Coverage Report

Created: 2026-06-30 06:45

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/open62541_15/plugins/ua_config_default.c
Line
Count
Source
1
/* This work is licensed under a Creative Commons CCZero 1.0 Universal License.
2
 * See http://creativecommons.org/publicdomain/zero/1.0/ for more information.
3
 *
4
 *    Copyright 2017 (c) Fraunhofer IOSB (Author: Julius Pfrommer)
5
 *    Copyright 2017 (c) Julian Grothoff
6
 *    Copyright 2017-2018 (c) Mark Giraud, Fraunhofer IOSB
7
 *    Copyright 2017 (c) Stefan Profanter, fortiss GmbH
8
 *    Copyright 2017 (c) Thomas Stalder, Blue Time Concept SA
9
 *    Copyright 2018 (c) Daniel Feist, Precitec GmbH & Co. KG
10
 *    Copyright 2018 (c) Fabian Arndt, Root-Core
11
 *    Copyright 2019 (c) Kalycito Infotech Private Limited
12
 *    Copyright 2017-2020 (c) HMS Industrial Networks AB (Author: Jonas Green)
13
 *    Copyright 2020 (c) Wind River Systems, Inc.
14
 *    Copyright 2024 (c) Siemens AG (Authors: Tin Raic, Thomas Zeschg)
15
 *    Copyright 2026 (c) o6 Automation GmbH (Author: Andreas Ebner)
16
 */
17
18
#include <open62541/plugin/accesscontrol_default.h>
19
#include <open62541/plugin/nodestore_default.h>
20
#include <open62541/plugin/log_stdout.h>
21
#include <open62541/plugin/certificategroup_default.h>
22
#include <open62541/plugin/securitypolicy_default.h>
23
#include <open62541/server_config_default.h>
24
#if defined(UA_ENABLE_DISCOVERY) || defined(UA_ENABLE_AMALGAMATION)
25
#include <open62541/client.h>
26
#include <open62541/client_config_default.h>
27
#endif
28
29
#include "../deps/mp_printf.h"
30
31
#if defined(UA_ENABLE_ENCRYPTION_MBEDTLS)
32
#include <mbedtls/version.h>
33
#endif
34
35
#include <stdio.h>
36
#ifdef UA_ARCHITECTURE_WIN32
37
# include <winsock2.h>
38
#else
39
# include <unistd.h>
40
#endif
41
42
/* Struct initialization works across ANSI C/C99/C++ if it is done when the
43
 * variable is first declared. Assigning values to existing structs is
44
 * heterogeneous across the three. */
45
static UA_INLINE UA_UInt32Range
46
43.4k
UA_UINT32RANGE(UA_UInt32 min, UA_UInt32 max) {
47
43.4k
    UA_UInt32Range range = {min, max};
48
43.4k
    return range;
49
43.4k
}
50
51
static UA_INLINE UA_DurationRange
52
28.9k
UA_DURATIONRANGE(UA_Duration min, UA_Duration max) {
53
28.9k
    UA_DurationRange range = {min, max};
54
28.9k
    return range;
55
28.9k
}
56
57
/* Request the private key password from stdin if no callback is defined */
58
#ifdef UA_ENABLE_ENCRYPTION
59
static UA_StatusCode
60
0
readPrivateKeyPassword(UA_ByteString *password) {
61
    /* Read from stdin */
62
0
    char buf[256];
63
0
    fputs("Private key requires a password. Enter and press return: ", stdout);
64
0
    char *s = fgets(buf, 256, stdin);
65
0
    if(!s)
66
0
        return UA_STATUSCODE_BADINTERNALERROR;
67
68
    /* Get rid of any trailing \n */
69
0
    size_t len = strlen(buf);
70
0
    if(len == 0)
71
0
        return UA_STATUSCODE_BADINTERNALERROR;
72
0
    if(buf[len-1] == '\n')
73
0
        buf[len-1] = 0;
74
75
0
    *password = UA_BYTESTRING_ALLOC(buf);
76
0
    return UA_STATUSCODE_GOOD;
77
0
}
78
#endif
79
80
UA_Server *
81
0
UA_Server_new(void) {
82
0
    UA_ServerConfig config;
83
0
    memset(&config, 0, sizeof(UA_ServerConfig));
84
0
    UA_StatusCode res = UA_ServerConfig_setDefault(&config);
85
0
    if(res != UA_STATUSCODE_GOOD)
86
0
        return NULL;
87
0
    return UA_Server_newWithConfig(&config);
88
0
}
89
90
#if defined(UA_ARCHITECTURE_POSIX) || defined(UA_ARCHITECTURE_WIN32) || defined(UA_ARCHITECTURE_ZEPHYR)
91
/* Required for the definition of SIGINT */
92
#include <signal.h>
93
94
struct InterruptContext {
95
    UA_Server *server;
96
    UA_Boolean running;
97
};
98
99
static void
100
0
shutdownServer(UA_Server *server, void *context) {
101
0
