k | config->tcpBufSize = recvBufferSize; |
673 | | |
674 | | /* Allocate the SecurityPolicies */ |
675 | 14.4k | retval = UA_ServerConfig_addSecurityPolicyNone(config, certificate); |
676 | 14.4k | if(retval != UA_STATUSCODE_GOOD) { |
677 | 0 | UA_ServerConfig_clear(config); |
678 | 0 | return retval; |
679 | 0 | } |
680 | | |
681 | | /* Initialize the Access Control plugin */ |
682 | 14.4k | retval = UA_AccessControl_default(config, true, NULL, 0, NULL); |
683 | 14.4k | if(retval != UA_STATUSCODE_GOOD) { |
684 | 0 | UA_ServerConfig_clear(config); |
685 | 0 | return retval; |
686 | 0 | } |
687 | | |
688 | | /* Allocate the endpoint */ |
689 | 14.4k | retval = UA_ServerConfig_addEndpoint(config, UA_SECURITY_POLICY_NONE_URI, |
690 | 14.4k | UA_MESSAGESECURITYMODE_NONE); |
691 | 14.4k | if(retval != UA_STATUSCODE_GOOD) { |
692 | 0 | UA_ServerConfig_clear(config); |
693 | 0 | return retval; |
694 | 0 | } |
695 | | |
696 | 14.4k | return UA_STATUSCODE_GOOD; |
697 | 14.4k | } |
698 | | |
699 | | #ifdef UA_ENABLE_ENCRYPTION |
700 | | |
701 | | UA_EXPORT UA_StatusCode |
702 | | UA_ServerConfig_addSecurityPolicyBasic128Rsa15(UA_ServerConfig *config, |
703 | | const UA_ByteString *certificate, |
704 | 0 | const UA_ByteString *privateKey) { |
705 | | /* Allocate the SecurityPolicies */ |
706 | 0 | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
707 | 0 | UA_realloc(config->securityPolicies, |
708 | 0 | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
709 | 0 | if(!tmp) |
710 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
711 | 0 | config->securityPolicies = tmp; |
712 | | |
713 | | /* Populate the SecurityPolicies */ |
714 | 0 | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
715 | 0 | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
716 | 0 | if(certificate) |
717 | 0 | localCertificate = *certificate; |
718 | 0 | if(privateKey) |
719 | 0 | localPrivateKey = *privateKey; |
720 | 0 | UA_StatusCode retval = |
721 | 0 | UA_SecurityPolicy_Basic128Rsa15(&config->securityPolicies[config->securityPoliciesSize], |
722 | 0 | localCertificate, localPrivateKey, config->logging); |
723 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
724 | 0 | if(config->securityPoliciesSize == 0) { |
725 | 0 | UA_free(config->securityPolicies); |
726 | 0 | config->securityPolicies = NULL; |
727 | 0 | } |
728 | 0 | return retval; |
729 | 0 | } |
730 | | |
731 | 0 | config->securityPoliciesSize++; |
732 | 0 | return UA_STATUSCODE_GOOD; |
733 | 0 | } |
734 | | |
735 | | UA_EXPORT UA_StatusCode |
736 | | UA_ServerConfig_addSecurityPolicyBasic256(UA_ServerConfig *config, |
737 | | const UA_ByteString *certificate, |
738 | 0 | const UA_ByteString *privateKey) { |
739 | | /* Allocate the SecurityPolicies */ |
740 | 0 | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
741 | 0 | UA_realloc(config->securityPolicies, |
742 | 0 | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
743 | 0 | if(!tmp) |
744 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
745 | 0 | config->securityPolicies = tmp; |
746 | | |
747 | | /* Populate the SecurityPolicies */ |
748 | 0 | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
749 | 0 | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
750 | 0 | if(certificate) |
751 | 0 | localCertificate = *certificate; |
752 | 0 | if(privateKey) |
753 | 0 | localPrivateKey = *privateKey; |
754 | 0 | UA_StatusCode retval = |
755 | 0 | UA_SecurityPolicy_Basic256(&config->securityPolicies[config->securityPoliciesSize], |
756 | 0 | localCertificate, localPrivateKey, config->logging); |
757 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
758 | 0 | if(config->securityPoliciesSize == 0) { |
759 | 0 | UA_free(config->securityPolicies); |
760 | 0 | config->securityPolicies = NULL; |
761 | 0 | } |
762 | 0 | return retval; |
763 | 0 | } |
764 | | |
765 | 0 | config->securityPoliciesSize++; |
766 | 0 | return UA_STATUSCODE_GOOD; |
767 | 0 | } |
768 | | |
769 | | UA_EXPORT UA_StatusCode |
770 | | UA_ServerConfig_addSecurityPolicyBasic256Sha256(UA_ServerConfig *config, |
771 | | const UA_ByteString *certificate, |
772 | 0 | const UA_ByteString *privateKey) { |
773 | | /* Allocate the SecurityPolicies */ |
774 | 0 | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
775 | 0 | UA_realloc(config->securityPolicies, |
776 | 0 | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
777 | 0 | if(!tmp) |
778 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
779 | 0 | config->securityPolicies = tmp; |
780 | | |
781 | | /* Populate the SecurityPolicies */ |
782 | 0 | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
783 | 0 | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
784 | 0 | if(certificate) |
785 | 0 | localCertificate = *certificate; |
786 | 0 | if(privateKey) |
787 | 0 | localPrivateKey = *privateKey; |
788 | 0 | UA_StatusCode retval = |
789 | 0 | UA_SecurityPolicy_Basic256Sha256(&config->securityPolicies[config->securityPoliciesSize], |
790 | 0 | localCertificate, localPrivateKey, config->logging); |
791 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
792 | 0 | if(config->securityPoliciesSize == 0) { |
793 | 0 | UA_free(config->securityPolicies); |
794 | 0 | config->securityPolicies = NULL; |
795 | 0 | } |
796 | 0 | return retval; |
797 | 0 | } |
798 | | |
799 | 0 | config->securityPoliciesSize++; |
800 | 0 | return UA_STATUSCODE_GOOD; |
801 | 0 | } |
802 | | |
803 | | UA_EXPORT UA_StatusCode |
804 | | UA_ServerConfig_addSecurityPolicyAes128Sha256RsaOaep(UA_ServerConfig *config, |
805 | | const UA_ByteString *certificate, |
806 | 0 | const UA_ByteString *privateKey) { |
807 | | /* Allocate the SecurityPolicies */ |
808 | 0 | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
809 | 0 | UA_realloc(config->securityPolicies, |
810 | 0 | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
811 | 0 | if(!tmp) |
812 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
813 | 0 | config->securityPolicies = tmp; |
814 | | |
815 | | /* Populate the SecurityPolicies */ |
816 | 0 | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
817 | 0 | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
818 | 0 | if(certificate) |
819 | 0 | localCertificate = *certificate; |
820 | 0 | if(privateKey) |
821 | 0 | localPrivateKey = *privateKey; |
822 | 0 | UA_StatusCode retval = |
823 | 0 | UA_SecurityPolicy_Aes128Sha256RsaOaep(&config->securityPolicies[config->securityPoliciesSize], |
824 | 0 | localCertificate, localPrivateKey, config->logging); |
825 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
826 | 0 | if(config->securityPoliciesSize == 0) { |
827 | 0 | UA_free(config->securityPolicies); |
828 | 0 | config->securityPolicies = NULL; |
829 | 0 | } |
830 | 0 | return retval; |
831 | 0 | } |
832 | | |
833 | 0 | config->securityPoliciesSize++; |
834 | 0 | return UA_STATUSCODE_GOOD; |
835 | 0 | } |
836 | | |
837 | | UA_EXPORT UA_StatusCode |
838 | | UA_ServerConfig_addSecurityPolicyAes256Sha256RsaPss(UA_ServerConfig *config, |
839 | | const UA_ByteString *certificate, |
840 | 0 | const UA_ByteString *privateKey) { |
841 | | /* Allocate the SecurityPolicies */ |
842 | 0 | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
843 | 0 | UA_realloc(config->securityPolicies, |
844 | 0 | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
845 | 0 | if(!tmp) |
846 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
847 | 0 | config->securityPolicies = tmp; |
848 | | |
849 | | /* Populate the SecurityPolicies */ |
850 | 0 | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
851 | 0 | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
852 | 0 | if(certificate) |
853 | 0 | localCertificate = *certificate; |
854 | 0 | if(privateKey) |
855 | 0 | localPrivateKey = *privateKey; |
856 | 0 | UA_StatusCode retval = |
857 | 0 | UA_SecurityPolicy_Aes256Sha256RsaPss(&config->securityPolicies[config->securityPoliciesSize], |
858 | 0 | localCertificate, localPrivateKey, config->logging); |
859 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
860 | 0 | if(config->securityPoliciesSize == 0) { |
861 | 0 | UA_free(config->securityPolicies); |
862 | 0 | config->securityPolicies = NULL; |
863 | 0 | } |
864 | 0 | return retval; |
865 | 0 | } |
866 | | |
867 | 0 | config->securityPoliciesSize++; |
868 | 0 | return UA_STATUSCODE_GOOD; |
869 | 0 | } |
870 | | |
871 | | #if defined(UA_ENABLE_ENCRYPTION_OPENSSL) || \ |
872 | | (defined(UA_ENABLE_ENCRYPTION_MBEDTLS) && MBEDTLS_VERSION_NUMBER >= 0x03000000) |
873 | | UA_EXPORT UA_StatusCode |
874 | | UA_ServerConfig_addSecurityPolicyEccNistP256(UA_ServerConfig *config, |
875 | | const UA_ByteString *certificate, |
876 | | const UA_ByteString *privateKey) { |
877 | | /* Allocate the SecurityPolicies */ |
878 | | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
879 | | UA_realloc(config->securityPolicies, |
880 | | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
881 | | if(!tmp) |
882 | | return UA_STATUSCODE_BADOUTOFMEMORY; |
883 | | config->securityPolicies = tmp; |
884 | | |
885 | | /* Populate the SecurityPolicies */ |
886 | | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
887 | | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
888 | | if(certificate) |
889 | | localCertificate = *certificate; |
890 | | if(privateKey) |
891 | | localPrivateKey = *privateKey; |
892 | | UA_StatusCode retval = |
893 | | UA_SecurityPolicy_EccNistP256(&config->securityPolicies[config->securityPoliciesSize], |
894 | | UA_APPLICATIONTYPE_SERVER, localCertificate, |