    struct InterruptContext *ic = (struct InterruptContext*)context;
102
0
    UA_ServerConfig *config = UA_Server_getConfig(ic->server);
103
0
    UA_LOG_INFO(config->logging, UA_LOGCATEGORY_APPLICATION,
104
0
                "Stopping the server");
105
0
    ic->running = false;
106
0
}
107
108
static void
109
interruptServer(UA_InterruptManager *im, uintptr_t interruptHandle,
110
0
                void *context, const UA_KeyValueMap *parameters) {
111
0
    struct InterruptContext *ic = (struct InterruptContext*)context;
112
0
    UA_ServerConfig *config = UA_Server_getConfig(ic->server);
113
114
0
    if(config->shutdownDelay <= 0.0) {
115
0
        UA_LOG_INFO(config->logging, UA_LOGCATEGORY_APPLICATION,
116
0
                    "Received SIGINT interrupt. Stopping the server.");
117
0
        ic->running = false;
118
0
        return;
119
0
    }
120
121
0
    UA_LOG_INFO(config->logging, UA_LOGCATEGORY_APPLICATION,
122
0
                "Received SIGINT interrupt. Stopping the server in %.2fs.",
123
0
                config->shutdownDelay / 1000.0);
124
125
0
    UA_UInt32 secondsTillShutdown = (UA_UInt32)(config->shutdownDelay / 1000.0);
126
0
    UA_Variant val;
127
0
    UA_Variant_setScalar(&val, &secondsTillShutdown, &UA_TYPES[UA_TYPES_UINT32]);
128
0
    UA_Server_writeValue(ic->server, UA_NS0ID(SERVER_SERVERSTATUS_SECONDSTILLSHUTDOWN), val);
129
0
    UA_Server_addTimedCallback(ic->server, shutdownServer, ic, UA_DateTime_nowMonotonic() +
130
0
                               (UA_DateTime)(config->shutdownDelay * UA_DATETIME_MSEC), NULL);
131
132
    /* Notify the application that the server is stopping */
133
0
    if(config->notifyLifecycleState)
134
0
        config->notifyLifecycleState(ic->server, UA_LIFECYCLESTATE_STOPPING);
135
0
}
136
137
UA_StatusCode
138
0
UA_Server_runUntilInterrupt(UA_Server *server) {
139
0
    if(!server)
140
0
        return UA_STATUSCODE_BADINTERNALERROR;
141
0
    UA_ServerConfig *config = UA_Server_getConfig(server);
142
0
    UA_EventLoop *el = config->eventLoop;
143
0
    if(!el)
144
0
        return UA_STATUSCODE_BADINTERNALERROR;
145
146
    /* Get the interrupt manager */
147
0
    UA_EventSource *es = el->eventSources;
148
0
    while(es) {
149
0
        if(es->eventSourceType == UA_EVENTSOURCETYPE_INTERRUPTMANAGER)
150
0
            break;
151
0
        es = es->next;
152
0
    }
153
0
    if(!es) {
154
0
        UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION,
155
0
                       "No Interrupt EventSource configured");
156
0
        return UA_STATUSCODE_BADINTERNALERROR;
157
0
    }
158
0
    UA_InterruptManager *im = (UA_InterruptManager*)es;
159
160
    /* Register the interrupt */
161
0
    struct InterruptContext ic;
162
0
    ic.server = server;
163
0
    ic.running = true;
164
0
    UA_StatusCode retval =
165
0
        im->registerInterrupt(im, SIGINT, &UA_KEYVALUEMAP_NULL,
166
0
                              interruptServer, &ic);
167
0
    if(retval != UA_STATUSCODE_GOOD) {
168
0
        UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION,
169
0
                     "Could not register the interrupt with status code %s",
170
0
                     UA_StatusCode_name(retval));
171
0
        return retval;
172
0
    }
173
174
    /* Run the server */
175
0
    retval = UA_Server_run_startup(server);
176
0
    if(retval != UA_STATUSCODE_GOOD)
177
0
        goto deregister_interrupt;
178
0
    while(ic.running) {
179
0
        UA_Server_run_iterate(server, true);
180
0
    }
181
182
    /* Shut down the server */
183
0
    retval = UA_Server_run_shutdown(server);
184
185
    /* Deregister the interrupt */
186
0
 deregister_interrupt:
187
0
    im->deregisterInterrupt(im, SIGINT);
188
0
    return retval;
189
0
}
190
191
#endif /* defined(UA_ARCHITECTURE_POSIX) || defined(UA_ARCHITECTURE_WIN32) */
192
193
/*******************************/
194
/* Default Connection Settings */
195
/*******************************/
196
197
const UA_ConnectionConfig UA_ConnectionConfig_default = {
198
    0,       /* .protocolVersion */
199
    1 << 16, /* .sendBufferSize, 64k per chunk */
200
    1 << 16, /* .recvBufferSize, 64k per chunk */
201
    1 << 29, /* .localMaxMessageSize, 512 MB */
202
    1 << 29, /* .remoteMaxMessageSize, 512 MB */
203
    1 << 14, /* .localMaxChunkCount, 16k */
204
    1 << 14  /* .remoteMaxChunkCount, 16k */
205
};
206
207
/***************************/
208
/* Default Server Settings */
209
/***************************/
210
211
#define MANUFACTURER_NAME "open62541"
212
#define PRODUCT_NAME "open62541 OPC UA Server"
213
#define PRODUCT_URI "http://open62541.org"
214
14.4k
#define APPLICATION_NAME "open62541-based OPC UA Application"
215
#define APPLICATION_URI "urn:open62541.unconfigured.application"
216
217
/* Upper bound */
218
#define SECURITY_POLICY_SIZE 14
219
220
#define STRINGIFY(arg) #arg
221
#define VERSION(MAJOR, MINOR, PATCH, LABEL) \
222
    STRINGIFY(MAJOR) "." STRINGIFY(MINOR) "." STRINGIFY(PATCH) LABEL
223
224
static UA_StatusCode
225
addEndpoint(UA_ServerConfig *conf,
226
            const UA_SecurityPolicy *securityPolicy,
227
14.4k
            UA_MessageSecurityMode securityMode) {
228
    /* Test if the endpoint already exists */
229
14.4k
    for(size_t i = 0; i < conf->endpointsSize; i++) {
230
0
        UA_EndpointDescription *ep = &conf->endpoints[i];
231
0
        if(!UA_String_equal(&securityPolicy->policyUri, &ep->securityPolicyUri))
232
0
            continue;
233
0
        if(ep->securityMode != securityMode)
234
0
            continue;
235
0
        return UA_STATUSCODE_GOOD;
236
0
    }
237
238
    /* Reallocate the array size */
239
14.4k
    UA_EndpointDescription *tmp = (UA_EndpointDescription *)
240
14.4k
        UA_realloc(conf->endpoints,
241
14.4k
                   sizeof(UA_EndpointDescription) * (1 + conf->endpointsSize));
242
14.4k
    if(!tmp)
243
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
244
14.4k
    conf->endpoints = tmp;
245
246
    /* The following fields are overwritten internally with up-to-date
247
     * information from the server config:
248
     *
249
     * UserTokenPolicies
250
     * ApplicationDescription (server)
251
     * ServerCertificate
252
     * EndpointURL */
253
14.4k
    UA_EndpointDescription *endpoint = &conf->endpoints[conf->endpointsSize];
254
14.4k
    UA_EndpointDescription_init(endpoint);
255
14.4k
    endpoint->transportProfileUri =
256
14.4k
        UA_STRING_ALLOC("http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary");
257
14.4k
    endpoint->securityMode = securityMode;
258
14.4k
    endpoint->securityLevel = securityPolicy->securityLevel;
259
260
14.4k
    UA_StatusCode retval = UA_String_copy(&securityPolicy->policyUri,
261
14.4k
                                          &endpoint->securityPolicyUri);
262
263
14.4k
    if(retval == UA_STATUSCODE_GOOD) {
264
14.4k
        conf->endpointsSize++;
265
14.4k
    } else {
266
0
        UA_EndpointDescription_clear(endpoint);
267
0
        if(conf->endpointsSize == 0) {
268
0
            UA_free(conf->endpoints);
269
0
            conf->endpoints = NULL;
270
0
        }
271
0
    }
272
273
14.4k
    return retval;
274
14.4k
}
275
276
static UA_StatusCode
277
14.4k
setDefaultConfig(UA_ServerConfig *conf, UA_UInt16 portNumber) {
278
14.4k
    if(!conf)
279
0
        return UA_STATUSCODE_BADINVALIDARGUMENT;
280
281
    /* NodeStore */
282
14.4k
    if(!conf->nodestore)
283
14.4k
        conf->nodestore = UA_Nodestore_ZipTree();
284
285
    /* Logging */
286
14.4k
    if(conf->logging == NULL)
287
14.4k
        conf->logging = UA_Log_Stdout_new(UA_LOGLEVEL_INFO);