895 | | localPrivateKey, config->logging); |
896 | | if(retval != UA_STATUSCODE_GOOD) { |
897 | | if(config->securityPoliciesSize == 0) { |
898 | | UA_free(config->securityPolicies); |
899 | | config->securityPolicies = NULL; |
900 | | } |
901 | | return retval; |
902 | | } |
903 | | |
904 | | config->securityPoliciesSize++; |
905 | | return UA_STATUSCODE_GOOD; |
906 | | } |
907 | | |
908 | | /* The AEAD ECC policies (AesGcm / ChaChaPoly) are only implemented in the |
909 | | * OpenSSL backend; their constructors do not exist for mbedTLS. */ |
910 | | #if defined(UA_ENABLE_ENCRYPTION_OPENSSL) |
911 | | UA_EXPORT UA_StatusCode |
912 | | UA_ServerConfig_addSecurityPolicyEccNistP256AesGcm(UA_ServerConfig *config, |
913 | | const UA_ByteString *certificate, |
914 | | const UA_ByteString *privateKey) { |
915 | | /* Allocate the SecurityPolicies */ |
916 | | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
917 | | UA_realloc(config->securityPolicies, |
918 | | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
919 | | if(!tmp) |
920 | | return UA_STATUSCODE_BADOUTOFMEMORY; |
921 | | config->securityPolicies = tmp; |
922 | | |
923 | | /* Populate the SecurityPolicies */ |
924 | | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
925 | | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
926 | | if(certificate) |
927 | | localCertificate = *certificate; |
928 | | if(privateKey) |
929 | | localPrivateKey = *privateKey; |
930 | | UA_StatusCode retval = |
931 | | UA_SecurityPolicy_EccNistP256AesGcm(&config->securityPolicies[config->securityPoliciesSize], |
932 | | UA_APPLICATIONTYPE_SERVER, localCertificate, |
933 | | localPrivateKey, config->logging); |
934 | | if(retval != UA_STATUSCODE_GOOD) { |
935 | | if(config->securityPoliciesSize == 0) { |
936 | | UA_free(config->securityPolicies); |
937 | | config->securityPolicies = NULL; |
938 | | } |
939 | | return retval; |
940 | | } |
941 | | |
942 | | config->securityPoliciesSize++; |
943 | | return UA_STATUSCODE_GOOD; |
944 | | } |
945 | | |
946 | | UA_EXPORT UA_StatusCode |
947 | | UA_ServerConfig_addSecurityPolicyEccNistP256ChaChaPoly(UA_ServerConfig *config, |
948 | | const UA_ByteString *certificate, |
949 | | const UA_ByteString *privateKey) { |
950 | | /* Allocate the SecurityPolicies */ |
951 | | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
952 | | UA_realloc(config->securityPolicies, |
953 | | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
954 | | if(!tmp) |
955 | | return UA_STATUSCODE_BADOUTOFMEMORY; |
956 | | config->securityPolicies = tmp; |
957 | | |
958 | | /* Populate the SecurityPolicies */ |
959 | | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
960 | | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
961 | | if(certificate) |
962 | | localCertificate = *certificate; |
963 | | if(privateKey) |
964 | | localPrivateKey = *privateKey; |
965 | | UA_StatusCode retval = |
966 | | UA_SecurityPolicy_EccNistP256ChaChaPoly(&config->securityPolicies[config->securityPoliciesSize], |
967 | | UA_APPLICATIONTYPE_SERVER, localCertificate, |
968 | | localPrivateKey, config->logging); |
969 | | if(retval != UA_STATUSCODE_GOOD) { |
970 | | if(config->securityPoliciesSize == 0) { |
971 | | UA_free(config->securityPolicies); |
972 | | config->securityPolicies = NULL; |
973 | | } |
974 | | return retval; |
975 | | } |
976 | | |
977 | | config->securityPoliciesSize++; |
978 | | return UA_STATUSCODE_GOOD; |
979 | | } |
980 | | #endif /* UA_ENABLE_ENCRYPTION_OPENSSL (AEAD ECC policies) */ |
981 | | |
982 | | UA_EXPORT UA_StatusCode |
983 | | UA_ServerConfig_addSecurityPolicyEccNistP384(UA_ServerConfig *config, |
984 | | const UA_ByteString *certificate, |
985 | | const UA_ByteString *privateKey) { |
986 | | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
987 | | UA_realloc(config->securityPolicies, |
988 | | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
989 | | if(!tmp) |
990 | | return UA_STATUSCODE_BADOUTOFMEMORY; |
991 | | config->securityPolicies = tmp; |
992 | | |
993 | | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
994 | | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
995 | | if(certificate) |
996 | | localCertificate = *certificate; |
997 | | if(privateKey) |
998 | | localPrivateKey = *privateKey; |
999 | | UA_StatusCode retval = |
1000 | | UA_SecurityPolicy_EccNistP384(&config->securityPolicies[config->securityPoliciesSize], |
1001 | | UA_APPLICATIONTYPE_SERVER, localCertificate, |
1002 | | localPrivateKey, config->logging); |
1003 | | if(retval != UA_STATUSCODE_GOOD) { |
1004 | | if(config->securityPoliciesSize == 0) { |
1005 | | UA_free(config->securityPolicies); |
1006 | | config->securityPolicies = NULL; |
1007 | | } |
1008 | | return retval; |
1009 | | } |
1010 | | |
1011 | | config->securityPoliciesSize++; |
1012 | | return UA_STATUSCODE_GOOD; |
1013 | | } |
1014 | | UA_EXPORT UA_StatusCode |
1015 | | UA_ServerConfig_addSecurityPolicyEccBrainpoolP256r1(UA_ServerConfig *config, |
1016 | | const UA_ByteString *certificate, |
1017 | | const UA_ByteString *privateKey) { |
1018 | | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
1019 | | UA_realloc(config->securityPolicies, |
1020 | | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
1021 | | if(!tmp) |
1022 | | return UA_STATUSCODE_BADOUTOFMEMORY; |
1023 | | config->securityPolicies = tmp; |
1024 | | |
1025 | | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
1026 | | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
1027 | | if(certificate) |
1028 | | localCertificate = *certificate; |
1029 | | if(privateKey) |
1030 | | localPrivateKey = *privateKey; |
1031 | | UA_StatusCode retval = |
1032 | | UA_SecurityPolicy_EccBrainpoolP256r1(&config->securityPolicies[config->securityPoliciesSize], |
1033 | | UA_APPLICATIONTYPE_SERVER, localCertificate, |
1034 | | localPrivateKey, config->logging); |
1035 | | if(retval != UA_STATUSCODE_GOOD) { |
1036 | | if(config->securityPoliciesSize == 0) { |
1037 | | UA_free(config->securityPolicies); |
1038 | | config->securityPolicies = NULL; |
1039 | | } |
1040 | | return retval; |
1041 | | } |
1042 | | |
1043 | | config->securityPoliciesSize++; |
1044 | | return UA_STATUSCODE_GOOD; |
1045 | | } |
1046 | | UA_EXPORT UA_StatusCode |
1047 | | UA_ServerConfig_addSecurityPolicyEccBrainpoolP384r1(UA_ServerConfig *config, |
1048 | | const UA_ByteString *certificate, |
1049 | | const UA_ByteString *privateKey) { |
1050 | | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
1051 | | UA_realloc(config->securityPolicies, |
1052 | | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
1053 | | if(!tmp) |
1054 | | return UA_STATUSCODE_BADOUTOFMEMORY; |
1055 | | config->securityPolicies = tmp; |
1056 | | |
1057 | | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
1058 | | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
1059 | | if(certificate) |
1060 | | localCertificate = *certificate; |
1061 | | if(privateKey) |
1062 | | localPrivateKey = *privateKey; |
1063 | | UA_StatusCode retval = |
1064 | | UA_SecurityPolicy_EccBrainpoolP384r1(&config->securityPolicies[config->securityPoliciesSize], |
1065 | | UA_APPLICATIONTYPE_SERVER, localCertificate, |
1066 | | localPrivateKey, config->logging); |
1067 | | if(retval != UA_STATUSCODE_GOOD) { |
1068 | | if(config->securityPoliciesSize == 0) { |
1069 | | UA_free(config->securityPolicies); |
1070 | | config->securityPolicies = NULL; |
1071 | | } |
1072 | | return retval; |
1073 | | } |
1074 | | |
1075 | | config->securityPoliciesSize++; |
1076 | | return UA_STATUSCODE_GOOD; |
1077 | | } |
1078 | | #endif /* UA_ENABLE_ENCRYPTION_OPENSSL || mbedTLS ECC */ |
1079 | | |
1080 | | #if defined(UA_ENABLE_ENCRYPTION_OPENSSL) |
1081 | | UA_EXPORT UA_StatusCode |
1082 | | UA_ServerConfig_addSecurityPolicyEccCurve25519(UA_ServerConfig *config, |
1083 | | const UA_ByteString *certificate, |
1084 | | const UA_ByteString *privateKey) { |
1085 | | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
1086 | | UA_realloc(config->securityPolicies, |
1087 | | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
1088 | | if(!tmp) |
1089 | | return UA_STATUSCODE_BADOUTOFMEMORY; |
1090 | | config->securityPolicies = tmp; |
1091 | | |
1092 | | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
1093 | | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
1094 | | if(certificate) |
1095 | | localCertificate = *certificate; |
1096 | | if(privateKey) |
1097 | | localPrivateKey = *privateKey; |
1098 | | UA_StatusCode retval = |
1099 | | UA_SecurityPolicy_EccCurve25519(&config->securityPolicies[config->securityPoliciesSize], |
1100 | | UA_APPLICATIONTYPE_SERVER, localCertificate, |
1101 | | localPrivateKey, config->logging); |
1102 | | if(retval != UA_STATUSCODE_GOOD) { |
1103 | | if(config->securityPoliciesSize == 0) { |
1104 | | UA_free(config->securityPolicies); |
1105 | | config->securityPolicies = NULL; |
1106 | | } |
1107 | | return retval; |
1108 | | } |
1109 | | |
1110 | | config->securityPoliciesSize++; |
1111 | | return UA_STATUSCODE_GOOD; |
1112 | | } |
1113 | | UA_EXPORT UA_StatusCode |
1114 | | UA_ServerConfig_addSecurityPolicyEccCurve448(UA_ServerConfig *config, |
1115 | | const UA_ByteString *certificate, |
1116 | | const UA_ByteString *privateKey) { |
1117 | | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
1118 | | UA_realloc(config->securityPolicies, |
1119 | | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
1120 | | if(!tmp) |