288
289
    /* EventLoop */
290
14.4k
    if(conf->eventLoop == NULL) {
291
#if defined(UA_ARCHITECTURE_ZEPHYR)
292
        conf->eventLoop = UA_EventLoop_new_Zephyr(conf->logging);
293
#elif defined(UA_ARCHITECTURE_LWIP)
294
        conf->eventLoop = UA_EventLoop_new_LWIP(conf->logging, NULL);
295
#else
296
14.4k
        conf->eventLoop = UA_EventLoop_new_POSIX(conf->logging);
297
14.4k
#endif
298
14.4k
        if(conf->eventLoop == NULL)
299
0
            return UA_STATUSCODE_BADOUTOFMEMORY;
300
301
14.4k
        conf->externalEventLoop = false;
302
303
        /* Add the TCP connection manager */
304
#if defined(UA_ARCHITECTURE_ZEPHYR)
305
        UA_ConnectionManager *tcpCM =
306
            UA_ConnectionManager_new_Zephyr_TCP(UA_STRING("tcp connection manager"));
307
#elif defined(UA_ARCHITECTURE_LWIP)
308
        UA_ConnectionManager *tcpCM =
309
            UA_ConnectionManager_new_LWIP_TCP(UA_STRING("tcp connection manager"));
310
#else
311
14.4k
        UA_ConnectionManager *tcpCM =
312
14.4k
            UA_ConnectionManager_new_POSIX_TCP(UA_STRING("tcp connection manager"));
313
14.4k
#endif
314
14.4k
        if(tcpCM)
315
14.4k
            conf->eventLoop->registerEventSource(conf->eventLoop, (UA_EventSource *)tcpCM);
316
317
        /* Add the UDP connection manager */
318
#if defined(UA_ARCHITECTURE_LWIP)
319
        UA_ConnectionManager *udpCM =
320
            UA_ConnectionManager_new_LWIP_UDP(UA_STRING("udp connection manager"));
321
        if(udpCM)
322
            conf->eventLoop->registerEventSource(conf->eventLoop, (UA_EventSource *)udpCM);
323
#elif !defined(UA_ARCHITECTURE_ZEPHYR)
324
        UA_ConnectionManager *udpCM =
325
14.4k
            UA_ConnectionManager_new_POSIX_UDP(UA_STRING("udp connection manager"));
326
14.4k
        if(udpCM)
327
14.4k
            conf->eventLoop->registerEventSource(conf->eventLoop, (UA_EventSource *)udpCM);
328
14.4k
#endif
329
330
        /* Add the Ethernet connection manager */
331
14.4k
#if !defined(UA_ARCHITECTURE_ZEPHYR) && !defined(UA_ARCHITECTURE_LWIP) && defined(UA_ARCHITECTURE_POSIX) && (defined(__linux__))
332
14.4k
        UA_ConnectionManager *ethCM =
333
14.4k
            UA_ConnectionManager_new_POSIX_Ethernet(UA_STRING("eth connection manager"));
334
14.4k
        if(ethCM)
335
14.4k
            conf->eventLoop->registerEventSource(conf->eventLoop, (UA_EventSource *)ethCM);
336
14.4k
#endif
337
338
14.4k
#if !defined(UA_ARCHITECTURE_ZEPHYR) && !defined(UA_ARCHITECTURE_LWIP)
339
        /* Add the interrupt manager */
340
14.4k
        UA_InterruptManager *im = UA_InterruptManager_new_POSIX(UA_STRING("interrupt manager"));
341
14.4k
        if(im) {
342
14.4k
            conf->eventLoop->registerEventSource(conf->eventLoop, &im->eventSource);
343
14.4k
        } else {
344
0
            UA_LOG_ERROR(conf->logging, UA_LOGCATEGORY_APPLICATION,
345
0
                         "Cannot create the Interrupt Manager (only relevant if used)");
346
0
        }
347
14.4k
#endif
348
#ifdef UA_ENABLE_MQTT
349
        /* Add the MQTT connection manager */
350
        UA_ConnectionManager *mqttCM =
351
            UA_ConnectionManager_new_MQTT(UA_STRING("mqtt connection manager"));
352
        if(mqttCM)
353
            conf->eventLoop->registerEventSource(conf->eventLoop, (UA_EventSource *)mqttCM);
354
#endif
355
14.4k
    }
356
14.4k
    if(conf->eventLoop != NULL) {
357
14.4k
        if(conf->eventLoop->state != UA_EVENTLOOPSTATE_STARTED) {
358
14.4k
            UA_StatusCode statusCode = conf->eventLoop->start(conf->eventLoop);
359
14.4k
            if(statusCode != UA_STATUSCODE_GOOD) {
360
0
                return statusCode;
361
0
            }
362
14.4k
        }
363
14.4k
    }
364
365
    /* If a second server is started later it can "steal" the port.