1121 | | return UA_STATUSCODE_BADOUTOFMEMORY; |
1122 | | config->securityPolicies = tmp; |
1123 | | |
1124 | | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
1125 | | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
1126 | | if(certificate) |
1127 | | localCertificate = *certificate; |
1128 | | if(privateKey) |
1129 | | localPrivateKey = *privateKey; |
1130 | | UA_StatusCode retval = |
1131 | | UA_SecurityPolicy_EccCurve448(&config->securityPolicies[config->securityPoliciesSize], |
1132 | | UA_APPLICATIONTYPE_SERVER, localCertificate, |
1133 | | localPrivateKey, config->logging); |
1134 | | if(retval != UA_STATUSCODE_GOOD) { |
1135 | | if(config->securityPoliciesSize == 0) { |
1136 | | UA_free(config->securityPolicies); |
1137 | | config->securityPolicies = NULL; |
1138 | | } |
1139 | | return retval; |
1140 | | } |
1141 | | |
1142 | | config->securityPoliciesSize++; |
1143 | | return UA_STATUSCODE_GOOD; |
1144 | | } |
1145 | | #endif |
1146 | | |
1147 | | |
1148 | | /* This assumes that the sp array has enough space for up to SECURITY_POLICY_SIZE policies. |
1149 | | * Policies that have been added are not cleaned up after an error. |
1150 | | * Certificate and/or pricateKey can be NULL and will not be used then. |
1151 | | * Logs a warning if policies could not be added. */ |
1152 | | static void |
1153 | | addAllSecurityPolicies(UA_SecurityPolicy *sp, size_t *length, |
1154 | | const UA_ByteString certificate, const UA_ByteString privateKey, |
1155 | | UA_Boolean onlySecure, UA_ApplicationType applicationType, |
1156 | 0 | UA_Logger *logging) { |
1157 | | /* Basic256Sha256 */ |
1158 | 0 | UA_StatusCode retval = UA_SecurityPolicy_Basic256Sha256(sp + *length, certificate, privateKey, logging); |
1159 | 0 | *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0; |
1160 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1161 | 0 | UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION, |
1162 | 0 | "Could not add SecurityPolicy#Basic256Sha256 with error code %s", |
1163 | 0 | UA_StatusCode_name(retval)); |
1164 | 0 | } |
1165 | | |
1166 | | /* Aes256Sha256RsaPss */ |
1167 | 0 | retval = UA_SecurityPolicy_Aes256Sha256RsaPss(sp + *length, certificate, privateKey, logging); |
1168 | 0 | *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0; |
1169 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1170 | 0 | UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION, |
1171 | 0 | "Could not add SecurityPolicy#Aes256Sha256RsaPss with error code %s", |
1172 | 0 | UA_StatusCode_name(retval)); |
1173 | 0 | } |
1174 | | |
1175 | | /* Aes128Sha256RsaOaep */ |
1176 | 0 | retval = UA_SecurityPolicy_Aes128Sha256RsaOaep(sp + *length, certificate, privateKey, logging); |
1177 | 0 | *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0; |
1178 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1179 | 0 | UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION, |
1180 | 0 | "Could not add SecurityPolicy#Aes128Sha256RsaOaep with error code %s", |
1181 | 0 | UA_StatusCode_name(retval)); |
1182 | 0 | } |
1183 | | |
1184 | | /* The non-deprecated ECC SecurityPolicies are the AEAD profiles, which are |
1185 | | * implemented only in the OpenSSL backend. The deprecated non-AEAD ECC |
1186 | | * policies (EccNistP256/P384, EccBrainpoolP256r1/P384r1) are not part of the |
1187 | | * default set; add them explicitly via UA_ServerConfig_addSecurityPolicyEcc*. */ |
1188 | | #if defined(UA_ENABLE_ENCRYPTION_OPENSSL) |
1189 | | /* EccNistP256AesGcm */ |
1190 | | retval = UA_SecurityPolicy_EccNistP256AesGcm(sp + *length, applicationType, |
1191 | | certificate, privateKey, logging); |
1192 | | *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0; |
1193 | | if(retval != UA_STATUSCODE_GOOD) { |
1194 | | UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION, |
1195 | | "Could not add SecurityPolicy#EccNistP256_AesGcm with error code %s", |
1196 | | UA_StatusCode_name(retval)); |
1197 | | } |
1198 | | |
1199 | | /* EccNistP256ChaChaPoly */ |
1200 | | retval = UA_SecurityPolicy_EccNistP256ChaChaPoly(sp + *length, applicationType, |
1201 | | certificate, privateKey, logging); |
1202 | | *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0; |
1203 | | if(retval != UA_STATUSCODE_GOOD) { |
1204 | | UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION, |
1205 | | "Could not add SecurityPolicy#EccNistP256_ChaChaPoly with error code %s", |
1206 | | UA_StatusCode_name(retval)); |
1207 | | } |
1208 | | |
1209 | | /* EccCurve25519 */ |
1210 | | retval = UA_SecurityPolicy_EccCurve25519(sp + *length, applicationType, |
1211 | | certificate, privateKey, logging); |
1212 | | *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0; |
1213 | | if(retval != UA_STATUSCODE_GOOD) { |
1214 | | UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION, |
1215 | | "Could not add SecurityPolicy#EccCurve25519 with error code %s", |
1216 | | UA_StatusCode_name(retval)); |
1217 | | } |
1218 | | |
1219 | | /* EccCurve448 */ |
1220 | | retval = UA_SecurityPolicy_EccCurve448(sp + *length, applicationType, |
1221 | | certificate, privateKey, logging); |
1222 | | *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0; |
1223 | | if(retval != UA_STATUSCODE_GOOD) { |
1224 | | UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION, |
1225 | | "Could not add SecurityPolicy#EccCurve448 with error code %s", |
1226 | | UA_StatusCode_name(retval)); |
1227 | | } |
1228 | | #endif |
1229 | | |
1230 | | /* Don't add "unsecure" SecurityPolicies */ |
1231 | 0 | if(onlySecure) |
1232 | 0 | return; |
1233 | | |
1234 | | /* None */ |
1235 | 0 | retval = UA_SecurityPolicy_None(sp + *length, certificate, logging); |
1236 | 0 | *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0; |
1237 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1238 | 0 | UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION, |
1239 | 0 | "Could not add SecurityPolicy#None with error code %s", |
1240 | 0 | UA_StatusCode_name(retval)); |
1241 | 0 | } |
1242 | |
|
1243 | | #ifdef UA_INCLUDE_INSECURE_POLICIES |
1244 | | /* Basic128Rsa15 should no longer be used */ |
1245 | | retval = UA_SecurityPolicy_Basic128Rsa15(sp + *length, certificate, privateKey, logging); |
1246 | | *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0; |
1247 | | if(retval != UA_STATUSCODE_GOOD) { |
1248 | | UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION, |
1249 | | "Could not add SecurityPolicy#Basic128Rsa15 with error code %s", |
1250 | | UA_StatusCode_name(retval)); |
1251 | | } |
1252 | | |
1253 | | /* Basic256 should no longer be used */ |
1254 | | retval = UA_SecurityPolicy_Basic256(sp + *length, certificate, privateKey, logging); |
1255 | | *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0; |
1256 | | if(retval != UA_STATUSCODE_GOOD) { |
1257 | | UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION, |
1258 | | "Could not add SecurityPolicy#Basic256 with error code %s", |
1259 | | UA_StatusCode_name(retval)); |
1260 | | } |
1261 | | #endif |
1262 | | |
1263 | | /* The non-AEAD ECC SecurityPolicies (EccNistP256/P384, |
1264 | | * EccBrainpoolP256r1/P384r1) are deprecated (OPC UA Part 7), superseded by |
1265 | | * their *_AesGcm / *_ChaChaPoly variants. They are not part of the default |
1266 | | * policy set; use the UA_ServerConfig_addSecurityPolicyEcc* functions to add |
1267 | | * them explicitly. */ |
1268 | 0 | } |
1269 | | |
1270 | | static UA_StatusCode |
1271 | | addAllServerSecurityPolicies(UA_ServerConfig *config, |
1272 | | const UA_ByteString *certificate, const UA_ByteString *privateKey, |
1273 | 0 | UA_Boolean onlySecure) { |
1274 | | /* Populate the cert variables */ |
1275 | 0 | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
1276 | 0 | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
1277 | 0 | if(certificate) |
1278 | 0 | localCertificate = *certificate; |
1279 | 0 | if(privateKey) |
1280 | 0 | localPrivateKey = *privateKey; |
1281 | | |
1282 | | /* Load the private key and convert to the DER format. Use an empty password |
1283 | | * on the first try -- maybe the key does not require a password. */ |
1284 | 0 | UA_ByteString decryptedPrivateKey = UA_BYTESTRING_NULL; |
1285 | 0 | UA_ByteString keyPassword = UA_BYTESTRING_NULL; |
1286 | 0 | UA_StatusCode keySuccess = UA_STATUSCODE_GOOD; |
1287 | 0 | if(privateKey && privateKey->length > 0) |
1288 | 0 | keySuccess = UA_CertificateUtils_decryptPrivateKey(localPrivateKey, keyPassword, |
1289 | 0 | &decryptedPrivateKey); |
1290 | | |
1291 | | /* Get the password and decrypt. An application might want to loop / retry |
1292 | | * here to allow users to correct their entry. */ |
1293 | 0 | if(keySuccess != UA_STATUSCODE_GOOD) { |
1294 | 0 | if(config->privateKeyPasswordCallback) |
1295 | 0 | keySuccess = config->privateKeyPasswordCallback(config, &keyPassword); |
1296 | 0 | else |
1297 | 0 | keySuccess = readPrivateKeyPassword(&keyPassword); |
1298 | 0 | if(keySuccess != UA_STATUSCODE_GOOD) |
1299 | 0 | return keySuccess; |
1300 | 0 | keySuccess = UA_CertificateUtils_decryptPrivateKey(localPrivateKey, keyPassword, |
1301 | 0 | &decryptedPrivateKey); |
1302 | 0 | UA_ByteString_memZero(&keyPassword); |
1303 | 0 | UA_ByteString_clear(&keyPassword); |
1304 | 0 | } |
1305 | 0 | if(keySuccess != UA_STATUSCODE_GOOD) { |
1306 | 0 | UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION, |
1307 | 0 | "Could not decrypt the private key with status code %s", |
1308 | 0 | UA_StatusCode_name(keySuccess)); |