366
     * Having port reuse enabled is important for development.
367
     * Otherwise a long TCP TIME_WAIT is required before the port can be used again. */
368
14.4k
    conf->tcpReuseAddr = true;
369
370
    /* --> Start setting the default static config <-- */
371
372
14.4k
    conf->shutdownDelay = 0.0;
373
374
    /* Server Description */
375
14.4k
    UA_BuildInfo_clear(&conf->buildInfo);
376
14.4k
    conf->buildInfo.productUri = UA_STRING_ALLOC(PRODUCT_URI);
377
14.4k
    conf->buildInfo.manufacturerName = UA_STRING_ALLOC(MANUFACTURER_NAME);
378
14.4k
    conf->buildInfo.productName = UA_STRING_ALLOC(PRODUCT_NAME);
379
14.4k
    conf->buildInfo.softwareVersion =
380
14.4k
        UA_STRING_ALLOC(VERSION(UA_OPEN62541_VER_MAJOR, UA_OPEN62541_VER_MINOR,
381
14.4k
                                UA_OPEN62541_VER_PATCH, UA_OPEN62541_VER_LABEL));
382
14.4k
    conf->buildInfo.buildNumber = UA_STRING_ALLOC(__DATE__ " " __TIME__);
383
14.4k
    conf->buildInfo.buildDate = UA_DateTime_now();
384
385
14.4k
    UA_ApplicationDescription_clear(&conf->applicationDescription);
386
14.4k
    conf->applicationDescription.applicationUri = UA_STRING_ALLOC(APPLICATION_URI);
387
14.4k
    conf->applicationDescription.productUri = UA_STRING_ALLOC(PRODUCT_URI);
388
14.4k
    conf->applicationDescription.applicationName =
389
14.4k
        UA_LOCALIZEDTEXT_ALLOC("en", APPLICATION_NAME);
390
14.4k
    conf->applicationDescription.applicationType = UA_APPLICATIONTYPE_SERVER;
391
    /* conf->applicationDescription.gatewayServerUri = UA_STRING_NULL; */
392
    /* conf->applicationDescription.discoveryProfileUri = UA_STRING_NULL; */
393
    /* conf->applicationDescription.discoveryUrlsSize = 0; */
394
    /* conf->applicationDescription.discoveryUrls = NULL; */
395
396
14.4k
#ifdef UA_ENABLE_DISCOVERY_MULTICAST
397
14.4k
    UA_MdnsDiscoveryConfiguration_clear(&conf->mdnsConfig);
398
14.4k
# ifdef UA_ENABLE_DISCOVERY_MULTICAST_MDNSD
399
14.4k
    conf->mdnsInterfaceIP = UA_STRING_NULL;
400
#  if !defined(UA_HAS_GETIFADDR)
401
    conf->mdnsIpAddressList = NULL;
402
    conf->mdnsIpAddressListSize = 0;
403
#  endif
404
14.4k
# endif
405
14.4k
#endif
406
407
    /* Custom DataTypes */
408
    /* conf->customDataTypesSize = 0; */
409
    /* conf->customDataTypes = NULL; */
410
411
    /* Networking */
412
    /* Set up the local ServerUrls. They are used during startup to initialize
413
     * the server sockets. */
414
14.4k
    UA_String serverUrls[1];
415
14.4k
    size_t serverUrlsSize = 0;
416
14.4k
    char serverUrlBuffer[1][512];
417
418
14.4k
    if(portNumber == 0) {
419
0
        UA_LOG_WARNING(conf->logging, UA_LOGCATEGORY_APPLICATION,
420
0
                       "Dynamic port assignment will be used.");
421
0
    }
422
423
14.4k
    if(conf->serverUrlsSize > 0) {
424
0
        UA_LOG_WARNING(conf->logging, UA_LOGCATEGORY_APPLICATION,
425
0
                       "ServerUrls already set. Overriding.");
426
0
        UA_Array_delete(conf->serverUrls, conf->serverUrlsSize,
427
0
                        &UA_TYPES[UA_TYPES_STRING]);
428
0
        conf->serverUrls = NULL;
429
0
        conf->serverUrlsSize = 0;
430
0
    }
431
432
    /* Listen on all interfaces (also external). This must be the first
433
     * entry if this is desired. Otherwise some interfaces may be blocked
434
     * (already in use) with a hostname that is only locally reachable.*/
435
14.4k
    mp_snprintf(serverUrlBuffer[0], sizeof(serverUrlBuffer[0]),
436
14.4k
                "opc.tcp://:%u", portNumber);
437
14.4k
    serverUrls[serverUrlsSize] = UA_STRING(serverUrlBuffer[0]);
438
14.4k
    serverUrlsSize++;
439
440
    /* Add to the config */
441
14.4k
    UA_StatusCode retval =
442
14.4k
        UA_Array_copy(serverUrls, serverUrlsSize,
443
14.4k
                      (void**)&conf->serverUrls, &UA_TYPES[UA_TYPES_STRING]);
444
14.4k
    if(retval != UA_STATUSCODE_GOOD)
445
0
        return retval;
446
14.4k
    conf->serverUrlsSize = serverUrlsSize;
447
448
    /* Endpoints */
449
    /* conf->endpoints = {0, NULL}; */
450
451
    /* Set Logger for Certificate Verification */
452
14.4k
    if(!conf->secureChannelPKI.logging)
453
14.4k
        conf->secureChannelPKI.logging = conf->logging;
454
14.4k
    if(!conf->sessionPKI.logging)
455
14.4k
        conf->sessionPKI.logging = conf->logging;
456
457
14.4k
#ifdef UA_ENABLE_ENCRYPTION
458
    /* Limits for TrustList */
459
14.4k
    conf->maxTrustListSize = 0;
460
14.4k
    conf->maxRejectedListSize = 0;
461
14.4k
#endif
462
463
    /* Certificate Verification that accepts every certificate. Can be
464
     * overwritten when the policy is specialized. */
465
14.4k
    UA_CertificateGroup_AcceptAll(&conf->secureChannelPKI);
466
14.4k
    UA_CertificateGroup_AcceptAll(&conf->sessionPKI);
467
468
    /* * Global Node Lifecycle * */
469
    /* conf->nodeLifecycle.constructor = NULL; */
470
    /* conf->nodeLifecycle.destructor = NULL; */
471
    /* conf->nodeLifecycle.createOptionalChild = NULL; */
472
    /* conf->nodeLifecycle.generateChildNodeId = NULL; */
473
14.4k
    conf->modellingRulesOnInstances = true;
474
475
    /* Limits for SecureChannels */
476
14.4k
    conf->maxSecureChannels = 100;
477
14.4k
    conf->maxSecurityTokenLifetime = 10 * 60 * 1000; /* 10 minutes */
478
479
    /* Limits for Sessions */
480
14.4k
    conf->maxSessions = 100;
481
14.4k
    conf->maxSessionTimeout = 60.0 * 60.0 * 1000.0; /* 1h */
482
483
14.4k
#ifdef UA_ENABLE_SUBSCRIPTIONS
484
    /* Limits for Subscriptions */
485
14.4k
    conf->publishingIntervalLimits = UA_DURATIONRANGE(100.0, 3600.0 * 1000.0);
486
14.4k
    conf->lifeTimeCountLimits = UA_UINT32RANGE(3, 15000);
487
14.4k
    conf->keepAliveCountLimits = UA_UINT32RANGE(1, 100);
488
14.4k
    conf->maxNotificationsPerPublish = 1000;
489
14.4k
    conf->enableRetransmissionQueue = true;
490
14.4k
    conf->maxRetransmissionQueueSize = 0; /* unlimited */
491
14.4k
# ifdef UA_ENABLE_SUBSCRIPTIONS_EVENTS
492
14.4k
    conf->maxEventsPerNode = 0; /* unlimited */
493
14.4k
# endif
494
495
    /* Limits for MonitoredItems */
496
14.4k
    conf->samplingIntervalLimits = UA_DURATIONRANGE(50.0, 24.0 * 3600.0 * 1000.0);
497
14.4k
    conf->queueSizeLimits = UA_UINT32RANGE(1, 100);
498
14.4k
#endif
499
500
14.4k
#ifdef UA_ENABLE_DISCOVERY
501
14.4k
    conf->discoveryCleanupTimeout = 60 * 60;
502
14.4k
#endif
503
504
14.4k
#ifdef UA_ENABLE_HISTORIZING
505
    /* conf->accessHistoryDataCapability = false; */
506
    /* conf->maxReturnDataValues = 0; */
507
508
    /* conf->accessHistoryEventsCapability = false; */
509
    /* conf->maxReturnEventValues = 0; */
510
511
    /* conf->insertDataCapability = false; */
512
    /* conf->insertEventCapability = false; */
513
    /* conf->insertAnnotationsCapability = false; */
514
515
    /* conf->replaceDataCapability = false; */
516
    /* conf->replaceEventCapability = false; */
517
518
    /* conf->updateDataCapability = false; */
519
    /* conf->updateEventCapability = false; */
520
521
    /* conf->deleteRawCapability = false; */
522
    /* conf->deleteEventCapability = false; */
523
    /* conf->deleteAtTimeDataCapability = false; */
524
14.4k
#endif
525
526
14.4k
#if UA_MULTITHREADING >= 100
527
14.4k
    conf->maxAsyncOperationQueueSize = 0;
528
14.4k
    conf->asyncOperationTimeout = 120000; /* Async Operation Timeout in ms (2 minutes) */
529
14.4k
#endif
530
531
14.4k
#ifdef UA_ENABLE_PUBSUB
532
14.4k
    conf->pubsubEnabled = true;