1309 | 0 | return keySuccess; |
1310 | 0 | } |
1311 | | |
1312 | | /* Clear up the old SecurityPolicies */ |
1313 | 0 | for(size_t i = 0; i < config->securityPoliciesSize; i++) { |
1314 | 0 | config->securityPolicies[i].clear(&config->securityPolicies[i]); |
1315 | 0 | } |
1316 | | |
1317 | | /* Allocate memory for the additional policies */ |
1318 | 0 | UA_SecurityPolicy *tmp = (UA_SecurityPolicy*) |
1319 | 0 | UA_realloc(config->securityPolicies, sizeof(UA_SecurityPolicy) * SECURITY_POLICY_SIZE); |
1320 | 0 | if(!tmp) { |
1321 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
1322 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
1323 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
1324 | 0 | } |
1325 | | |
1326 | 0 | config->securityPolicies = tmp; |
1327 | 0 | config->securityPoliciesSize = 0; |
1328 | | |
1329 | | /* Do the generic addition of certificates */ |
1330 | 0 | addAllSecurityPolicies(config->securityPolicies, &config->securityPoliciesSize, |
1331 | 0 | localCertificate, decryptedPrivateKey, onlySecure, |
1332 | 0 | UA_APPLICATIONTYPE_SERVER, config->logging); |
1333 | |
|
1334 | 0 | if(config->securityPoliciesSize == 0) { |
1335 | 0 | UA_free(config->securityPolicies); |
1336 | 0 | config->securityPolicies = NULL; |
1337 | 0 | } |
1338 | |
|
1339 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
1340 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
1341 | 0 | return UA_STATUSCODE_GOOD; |
1342 | 0 | } |
1343 | | |
1344 | | UA_StatusCode |
1345 | | UA_ServerConfig_addAllSecurityPolicies(UA_ServerConfig *config, |
1346 | | const UA_ByteString *certificate, |
1347 | 0 | const UA_ByteString *privateKey) { |
1348 | 0 | return addAllServerSecurityPolicies(config, certificate, privateKey, false); |
1349 | 0 | } |
1350 | | |
1351 | | /* Always returns UA_STATUSCODE_GOOD. Logs a warning if policies could not be added. */ |
1352 | | UA_StatusCode |
1353 | | UA_ServerConfig_addAllSecureSecurityPolicies(UA_ServerConfig *config, |
1354 | | const UA_ByteString *certificate, |
1355 | 0 | const UA_ByteString *privateKey) { |
1356 | 0 | return addAllServerSecurityPolicies(config, certificate, privateKey, true); |
1357 | 0 | } |
1358 | | |
1359 | | UA_EXPORT UA_StatusCode |
1360 | | UA_ServerConfig_setDefaultWithSecurityPolicies(UA_ServerConfig *conf, |
1361 | | UA_UInt16 portNumber, |
1362 | | const UA_ByteString *certificate, |
1363 | | const UA_ByteString *privateKey, |
1364 | | const UA_ByteString *trustList, |
1365 | | size_t trustListSize, |
1366 | | const UA_ByteString *issuerList, |
1367 | | size_t issuerListSize, |
1368 | | const UA_ByteString *revocationList, |
1369 | 0 | size_t revocationListSize) { |
1370 | 0 | UA_StatusCode retval = setDefaultConfig(conf, portNumber); |
1371 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1372 | 0 | UA_ServerConfig_clear(conf); |
1373 | 0 | return retval; |
1374 | 0 | } |
1375 | | |
1376 | 0 | if(trustListSize > 0) { |
1377 | 0 | UA_TrustListDataType list; |
1378 | 0 | UA_TrustListDataType_init(&list); |
1379 | 0 | list.specifiedLists |= UA_TRUSTLISTMASKS_TRUSTEDCERTIFICATES; |
1380 | 0 | retval = UA_Array_copy(trustList, trustListSize, |
1381 | 0 | (void**)&list.trustedCertificates, |
1382 | 0 | &UA_TYPES[UA_TYPES_BYTESTRING]); |
1383 | 0 | if(retval != UA_STATUSCODE_GOOD) |
1384 | 0 | return retval; |
1385 | 0 | list.trustedCertificatesSize = trustListSize; |
1386 | |
|
1387 | 0 | if(issuerListSize > 0) { |
1388 | 0 | list.specifiedLists |= UA_TRUSTLISTMASKS_ISSUERCERTIFICATES; |
1389 | 0 | retval = UA_Array_copy(issuerList, issuerListSize, |
1390 | 0 | (void**)&list.issuerCertificates, |
1391 | 0 | &UA_TYPES[UA_TYPES_BYTESTRING]); |
1392 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1393 | 0 | UA_TrustListDataType_clear(&list); |
1394 | 0 | return retval; |
1395 | 0 | } |
1396 | 0 | list.issuerCertificatesSize = issuerListSize; |
1397 | 0 | } |
1398 | | |
1399 | 0 | if(revocationListSize > 0) { |
1400 | 0 | list.specifiedLists |= UA_TRUSTLISTMASKS_TRUSTEDCRLS; |
1401 | 0 | retval = UA_Array_copy(revocationList, revocationListSize, |
1402 | 0 | (void**)&list.trustedCrls, |
1403 | 0 | &UA_TYPES[UA_TYPES_BYTESTRING]); |
1404 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1405 | 0 | UA_TrustListDataType_clear(&list); |
1406 | 0 | return retval; |
1407 | 0 | } |
1408 | 0 | list.trustedCrlsSize = revocationListSize; |
1409 | 0 | } |
1410 | | |
1411 | | /* Set up the parameters */ |
1412 | 0 | UA_KeyValuePair params[2]; |
1413 | 0 | size_t paramsSize = 2; |
1414 | |
|
1415 | 0 | params[0].key = UA_QUALIFIEDNAME(0, "max-trust-listsize"); |
1416 | 0 | UA_Variant_setScalar(¶ms[0].value, &conf->maxTrustListSize, |
1417 | 0 | &UA_TYPES[UA_TYPES_UINT32]); |
1418 | 0 | params[1].key = UA_QUALIFIEDNAME(0, "max-rejected-listsize"); |
1419 | 0 | UA_Variant_setScalar(¶ms[1].value, &conf->maxRejectedListSize, |
1420 | 0 | &UA_TYPES[UA_TYPES_UINT32]); |
1421 | |
|
1422 | 0 | UA_KeyValueMap paramsMap; |
1423 | 0 | paramsMap.map = params; |
1424 | 0 | paramsMap.mapSize = paramsSize; |
1425 | |
|
1426 | 0 | UA_NodeId defaultApplicationGroup = |
1427 | 0 | UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTAPPLICATIONGROUP); |
1428 | 0 | retval = UA_CertificateGroup_Memorystore(&conf->secureChannelPKI, |
1429 | 0 | &defaultApplicationGroup, &list, |
1430 | 0 | conf->logging, ¶msMap); |
1431 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1432 | 0 | UA_TrustListDataType_clear(&list); |
1433 | 0 | return retval; |
1434 | 0 | } |
1435 | | |
1436 | 0 | UA_NodeId defaultUserTokenGroup = |
1437 | 0 | UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTUSERTOKENGROUP); |
1438 | 0 | retval = UA_CertificateGroup_Memorystore(&conf->sessionPKI, |
1439 | 0 | &defaultUserTokenGroup, &list, |
1440 | 0 | conf->logging, ¶msMap); |
1441 | 0 | UA_TrustListDataType_clear(&list); |
1442 | 0 | if(retval != UA_STATUSCODE_GOOD) |
1443 | 0 | return retval; |
1444 | 0 | } else { |
1445 | 0 | UA_LOG_WARNING(conf->logging, UA_LOGCATEGORY_APPLICATION, |
1446 | 0 | "Empty trustlist passed. Leaving the previously " |
1447 | 0 | "configured certificate verification in place"); |
1448 | 0 | } |
1449 | | |
1450 | 0 | retval = UA_ServerConfig_addAllSecurityPolicies(conf, certificate, privateKey); |
1451 | | |
1452 | | /* Reinitialize AccessControl to take the changed SecurityPolicies into account |
1453 | | * TODO: This looses username/pw during the reinitialization */ |
1454 | 0 | if(retval == UA_STATUSCODE_GOOD) |
1455 | 0 | retval = UA_AccessControl_default(conf, true, NULL, 0, NULL); |
1456 | |
|
1457 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1458 | 0 | UA_ServerConfig_clear(conf); |
1459 | 0 | return retval; |
1460 | 0 | } |
1461 | | |
1462 | 0 | retval = UA_ServerConfig_addAllEndpoints(conf); |
1463 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1464 | 0 | UA_ServerConfig_clear(conf); |
1465 | 0 | return retval; |
1466 | 0 | } |
1467 | | |
1468 | 0 | return UA_STATUSCODE_GOOD; |
1469 | 0 | } |
1470 | | |
1471 | | UA_EXPORT UA_StatusCode |
1472 | | UA_ServerConfig_setDefaultWithSecureSecurityPolicies(UA_ServerConfig *conf, |
1473 | | UA_UInt16 portNumber, |
1474 | | const UA_ByteString *certificate, |
1475 | | const UA_ByteString *privateKey, |
1476 | | const UA_ByteString *trustList, |
1477 | | size_t trustListSize, |
1478 | | const UA_ByteString *issuerList, |
1479 | | size_t issuerListSize, |
1480 | | const UA_ByteString *revocationList, |
1481 | 0 | size_t revocationListSize) { |
1482 | 0 | UA_StatusCode retval = setDefaultConfig(conf, portNumber); |
1483 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1484 | 0 | UA_ServerConfig_clear(conf); |
1485 | 0 | return retval; |
1486 | 0 | } |
1487 | | |
1488 | 0 | if(trustListSize > 0) { |
1489 | 0 | UA_TrustListDataType list; |
1490 | 0 | UA_TrustListDataType_init(&list); |
1491 | 0 | list.specifiedLists |= UA_TRUSTLISTMASKS_TRUSTEDCERTIFICATES; |
1492 | 0 | retval = UA_Array_copy(trustList, trustListSize, |
1493 | 0 | (void**)&list.trustedCertificates, |
1494 | 0 | &UA_TYPES[UA_TYPES_BYTESTRING]); |
1495 | 0 | if(retval != UA_STATUSCODE_GOOD) |
1496 | 0 | return retval; |
1497 | 0 | list.trustedCertificatesSize = trustListSize; |
1498 | |
|
1499 | 0 | if(issuerListSize > 0) { |
1500 | 0 | list.specifiedLists |= UA_TRUSTLISTMASKS_ISSUERCERTIFICATES; |
1501 | 0 | retval = UA_Array_copy(issuerList, issuerListSize, |
1502 | 0 | (void**)&list.issuerCertificates, |
1503 | 0 | &UA_TYPES[UA_TYPES_BYTESTRING]); |
1504 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1505 | 0 | UA_TrustListDataType_clear(&list); |
1506 | 0 | return retval; |
1507 | 0 | } |
1508 | 0 | list.issuerCertificatesSize = issuerListSize; |
1509 | 0 | } |
1510 | | |
1511 | 0 | if(revocationListSize > 0) { |
1512 | 0 | list.specifiedLists |= UA_TRUSTLISTMASKS_TRUSTEDCRLS; |
1513 | 0 | retval = UA_Array_copy(revocationList, revocationListSize, |
1514 | 0 | (void**)&list.trustedCrls, |
1515 | 0 | &UA_TYPES[UA_TYPES_BYTESTRING]); |
1516 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1517 | 0 | UA_TrustListDataType_clear(&list); |
1518 | 0 | return retval; |
1519 | 0 | } |
1520 | 0 | list.trustedCrlsSize = revocationListSize; |
1521 | 0 | } |
1522 | | |
1523 | | /* Set up the parameters */ |
1524 | 0 | UA_KeyValuePair params[2]; |
1525 | 0 | size_t paramsSize = 2; |
1526 | |
|
1527 | 0 | params[0].key = UA_QUALIFIEDNAME(0, "max-trust-listsize"); |
1528 | 0 | UA_Variant_setScalar(¶ms[0].value, &conf->maxTrustListSize, &UA_TYPES[UA_TYPES_UINT32]); |
1529 | 0 | params[1].key = UA_QUALIFIEDNAME(0, "max-rejected-listsize"); |
1530 | 0 | UA_Variant_setScalar(¶ms[1].value, &conf->maxRejectedListSize, &UA_TYPES[UA_TYPES_UINT32]); |
1531 | |
|
1532 | 0 | UA_KeyValueMap paramsMap; |
1533 | 0 | paramsMap.map = params; |
1534 | 0 | paramsMap.mapSize = paramsSize; |
1535 | |
|
1536 | 0 | UA_NodeId defaultApplicationGroup = |
1537 | 0 | UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTAPPLICATIONGROUP); |
1538 | 0 | retval = UA_CertificateGroup_Memorystore(&conf->secureChannelPKI, &defaultApplicationGroup, |
1539 | 0 | &list, conf->logging, ¶msMap); |
1540 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1541 | 0 | UA_TrustListDataType_clear(&list); |
1542 | 0 | return retval; |
1543 | 0 | } |
1544 | | |
1545 | 0 | UA_NodeId defaultUserTokenGroup = |
1546 | 0 | UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTUSERTOKENGROUP); |
1547 | 0 | retval = UA_CertificateGroup_Memorystore(&conf->sessionPKI, &defaultUserTokenGroup, |
1548 | 0 | &list, conf->logging, ¶msMap); |
1549 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1550 | 0 | UA_TrustListDataType_clear(&list); |
1551 | 0 | return retval; |
1552 | 0 | } |
1553 | 0 | UA_TrustListDataType_clear(&list); |
1554 | 0 | } else { |
1555 | 0 | UA_LOG_WARNING(conf->logging, UA_LOGCATEGORY_APPLICATION, |
1556 | 0 | "Empty trustlist passed. Leaving the previously " |
1557 | 0 | "configured certificate verification in place"); |
1558 | 0 | } |
1559 | | |
1560 | 0 | retval = UA_ServerConfig_addAllSecureSecurityPolicies(conf, certificate, privateKey); |
1561 | |
|
1562 | 0 | if(retval == UA_STATUSCODE_GOOD) { |
1563 | 0 | retval = UA_AccessControl_default(conf, false, NULL, 0, NULL); |
1564 | 0 | } |
1565 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1566 | 0 | UA_ServerConfig_clear(conf); |
1567 | 0 | return retval; |
1568 | 0 | } |
1569 | | |
1570 | 0 | retval = UA_ServerConfig_addAllSecureEndpoints(conf); |
1571 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1572 | 0 | UA_ServerConfig_clear(conf); |
1573 | 0 | return retval; |
1574 | 0 | } |
1575 | | |
1576 | 0 | return UA_STATUSCODE_GOOD; |
1577 | 0 | } |
1578 | | |
1579 | | #if defined(__linux__) || defined(UA_ARCHITECTURE_WIN32) |
1580 | | |
1581 | | UA_StatusCode |
1582 | | UA_ServerConfig_addSecurityPolicy_Filestore(UA_ServerConfig *config, |
1583 | | UA_SecurityPolicy *innerPolicy, |
1584 | 0 | const UA_String storePath) { |
1585 | | /* Allocate the SecurityPolicies */ |
1586 | 0 | UA_SecurityPolicy *tmp = (UA_SecurityPolicy *) |
1587 | 0 | UA_realloc(config->securityPolicies, |
1588 | 0 | sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize)); |
1589 | 0 | if(!tmp) |
1590 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
1591 | 0 | config->securityPolicies = tmp; |
1592 | |
|
1593 | 0 | UA_StatusCode retval = |
1594 | 0 | UA_SecurityPolicy_Filestore(&config->securityPolicies[config->securityPoliciesSize], |
1595 | 0 | innerPolicy, storePath); |
1596 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1597 | 0 | if(config->securityPoliciesSize == 0) { |
1598 | 0 | UA_free(config->securityPolicies); |
1599 | 0 | config->securityPolicies = NULL; |
1600 | 0 | } |
1601 | 0 | return retval; |
1602 | 0 | } |
1603 | | |
1604 | 0 | config->securityPoliciesSize++; |
1605 | 0 | return UA_STATUSCODE_GOOD; |
1606 | 0 | } |
1607 | | |
1608 | | UA_StatusCode |
1609 | | UA_ServerConfig_addSecurityPolicies_Filestore(UA_ServerConfig *config, |
1610 | | const UA_ByteString *certificate, |
1611 | | const UA_ByteString *privateKey, |
1612 | 0 | const UA_String storePath) { |
1613 | 0 | UA_StatusCode retval = UA_STATUSCODE_GOOD; |
1614 | 0 | UA_Boolean onlySecure = false; |
1615 | 0 | UA_Boolean onlyNone = false; |
1616 | | |
1617 | | /* Populate the SecurityPolicies */ |
1618 | 0 | UA_ByteString localCertificate = UA_BYTESTRING_NULL; |
1619 | 0 | UA_ByteString localPrivateKey = UA_BYTESTRING_NULL; |
1620 | |
|
1621 | 0 | if(certificate) |
1622 | 0 | localCertificate = *certificate; |
1623 | 0 | if(privateKey) |
1624 | 0 | localPrivateKey = *privateKey; |
1625 | |
|
1626 | 0 | if(certificate && privateKey) { |
1627 | 0 | size_t certificateKeyLength = 0; |
1628 | 0 | if(UA_CertificateUtils_getKeySize((UA_ByteString*)(uintptr_t)certificate, |
1629 | 0 | &certificateKeyLength) == UA_STATUSCODE_GOOD && |
1630 | 0 | certificateKeyLength > 2048) |
1631 | 0 | onlySecure = true; |
1632 | 0 | } else { |
1633 | 0 | onlyNone = true; |
1634 | 0 | } |
1635 | | |
1636 | | /* Load the private key and convert to the DER format. Use an empty password |
1637 | | * on the first try -- maybe the key does not require a password. */ |
1638 | 0 | UA_ByteString decryptedPrivateKey = UA_BYTESTRING_NULL; |
1639 | 0 | UA_ByteString keyPassword = UA_BYTESTRING_NULL; |
1640 | 0 | UA_StatusCode keySuccess = UA_STATUSCODE_GOOD; |
1641 | |
|
1642 | 0 | if(privateKey && privateKey->length > 0) |
1643 | 0 | keySuccess = UA_CertificateUtils_decryptPrivateKey(localPrivateKey, keyPassword, |
1644 | 0 | &decryptedPrivateKey); |
1645 | | |
1646 | | /* Get the password and decrypt. An application might want to loop / retry |
1647 | | * here to allow users to correct their entry. */ |
1648 | 0 | if(keySuccess != UA_STATUSCODE_GOOD) { |
1649 | 0 | if(config->privateKeyPasswordCallback) |
1650 | 0 | keySuccess = config->privateKeyPasswordCallback(config, &keyPassword); |
1651 | 0 | else |
1652 | 0 | keySuccess = readPrivateKeyPassword(&keyPassword); |
1653 | 0 | if(keySuccess != UA_STATUSCODE_GOOD) |
1654 | 0 | return keySuccess; |
1655 | 0 | keySuccess = UA_CertificateUtils_decryptPrivateKey(localPrivateKey, keyPassword, |
1656 | 0 | &decryptedPrivateKey); |
1657 | 0 | UA_ByteString_memZero(&keyPassword); |
1658 | 0 | UA_ByteString_clear(&keyPassword); |
1659 | 0 | } |
1660 | 0 | if(keySuccess != UA_STATUSCODE_GOOD) |
1661 | 0 | return keySuccess; |
1662 | | |
1663 | 0 | if(onlyNone) { |
1664 | | /* None */ |
1665 | 0 | UA_SecurityPolicy *nonePolicy = |
1666 | 0 | (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy)); |
1667 | 0 | if(!nonePolicy) { |
1668 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
1669 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
1670 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
1671 | 0 | } |
1672 | 0 | retval = UA_SecurityPolicy_None(nonePolicy, localCertificate, config->logging); |
1673 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1674 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1675 | 0 | "Could not add SecurityPolicy#None with error code %s", |
1676 | 0 | UA_StatusCode_name(retval)); |
1677 | 0 | nonePolicy->clear(nonePolicy); |
1678 | 0 | UA_free(nonePolicy); |
1679 | 0 | nonePolicy = NULL; |
1680 | 0 | } else { |
1681 | 0 | retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, nonePolicy, storePath); |
1682 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1683 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1684 | 0 | "Could not add SecurityPolicy#None with error code %s", |
1685 | 0 | UA_StatusCode_name(retval)); |
1686 | 0 | } |
1687 | 0 | } |
1688 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
1689 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
1690 | 0 | return retval; |
1691 | 0 | } |
1692 | | |
1693 | | /* Basic256Sha256 */ |
1694 | 0 | UA_SecurityPolicy *basic256Sha256Policy = |
1695 | 0 | (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy)); |
1696 | 0 | if(!basic256Sha256Policy) { |
1697 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
1698 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
1699 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
1700 | 0 | } |
1701 | 0 | retval = UA_SecurityPolicy_Basic256Sha256(basic256Sha256Policy, localCertificate, |
1702 | 0 | decryptedPrivateKey, config->logging); |
1703 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1704 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1705 | 0 | "Could not add SecurityPolicy#Basic256Sha256 with error code %s", |
1706 | 0 | UA_StatusCode_name(retval)); |
1707 | 0 | basic256Sha256Policy->clear(basic256Sha256Policy); |
1708 | 0 | UA_free(basic256Sha256Policy); |
1709 | 0 | basic256Sha256Policy = NULL; |
1710 | 0 | } else { |
1711 | 0 | retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, basic256Sha256Policy, storePath); |
1712 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1713 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1714 | 0 | "Could not add SecurityPolicy#Basic256Sha256 with error code %s", |
1715 | 0 | UA_StatusCode_name(retval)); |
1716 | 0 | } |
1717 | 0 | } |
1718 | | |
1719 | | /* Aes256Sha256RsaPss */ |
1720 | 0 | UA_SecurityPolicy *aes256Sha256RsaPssPolicy = |
1721 | 0 | (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy)); |
1722 | 0 | if(!aes256Sha256RsaPssPolicy) { |
1723 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
1724 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
1725 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
1726 | 0 | } |
1727 | 0 | retval = UA_SecurityPolicy_Aes256Sha256RsaPss(aes256Sha256RsaPssPolicy, localCertificate, |
1728 | 0 | decryptedPrivateKey, config->logging); |
1729 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1730 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1731 | 0 | "Could not add SecurityPolicy#Aes256Sha256RsaPss with error code %s", |
1732 | 0 | UA_StatusCode_name(retval)); |