533
14.4k
    conf->pubSubConfig.enableDeltaFrames = true;
534
14.4k
#ifdef UA_ENABLE_PUBSUB_INFORMATIONMODEL
535
14.4k
    conf->pubSubConfig.enableInformationModelMethods = true;
536
14.4k
#endif
537
14.4k
#endif
538
539
    /* --> Finish setting the default static config <-- */
540
541
14.4k
    return UA_STATUSCODE_GOOD;
542
14.4k
}
543
544
UA_EXPORT UA_StatusCode
545
0
UA_ServerConfig_setBasics(UA_ServerConfig* conf) {
546
0
    return UA_ServerConfig_setBasics_withPort(conf, 4840);
547
0
}
548
549
UA_EXPORT UA_StatusCode
550
0
UA_ServerConfig_setBasics_withPort(UA_ServerConfig* conf, UA_UInt16 portNumber) {
551
0
    return setDefaultConfig(conf, portNumber);
552
0
}
553
554
UA_EXPORT UA_StatusCode
555
UA_ServerConfig_addSecurityPolicyNone(UA_ServerConfig *config,
556
14.4k
                                      const UA_ByteString *certificate) {
557
    /* Allocate the SecurityPolicies */
558
14.4k
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
559
14.4k
        UA_realloc(config->securityPolicies,
560
14.4k
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
561
14.4k
    if(!tmp)
562
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
563
14.4k
    config->securityPolicies = tmp;
564
565
    /* Populate the SecurityPolicies */
566
14.4k
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
567
14.4k
    if(certificate)
568
0
        localCertificate = *certificate;
569
14.4k
    UA_StatusCode retval =
570
14.4k
        UA_SecurityPolicy_None(&config->securityPolicies[config->securityPoliciesSize],
571
14.4k
                               localCertificate, config->logging);
572
14.4k
    if(retval != UA_STATUSCODE_GOOD) {
573
0
        if(config->securityPoliciesSize == 0) {
574
0
            UA_free(config->securityPolicies);
575
0
            config->securityPolicies = NULL;
576
0
        }
577
0
        return retval;
578
0
    }
579
580
14.4k
    config->securityPoliciesSize++;
581
14.4k
    return UA_STATUSCODE_GOOD;
582
14.4k
}
583
584
UA_EXPORT UA_StatusCode
585
UA_ServerConfig_addEndpoint(UA_ServerConfig *config, const UA_String securityPolicyUri,
586
14.4k
                            UA_MessageSecurityMode securityMode) {
587
    /* Lookup the security policy */
588
14.4k
    const UA_SecurityPolicy *policy = NULL;
589
14.4k
    for (size_t i = 0; i < config->securityPoliciesSize; ++i) {
590
14.4k
        if (UA_String_equal(&securityPolicyUri, &config->securityPolicies[i].policyUri)) {
591
14.4k
            policy = &config->securityPolicies[i];
592
14.4k
            break;
593
14.4k
        }
594
14.4k
    }
595
14.4k
    if(!policy)
596
0
        return UA_STATUSCODE_BADINVALIDARGUMENT;
597
598
    /* Populate the endpoint */
599
14.4k
    return addEndpoint(config, policy, securityMode);
600
14.4k
}
601
602
UA_EXPORT UA_StatusCode
603
0
UA_ServerConfig_addAllEndpoints(UA_ServerConfig *config) {
604
    /* Populate the endpoints */
605
0
    for(size_t i = 0; i < config->securityPoliciesSize; ++i) {
606
0
        if(UA_String_equal(&UA_SECURITY_POLICY_NONE_URI, &config->securityPolicies[i].policyUri)) {
607
0
            UA_StatusCode retval =
608
0
                addEndpoint(config, &config->securityPolicies[i], UA_MESSAGESECURITYMODE_NONE);
609
0
            if(retval != UA_STATUSCODE_GOOD)
610
0
                return retval;
611
0
        } else {
612
0
            UA_StatusCode retval =
613
0
                addEndpoint(config, &config->securityPolicies[i], UA_MESSAGESECURITYMODE_SIGN);
614
0
            if(retval != UA_STATUSCODE_GOOD)
615
0
                return retval;
616
0
            retval = addEndpoint(config, &config->securityPolicies[i],
617
0
                                 UA_MESSAGESECURITYMODE_SIGNANDENCRYPT);