1733 | 0 | aes256Sha256RsaPssPolicy->clear(aes256Sha256RsaPssPolicy); |
1734 | 0 | UA_free(aes256Sha256RsaPssPolicy); |
1735 | 0 | aes256Sha256RsaPssPolicy = NULL; |
1736 | 0 | } else { |
1737 | 0 | retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, aes256Sha256RsaPssPolicy, storePath); |
1738 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1739 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1740 | 0 | "Could not add SecurityPolicy#Aes256Sha256RsaPss with error code %s", |
1741 | 0 | UA_StatusCode_name(retval)); |
1742 | 0 | } |
1743 | 0 | } |
1744 | | |
1745 | | /* Aes128Sha256RsaOaep */ |
1746 | 0 | UA_SecurityPolicy *aes128Sha256RsaOaepPolicy = |
1747 | 0 | (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy)); |
1748 | 0 | if(!aes128Sha256RsaOaepPolicy) { |
1749 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
1750 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
1751 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
1752 | 0 | } |
1753 | 0 | retval = UA_SecurityPolicy_Aes128Sha256RsaOaep(aes128Sha256RsaOaepPolicy, localCertificate, |
1754 | 0 | decryptedPrivateKey, config->logging); |
1755 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1756 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1757 | 0 | "Could not add SecurityPolicy#Aes128Sha256RsaOaep with error code %s", |
1758 | 0 | UA_StatusCode_name(retval)); |
1759 | 0 | aes128Sha256RsaOaepPolicy->clear(aes128Sha256RsaOaepPolicy); |
1760 | 0 | UA_free(aes128Sha256RsaOaepPolicy); |
1761 | 0 | aes128Sha256RsaOaepPolicy = NULL; |
1762 | 0 | } else { |
1763 | 0 | retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, aes128Sha256RsaOaepPolicy, storePath); |
1764 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1765 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1766 | 0 | "Could not add SecurityPolicy#Aes128Sha256RsaOaep with error code %s", |
1767 | 0 | UA_StatusCode_name(retval)); |
1768 | 0 | } |
1769 | 0 | } |
1770 | |
|
1771 | 0 | if(onlySecure) { |
1772 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
1773 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
1774 | 0 | return UA_STATUSCODE_GOOD; |
1775 | 0 | } |
1776 | | |
1777 | | /* None */ |
1778 | 0 | UA_SecurityPolicy *nonePolicy = |
1779 | 0 | (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy)); |
1780 | 0 | if(!nonePolicy) { |
1781 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
1782 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
1783 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
1784 | 0 | } |
1785 | 0 | retval = UA_SecurityPolicy_None(nonePolicy, localCertificate, config->logging); |
1786 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1787 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1788 | 0 | "Could not add SecurityPolicy#None with error code %s", |
1789 | 0 | UA_StatusCode_name(retval)); |
1790 | 0 | nonePolicy->clear(nonePolicy); |
1791 | 0 | UA_free(nonePolicy); |
1792 | 0 | nonePolicy = NULL; |
1793 | 0 | } else { |
1794 | 0 | retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, nonePolicy, storePath); |
1795 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1796 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1797 | 0 | "Could not add SecurityPolicy#None with error code %s", |
1798 | 0 | UA_StatusCode_name(retval)); |
1799 | 0 | } |
1800 | 0 | } |
1801 | | |
1802 | | /* Basic128Rsa15 */ |
1803 | 0 | UA_SecurityPolicy *basic128Rsa15Policy = |
1804 | 0 | (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy)); |
1805 | 0 | if(!basic128Rsa15Policy) { |
1806 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
1807 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
1808 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
1809 | 0 | } |
1810 | 0 | retval = UA_SecurityPolicy_Basic128Rsa15(basic128Rsa15Policy, localCertificate, |
1811 | 0 | decryptedPrivateKey, config->logging); |
1812 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1813 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1814 | 0 | "Could not add SecurityPolicy#Basic128Rsa15 with error code %s", |
1815 | 0 | UA_StatusCode_name(retval)); |
1816 | 0 | basic128Rsa15Policy->clear(basic128Rsa15Policy); |
1817 | 0 | UA_free(basic128Rsa15Policy); |
1818 | 0 | basic128Rsa15Policy = NULL; |
1819 | 0 | } else { |
1820 | 0 | retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, basic128Rsa15Policy, storePath); |
1821 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1822 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1823 | 0 | "Could not add SecurityPolicy#Basic128Rsa15 with error code %s", |
1824 | 0 | UA_StatusCode_name(retval)); |
1825 | 0 | } |
1826 | 0 | } |
1827 | | |
1828 | | /* Basic256 */ |
1829 | 0 | UA_SecurityPolicy *basic256Policy = |
1830 | 0 | (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy)); |
1831 | 0 | if(!basic256Policy) { |
1832 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
1833 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
1834 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
1835 | 0 | } |
1836 | 0 | retval = UA_SecurityPolicy_Basic256(basic256Policy, localCertificate, |
1837 | 0 | decryptedPrivateKey, config->logging); |
1838 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1839 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1840 | 0 | "Could not add SecurityPolicy#Basic256 with error code %s", |
1841 | 0 | UA_StatusCode_name(retval)); |
1842 | 0 | basic256Policy->clear(basic256Policy); |
1843 | 0 | UA_free(basic256Policy); |
1844 | 0 | basic256Policy = NULL; |
1845 | 0 | } else { |
1846 | 0 | retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, basic256Policy, storePath); |
1847 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1848 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1849 | 0 | "Could not add SecurityPolicy#Basic256 with error code %s", |
1850 | 0 | UA_StatusCode_name(retval)); |
1851 | 0 | } |
1852 | 0 | } |
1853 | | |
1854 | | /* EccNistP256AesGcm (OpenSSL-only AEAD policy) */ |
1855 | | #if defined(UA_ENABLE_ENCRYPTION_OPENSSL) |
1856 | | UA_SecurityPolicy *eccnistp256AesGcmPolicy = |
1857 | | (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy)); |
1858 | | if(!eccnistp256AesGcmPolicy) { |
1859 | | UA_ByteString_memZero(&decryptedPrivateKey); |
1860 | | UA_ByteString_clear(&decryptedPrivateKey); |
1861 | | return UA_STATUSCODE_BADOUTOFMEMORY; |
1862 | | } |
1863 | | retval = UA_SecurityPolicy_EccNistP256AesGcm(eccnistp256AesGcmPolicy, |
1864 | | UA_APPLICATIONTYPE_SERVER, |
1865 | | localCertificate, decryptedPrivateKey, |
1866 | | config->logging); |
1867 | | if(retval != UA_STATUSCODE_GOOD) { |
1868 | | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1869 | | "Could not add SecurityPolicy#ECC_nistP256_AesGcm with error code %s", |
1870 | | UA_StatusCode_name(retval)); |
1871 | | eccnistp256AesGcmPolicy->clear(eccnistp256AesGcmPolicy); |
1872 | | UA_free(eccnistp256AesGcmPolicy); |
1873 | | eccnistp256AesGcmPolicy = NULL; |
1874 | | } else { |
1875 | | retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, eccnistp256AesGcmPolicy, storePath); |
1876 | | if(retval != UA_STATUSCODE_GOOD) { |
1877 | | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION, |
1878 | | "Could not add SecurityPolicy#ECC_nistP256_AesGcm with error code %s", |
1879 | | UA_StatusCode_name(retval)); |
1880 | | } |
1881 | | } |
1882 | | #endif |
1883 | | |
1884 | | /* The non-AEAD ECC SecurityPolicies (EccNistP256/P384, |
1885 | | * EccBrainpoolP256r1/P384r1) are deprecated (OPC UA Part 7), superseded by |
1886 | | * their *_AesGcm / *_ChaChaPoly variants. They are not part of the default |
1887 | | * policy set; use the UA_ServerConfig_addSecurityPolicyEcc* functions to add |
1888 | | * them explicitly. */ |
1889 | |
|
1890 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
1891 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
1892 | 0 | return UA_STATUSCODE_GOOD; |
1893 | 0 | } |
1894 | | |
1895 | | UA_EXPORT UA_StatusCode |
1896 | | UA_ServerConfig_setDefaultWithFilestore(UA_ServerConfig *conf, |
1897 | | UA_UInt16 portNumber, |
1898 | | const UA_ByteString *certificate, |
1899 | | const UA_ByteString *privateKey, |
1900 | 0 | const UA_String storePath) { |
1901 | 0 | UA_StatusCode retval = setDefaultConfig(conf, portNumber); |
1902 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
1903 | 0 | return retval; |
1904 | 0 | } |
1905 | | |
1906 | 0 | if(!storePath.data) { |
1907 | 0 | UA_LOG_ERROR(conf->logging, UA_LOGCATEGORY_APPLICATION, |
1908 | 0 | "The path to a PKI folder has not been specified"); |
1909 | 0 | return UA_STATUSCODE_BADINVALIDARGUMENT; |
1910 | 0 | } |
1911 | | |
1912 | | /* Set up the parameters */ |
1913 | 0 | UA_KeyValuePair params[2]; |
1914 | 0 | size_t paramsSize = 2; |
1915 | |
|
1916 | 0 | params[0].key = UA_QUALIFIEDNAME(0, "max-trust-listsize"); |
1917 | 0 | UA_Variant_setScalar(¶ms[0].value, &conf->maxTrustListSize, &UA_TYPES[UA_TYPES_UINT32]); |
1918 | 0 | params[1].key = UA_QUALIFIEDNAME(0, "max-rejected-listsize"); |
1919 | 0 | UA_Variant_setScalar(¶ms[1].value, &conf->maxRejectedListSize, &UA_TYPES[UA_TYPES_UINT32]); |
1920 | |
|
1921 | 0 | UA_KeyValueMap paramsMap; |
1922 | 0 | paramsMap.map = params; |
1923 | 0 | paramsMap.mapSize = paramsSize; |
1924 | |
|
1925 | 0 | UA_NodeId defaultApplicationGroup = |
1926 | 0 | UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTAPPLICATIONGROUP); |
1927 | 0 | retval = UA_CertificateGroup_Filestore(&conf->secureChannelPKI, &defaultApplicationGroup, |
1928 | 0 | storePath, conf->logging, ¶msMap); |
1929 | 0 | if(retval != UA_STATUSCODE_GOOD) |
1930 | 0 | return retval; |
1931 | | |
1932 | 0 | UA_NodeId defaultUserTokenGroup = |
1933 | 0 | UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTUSERTOKENGROUP); |
1934 | 0 | retval = UA_CertificateGroup_Filestore(&conf->sessionPKI, &defaultUserTokenGroup, |
1935 | 0 | storePath, conf->logging, ¶msMap); |
1936 | 0 | if(retval != UA_STATUSCODE_GOOD) |
1937 | 0 | return retval; |
1938 | | |
1939 | 0 | retval = UA_ServerConfig_addSecurityPolicies_Filestore(conf, certificate, privateKey, storePath); |
1940 | |
|
1941 | 0 | if(retval == UA_STATUSCODE_GOOD) { |
1942 | 0 | retval = UA_AccessControl_default(conf, true, NULL, 0, NULL); |
1943 | 0 | } |
1944 | |
|
1945 | 0 | if(retval == UA_STATUSCODE_GOOD) { |
1946 | 0 | retval = UA_ServerConfig_addAllEndpoints(conf); |
1947 | 0 | } |
1948 | |
|
1949 | 0 | return retval; |
1950 | 0 | } |
1951 | | |
1952 | | #endif /* defined(__linux__) || defined(UA_ARCHITECTURE_WIN32) */ |
1953 | | |
1954 | | #endif /* UA_ENABLE_ENCRYPTION */ |
1955 | | |
1956 | | #if defined(UA_ENABLE_DISCOVERY) || defined(UA_ENABLE_AMALGAMATION) |
1957 | | |
1958 | | /***************************/ |
1959 | | /* Default Client Settings */ |
1960 | | /***************************/ |
1961 | | |
1962 | 40 | UA_Client * UA_Client_new(void) { |
1963 | 40 | UA_ClientConfig config; |
1964 | 40 | memset(&config, 0, sizeof(UA_ClientConfig)); |
1965 | | /* Set up basic usable config including logger and event loop */ |
1966 | 40 | UA_StatusCode res = UA_ClientConfig_setDefault(&config); |
1967 | 40 | if(res != UA_STATUSCODE_GOOD) |
1968 | 0 | return NULL; |
1969 | 40 | return UA_Client_newWithConfig(&config); |
1970 | 40 | } |
1971 | | |
1972 | | #if defined(UA_ARCHITECTURE_POSIX) || defined(UA_ARCHITECTURE_WIN32) || defined(UA_ARCHITECTURE_ZEPHYR) |
1973 | | |
1974 | | struct ClientInterruptContext { |
1975 | | UA_Client *client; |
1976 | | UA_Boolean running; |
1977 | | }; |
1978 | | |
1979 | | static void |
1980 | | interruptClient(UA_InterruptManager *im, uintptr_t interruptHandle, |
1981 | 0 | void *context, const UA_KeyValueMap *parameters) { |
1982 | 0 | struct ClientInterruptContext *ic = (struct ClientInterruptContext*)context; |
1983 | 0 | UA_ClientConfig *config = UA_Client_getConfig(ic->client); |
1984 | 0 | UA_LOG_INFO(config->logging, UA_LOGCATEGORY_APPLICATION, "Stopping the client"); |
1985 | 0 | ic->running = false; |
1986 | 0 | } |
1987 | | |
1988 | | UA_StatusCode |
1989 | 0 | UA_Client_runUntilInterrupt(UA_Client *client) { |
1990 | 0 | if(!client) |
1991 | 0 | return UA_STATUSCODE_BADINTERNALERROR; |
1992 | 0 | UA_ClientConfig *config = UA_Client_getConfig(client); |
1993 | 0 | UA_EventLoop *el = config->eventLoop; |
1994 | 0 | if(!el) |
1995 | 0 | return UA_STATUSCODE_BADINTERNALERROR; |
1996 | | |
1997 | | /* Get the interrupt manager */ |
1998 | 0 | UA_EventSource *es = el->eventSources; |
1999 | 0 | while(es) { |
2000 | 0 | if(es->eventSourceType == UA_EVENTSOURCETYPE_INTERRUPTMANAGER) |
2001 | 0 | break; |
2002 | 0 | es = es->next; |
2003 | 0 | } |
2004 | 0 | if(!es) { |
2005 | 0 | UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION, |
2006 | 0 | "No Interrupt EventSource configured"); |
2007 | 0 | return UA_STATUSCODE_BADINTERNALERROR; |
2008 | 0 | } |
2009 | 0 | UA_InterruptManager *im = (UA_InterruptManager*)es; |
2010 | | |
2011 | | /* Register the interrupt */ |
2012 | 0 | struct ClientInterruptContext ic; |
2013 | 0 | ic.client = client; |
2014 | 0 | ic.running = true; |
2015 | 0 | UA_StatusCode res = |
2016 | 0 | im->registerInterrupt(im, SIGINT, &UA_KEYVALUEMAP_NULL, |
2017 | 0 | interruptClient, &ic); |
2018 | 0 | if(res != UA_STATUSCODE_GOOD) { |
2019 | 0 | UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION, |
2020 | 0 | "Could not register the interrupt with status code %s", |
2021 | 0 | UA_StatusCode_name(res)); |
2022 | 0 | return res; |
2023 | 0 | } |
2024 | | |
2025 | | /* Run the client */ |
2026 | 0 | while(ic.running) { |
2027 | 0 | res = UA_Client_run_iterate(client, 100); |
2028 | 0 | if(res != UA_STATUSCODE_GOOD) |
2029 | 0 | break; |
2030 | 0 | } |
2031 | | |
2032 | | /* Deregister the interrupt */ |
2033 | 0 | im->deregisterInterrupt(im, SIGINT); |
2034 | 0 | return res; |
2035 | 0 | } |
2036 | | |
2037 | | #endif /* defined(UA_ARCHITECTURE_POSIX) || defined(UA_ARCHITECTURE_WIN32) */ |
2038 | | |
2039 | | UA_StatusCode |
2040 | 40 | UA_ClientConfig_setDefault(UA_ClientConfig *config) { |
2041 | | /* The following fields are untouched and OK to leave as NULL or 0: |
2042 | | * clientContext |
2043 | | * userIdentityToken |
2044 | | * securityMode |
2045 | | * securityPolicyUri |
2046 | | * endpoint |
2047 | | * userTokenPolicy |
2048 | | * customDataTypes |
2049 | | * connectivityCheckInterval |
2050 | | * stateCallback |
2051 | | * inactivityCallback |
2052 | | * outStandingPublishRequests |
2053 | | * subscriptionInactivityCallback |
2054 | | * sessionLocaleIds |
2055 | | * sessionLocaleIdsSize */ |
2056 | | |
2057 | 40 | if(config->timeout == 0) |
2058 | 40 | config->timeout = 5 * 1000; /* 5 seconds */ |
2059 | 40 | if(config->secureChannelLifeTime == 0) |
2060 | 40 | config->secureChannelLifeTime = 10 * 60 * 1000; /* 10 minutes */ |
2061 | | |
2062 | 40 | if(config->logging == NULL) |
2063 | 40 | config->logging = UA_Log_Stdout_new(UA_LOGLEVEL_INFO); |
2064 | | |
2065 | | /* EventLoop */ |
2066 | 40 | if(config->eventLoop == NULL) { |
2067 | | #if defined(UA_ARCHITECTURE_ZEPHYR) |
2068 | | config->eventLoop = UA_EventLoop_new_Zephyr(config->logging); |
2069 | | #elif defined(UA_ARCHITECTURE_LWIP) |
2070 | | config->eventLoop = UA_EventLoop_new_LWIP(config->logging, NULL); |
2071 | | #else |
2072 | 40 | config->eventLoop = UA_EventLoop_new_POSIX(config->logging); |
2073 | 40 | #endif |
2074 | 40 | config->externalEventLoop = false; |
2075 | | |
2076 | | /* Add the TCP connection manager */ |
2077 | | #if defined(UA_ARCHITECTURE_ZEPHYR) |
2078 | | UA_ConnectionManager *tcpCM = |
2079 | | UA_ConnectionManager_new_Zephyr_TCP(UA_STRING("tcp connection manager")); |
2080 | | #elif defined(UA_ARCHITECTURE_LWIP) |
2081 | | UA_ConnectionManager *tcpCM = |
2082 | | UA_ConnectionManager_new_LWIP_TCP(UA_STRING("tcp connection manager")); |
2083 | | #else |
2084 | 40 | UA_ConnectionManager *tcpCM = |
2085 | 40 | UA_ConnectionManager_new_POSIX_TCP(UA_STRING("tcp connection manager")); |
2086 | 40 | #endif |
2087 | 40 | config->eventLoop->registerEventSource(config->eventLoop, (UA_EventSource *)tcpCM); |
2088 | | |
2089 | | #if defined(UA_ARCHITECTURE_LWIP) |
2090 | | UA_ConnectionManager *udpCM = |
2091 | | UA_ConnectionManager_new_LWIP_UDP(UA_STRING("udp connection manager")); |
2092 | | if(udpCM) |
2093 | | config->eventLoop->registerEventSource(config->eventLoop, (UA_EventSource *)udpCM); |
2094 | | #elif !defined(UA_ARCHITECTURE_ZEPHYR) |
2095 | | /* Add the UDP connection manager */ |
2096 | 40 | UA_ConnectionManager *udpCM = |
2097 | 40 | UA_ConnectionManager_new_POSIX_UDP(UA_STRING("udp connection manager")); |
2098 | 40 | config->eventLoop->registerEventSource(config->eventLoop, (UA_EventSource *)udpCM); |
2099 | 40 | #endif |
2100 | | |
2101 | 40 | #if !defined(UA_ARCHITECTURE_ZEPHYR) && !defined(UA_ARCHITECTURE_LWIP) |
2102 | | /* Add the interrupt manager */ |
2103 | 40 | UA_InterruptManager *im = UA_InterruptManager_new_POSIX(UA_STRING("interrupt manager")); |
2104 | 40 | if(im) { |
2105 | 40 | config->eventLoop->registerEventSource(config->eventLoop, &im->eventSource); |
2106 | 40 | } else { |
2107 | 0 | UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION, |
2108 | 0 | "Cannot create the Interrupt Manager (only relevant if used)"); |
2109 | 0 | } |
2110 | 40 | #endif |
2111 | 40 | } |
2112 | | |
2113 | 40 | if(config->localConnectionConfig.recvBufferSize == 0) |
2114 | 40 | config->localConnectionConfig = UA_ConnectionConfig_default; |
2115 | | |
2116 | 40 | if(!config->certificateVerification.logging) { |
2117 | 40 | config->certificateVerification.logging = config->logging; |
2118 | 40 | } |
2119 | | |
2120 | 40 | #ifdef UA_ENABLE_ENCRYPTION |
2121 | | /* Limits for TrustList */ |
2122 | 40 | config->maxTrustListSize = 0; |
2123 | 40 | config->maxRejectedListSize = 0; |
2124 | 40 | #endif |
2125 | | |
2126 | 40 | if(!config->certificateVerification.verifyCertificate) { |
2127 | | /* Certificate Verification that accepts every certificate. Can be |
2128 | | * overwritten when the policy is specialized. */ |
2129 | 40 | UA_CertificateGroup_AcceptAll(&config->certificateVerification); |
2130 | 40 | } |
2131 | | |
2132 | | /* With encryption enabled, the applicationUri needs to match the URI from |
2133 | | * the certificate */ |
2134 | 40 | if(!config->clientDescription.applicationUri.data) |
2135 | 40 | config->clientDescription.applicationUri = UA_STRING_ALLOC(APPLICATION_URI); |
2136 | 40 | if(config->clientDescription.applicationType == 0) |
2137 | 40 | config->clientDescription.applicationType = UA_APPLICATIONTYPE_CLIENT; |
2138 | | |
2139 | 40 | if(config->securityPoliciesSize == 0) { |
2140 | 40 | config->securityPolicies = (UA_SecurityPolicy*)UA_malloc(sizeof(UA_SecurityPolicy)); |
2141 | 40 | if(!config->securityPolicies) |
2142 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
2143 | 40 | UA_StatusCode retval = UA_SecurityPolicy_None(config->securityPolicies, |
2144 | 40 | UA_BYTESTRING_NULL, config->logging); |
2145 | 40 | if(retval != UA_STATUSCODE_GOOD) { |
2146 | 0 | UA_free(config->securityPolicies); |
2147 | 0 | config->securityPolicies = NULL; |
2148 | 0 | return retval; |
2149 | 0 | } |
2150 | 40 | config->securityPoliciesSize = 1; |
2151 | 40 | } |
2152 | | |
2153 | 40 | if(config->requestedSessionTimeout == 0) |
2154 | 40 | config->requestedSessionTimeout = 1200000; |
2155 | | |
2156 | 40 | #ifdef UA_ENABLE_SUBSCRIPTIONS |
2157 | 40 | if(config->outStandingPublishRequests == 0) |
2158 | 40 | config->outStandingPublishRequests = 10; |
2159 | 40 | #endif |
2160 | | |
2161 | 40 | return UA_STATUSCODE_GOOD; |
2162 | 40 | } |
2163 | | |
2164 | | #ifdef UA_ENABLE_ENCRYPTION |
2165 | | |
2166 | | static UA_StatusCode |
2167 | | clientConfig_setAuthenticationSecurityPolicies(UA_ClientConfig *config, |
2168 | | UA_ByteString certificateAuth, |
2169 | 0 | UA_ByteString privateKeyAuth) { |
2170 | 0 | for(size_t i = 0; i < config->authSecurityPoliciesSize; i++) { |
2171 | 0 | config->authSecurityPolicies[i].clear(&config->authSecurityPolicies[i]); |
2172 | 0 | } |
2173 | |
|
2174 | 0 | UA_SecurityPolicy *sp = (UA_SecurityPolicy*) |
2175 | 0 | UA_realloc(config->authSecurityPolicies, sizeof(UA_SecurityPolicy) * SECURITY_POLICY_SIZE); |
2176 | 0 | if(!sp) |
2177 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
2178 | 0 | config->authSecurityPolicies = sp; |
2179 | 0 | config->authSecurityPoliciesSize = 0; |
2180 | |
|
2181 | 0 | addAllSecurityPolicies(sp, &config->authSecurityPoliciesSize, |
2182 | 0 | certificateAuth, privateKeyAuth, false, |
2183 | 0 | UA_APPLICATIONTYPE_CLIENT, config->logging); |
2184 | |
|
2185 | 0 | if(config->authSecurityPoliciesSize == 0) { |
2186 | 0 | UA_free(config->authSecurityPolicies); |
2187 | 0 | config->authSecurityPolicies = NULL; |
2188 | 0 | } |
2189 | |
|
2190 | 0 | return UA_STATUSCODE_GOOD; |
2191 | 0 | } |
2192 | | |
2193 | | static UA_StatusCode |
2194 | | clientConfig_setSecurityPolicies(UA_ClientConfig *config, |
2195 | | UA_ByteString certificateAuth, |
2196 | 0 | UA_ByteString privateKeyAuth) { |
2197 | 0 | for(size_t i = 0; i < config->securityPoliciesSize; i++) { |
2198 | 0 | config->securityPolicies[i].clear(&config->securityPolicies[i]); |
2199 | 0 | } |
2200 | |
|
2201 | 0 | UA_SecurityPolicy *sp = (UA_SecurityPolicy*) |
2202 | 0 | UA_realloc(config->securityPolicies, |
2203 | 0 | sizeof(UA_SecurityPolicy) * SECURITY_POLICY_SIZE); |
2204 | 0 | if(!sp) |
2205 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
2206 | 0 | config->securityPolicies = sp; |
2207 | 0 | config->securityPoliciesSize = 0; |
2208 | |
|
2209 | 0 | addAllSecurityPolicies(sp, &config->securityPoliciesSize, |
2210 | 0 | certificateAuth, privateKeyAuth, false, |
2211 | 0 | UA_APPLICATIONTYPE_CLIENT, config->logging); |
2212 | |
|
2213 | 0 | if(config->securityPoliciesSize == 0) { |
2214 | 0 | UA_free(config->securityPolicies); |
2215 | 0 | config->securityPolicies = NULL; |
2216 | 0 | } |
2217 | |
|
2218 | 0 | return UA_STATUSCODE_GOOD; |
2219 | 0 | } |
2220 | | |
2221 | | UA_StatusCode |
2222 | | UA_ClientConfig_setDefaultEncryption(UA_ClientConfig *config, |
2223 | | UA_ByteString localCertificate, UA_ByteString privateKey, |
2224 | | const UA_ByteString *trustList, size_t trustListSize, |
2225 | 0 | const UA_ByteString *revocationList, size_t revocationListSize) { |
2226 | 0 | UA_StatusCode retval = UA_ClientConfig_setDefault(config); |
2227 | 0 | if(retval != UA_STATUSCODE_GOOD) |
2228 | 0 | return retval; |
2229 | | |
2230 | 0 | if(trustListSize > 0) { |
2231 | 0 | UA_TrustListDataType list; |
2232 | 0 | UA_TrustListDataType_init(&list); |
2233 | 0 | list.specifiedLists |= UA_TRUSTLISTMASKS_TRUSTEDCERTIFICATES; |
2234 | 0 | retval = UA_Array_copy(trustList, trustListSize, |
2235 | 0 | (void**)&list.trustedCertificates, |
2236 | 0 | &UA_TYPES[UA_TYPES_BYTESTRING]); |
2237 | 0 | if(retval != UA_STATUSCODE_GOOD) |
2238 | 0 | return retval; |
2239 | 0 | list.trustedCertificatesSize = trustListSize; |
2240 | |
|
2241 | 0 | if(revocationListSize > 0) { |
2242 | 0 | list.specifiedLists |= UA_TRUSTLISTMASKS_TRUSTEDCRLS; |
2243 | 0 | retval = UA_Array_copy(revocationList, revocationListSize, |
2244 | 0 | (void**)&list.trustedCrls, |
2245 | 0 | &UA_TYPES[UA_TYPES_BYTESTRING]); |
2246 | 0 | if(retval != UA_STATUSCODE_GOOD) { |
2247 | 0 | UA_TrustListDataType_clear(&list); |
2248 | 0 | return retval; |
2249 | 0 | } |
2250 | 0 | list.trustedCrlsSize = revocationListSize; |
2251 | 0 | } |
2252 | | |
2253 | | /* Set up the parameters */ |
2254 | 0 | UA_KeyValuePair params[2]; |
2255 | 0 | size_t paramsSize = 2; |
2256 | |
|
2257 | 0 | params[0].key = UA_QUALIFIEDNAME(0, "max-trust-listsize"); |
2258 | 0 | UA_Variant_setScalar(¶ms[0].value, &config->maxTrustListSize, |
2259 | 0 | &UA_TYPES[UA_TYPES_UINT32]); |
2260 | 0 | params[1].key = UA_QUALIFIEDNAME(0, "max-rejected-listsize"); |
2261 | 0 | UA_Variant_setScalar(¶ms[1].value, &config->maxRejectedListSize, |
2262 | 0 | &UA_TYPES[UA_TYPES_UINT32]); |
2263 | |
|
2264 | 0 | UA_KeyValueMap paramsMap; |
2265 | 0 | paramsMap.map = params; |
2266 | 0 | paramsMap.mapSize = paramsSize; |
2267 | |
|
2268 | 0 | if(config->certificateVerification.clear) |
2269 | 0 | config->certificateVerification.clear(&config->certificateVerification); |
2270 | 0 | UA_NodeId defaultApplicationGroup = |
2271 | 0 | UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTAPPLICATIONGROUP); |
2272 | 0 | retval = UA_CertificateGroup_Memorystore(&config->certificateVerification, |
2273 | 0 | &defaultApplicationGroup, &list, |
2274 | 0 | config->logging, ¶msMap); |
2275 | 0 | UA_TrustListDataType_clear(&list); |
2276 | 0 | if(retval != UA_STATUSCODE_GOOD) |
2277 | 0 | return retval; |
2278 | 0 | } else { |
2279 | 0 | UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_SECURITYPOLICY, |
2280 | 0 | "Empty trustlist passed. Leaving the previously " |
2281 | 0 | "configured certificate verification in place"); |
2282 | 0 | } |
2283 | | |
2284 | | /* Load the private key and convert to the DER format. Use an empty password |
2285 | | * on the first try -- maybe the key does not require a password. */ |
2286 | 0 | UA_ByteString decryptedPrivateKey = UA_BYTESTRING_NULL; |
2287 | 0 | UA_ByteString keyPassword = UA_BYTESTRING_NULL; |
2288 | 0 | UA_StatusCode keySuccess = UA_STATUSCODE_GOOD; |
2289 | |
|
2290 | 0 | if(privateKey.length > 0) |
2291 | 0 | keySuccess = UA_CertificateUtils_decryptPrivateKey(privateKey, keyPassword, |
2292 | 0 | &decryptedPrivateKey); |
2293 | | |
2294 | | /* Get the password and decrypt. An application might want to loop / retry |
2295 | | * here to allow users to correct their entry. */ |
2296 | 0 | if(keySuccess != UA_STATUSCODE_GOOD) { |
2297 | 0 | if(config->privateKeyPasswordCallback) |
2298 | 0 | keySuccess = config->privateKeyPasswordCallback(config, &keyPassword); |
2299 | 0 | else |
2300 | 0 | keySuccess = readPrivateKeyPassword(&keyPassword); |
2301 | 0 | if(keySuccess != UA_STATUSCODE_GOOD) |
2302 | 0 | return keySuccess; |
2303 | 0 | keySuccess = UA_CertificateUtils_decryptPrivateKey(privateKey, keyPassword, &decryptedPrivateKey); |
2304 | 0 | UA_ByteString_memZero(&keyPassword); |
2305 | 0 | UA_ByteString_clear(&keyPassword); |
2306 | 0 | } |
2307 | 0 | if(keySuccess != UA_STATUSCODE_GOOD) |
2308 | 0 | return keySuccess; |
2309 | | |
2310 | 0 | clientConfig_setSecurityPolicies(config, localCertificate, decryptedPrivateKey); |
2311 | 0 | clientConfig_setAuthenticationSecurityPolicies(config, localCertificate, decryptedPrivateKey); |
2312 | |
|
2313 | 0 | UA_ByteString_memZero(&decryptedPrivateKey); |
2314 | 0 | UA_ByteString_clear(&decryptedPrivateKey); |
2315 | |
|
2316 | 0 | return UA_STATUSCODE_GOOD; |
2317 | 0 | } |
2318 | | #endif |
2319 | | |
2320 | | #if defined(UA_ENABLE_ENCRYPTION_OPENSSL) || defined(UA_ENABLE_ENCRYPTION_MBEDTLS) |
2321 | | UA_StatusCode |
2322 | | UA_ClientConfig_setAuthenticationCert(UA_ClientConfig *config, |
2323 | | UA_ByteString certificateAuth, |
2324 | 0 | UA_ByteString privateKeyAuth) { |
2325 | | #ifdef UA_ENABLE_ENCRYPTION_LIBRESSL |
2326 | | UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION, |
2327 | | "Certificate authentication with LibreSSL as crypto backend is not supported."); |
2328 | | return UA_STATUSCODE_BADNOTIMPLEMENTED; |
2329 | | #endif |
2330 | | |
2331 | | /* Create UserIdentityToken */ |
2332 | 0 | UA_X509IdentityToken* identityToken = UA_X509IdentityToken_new(); |
2333 | 0 | if(!identityToken) |
2334 | 0 | return UA_STATUSCODE_BADOUTOFMEMORY; |
2335 | | /* Don't set identityToken->policyId. This is taken from the appropriate |
2336 | | * endpoint at runtime. */ |
2337 | 0 | UA_StatusCode retval = UA_ByteString_copy(&certificateAuth, &identityToken->certificateData); |
2338 | 0 | if(retval != UA_STATUSCODE_GOOD) |
2339 | 0 | return retval; |
2340 | 0 | UA_ExtensionObject_clear(&config->userIdentityToken); |
2341 | 0 | config->userIdentityToken.encoding = UA_EXTENSIONOBJECT_DECODED; |
2342 | 0 | config->userIdentityToken.content.decoded.type = &UA_TYPES[UA_TYPES_X509IDENTITYTOKEN]; |
2343 | 0 | config->userIdentityToken.content.decoded.data = identityToken; |
2344 | | |
2345 | | /* Populate SecurityPolicies */ |
2346 | 0 | return clientConfig_setAuthenticationSecurityPolicies(config, certificateAuth, privateKeyAuth); |
2347 | 0 | } |
2348 | | #endif |
2349 | | |
2350 | | #endif /* UA_ENABLE_DISCOVERY OR UA_ENABLE_AMALGAMATION*/ |