618
0
            if(retval != UA_STATUSCODE_GOOD)
619
0
                return retval;
620
0
        }
621
0
    }
622
623
0
    return UA_STATUSCODE_GOOD;
624
0
}
625
626
UA_EXPORT UA_StatusCode
627
0
UA_ServerConfig_addAllSecureEndpoints(UA_ServerConfig *config) {
628
629
    /* Delete all predefined endpoints. */
630
0
    if(config->endpointsSize > 0) {
631
0
        for(size_t i = 0; i < config->endpointsSize; ++i)
632
0
            UA_EndpointDescription_clear(&config->endpoints[i]);
633
634
0
        UA_free(config->endpoints);
635
0
        config->endpoints = NULL;
636
0
        config->endpointsSize = 0;
637
0
    }
638
639
    /* Populate the endpoints */
640
0
    for(size_t i = 0; i < config->securityPoliciesSize; ++i) {
641
        /* Skip the None and all deprecated policies */
642
0
        if(config->securityPolicies[i].securityLevel == 0)
643
0
            continue;
644
0
        UA_StatusCode retval =
645
0
            addEndpoint(config, &config->securityPolicies[i], UA_MESSAGESECURITYMODE_SIGN);
646
0
        if(retval != UA_STATUSCODE_GOOD)
647
0
            return retval;
648
0
        retval = addEndpoint(config, &config->securityPolicies[i],
649
0
                             UA_MESSAGESECURITYMODE_SIGNANDENCRYPT);
650
0
        if(retval != UA_STATUSCODE_GOOD)
651
0
            return retval;
652
0
    }
653
654
0
    return UA_STATUSCODE_GOOD;
655
0
}
656
657
UA_EXPORT UA_StatusCode
658
UA_ServerConfig_setMinimalCustomBuffer(UA_ServerConfig *config, UA_UInt16 portNumber,
659
                                       const UA_ByteString *certificate,
660
                                       UA_UInt32 sendBufferSize,
661
14.4k
                                       UA_UInt32 recvBufferSize) {
662
14.4k
    if(!config)
663
0
        return UA_STATUSCODE_BADINVALIDARGUMENT;
664
665
14.4k
    UA_StatusCode retval = setDefaultConfig(config, portNumber);
666
14.4k
    if(retval != UA_STATUSCODE_GOOD) {
667
0
        UA_ServerConfig_clear(config);
668
0
        return retval;
669
0
    }
670
671
    /* Set the TCP settings */
672
14.4k
    config->tcpBufSize = recvBufferSize;
673
674
    /* Allocate the SecurityPolicies */
675
14.4k
    retval = UA_ServerConfig_addSecurityPolicyNone(config, certificate);
676
14.4k
    if(retval != UA_STATUSCODE_GOOD) {
677
0
        UA_ServerConfig_clear(config);
678
0
        return retval;
679
0
    }
680
681
    /* Initialize the Access Control plugin */
682
14.4k
    retval = UA_AccessControl_default(config, true, NULL, 0, NULL);
683
14.4k
    if(retval != UA_STATUSCODE_GOOD) {
684
0
        UA_ServerConfig_clear(config);
685
0
        return retval;
686
0
    }
687
688
    /* Allocate the endpoint */
689
14.4k
    retval = UA_ServerConfig_addEndpoint(config, UA_SECURITY_POLICY_NONE_URI,
690
14.4k
                                         UA_MESSAGESECURITYMODE_NONE);
691
14.4k
    if(retval != UA_STATUSCODE_GOOD) {
692
0
        UA_ServerConfig_clear(config);
693
0
        return retval;
694
0
    }
695
696
14.4k
    return UA_STATUSCODE_GOOD;
697
14.4k
}
698
699
#ifdef UA_ENABLE_ENCRYPTION
700
701
UA_EXPORT UA_StatusCode
702
UA_ServerConfig_addSecurityPolicyBasic128Rsa15(UA_ServerConfig *config,
703
                                               const UA_ByteString *certificate,
704
0
                                               const UA_ByteString *privateKey) {
705
    /* Allocate the SecurityPolicies */
706
0
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
707
0
        UA_realloc(config->securityPolicies,
708
0
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
709
0
    if(!tmp)
710
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
711
0
    config->securityPolicies = tmp;
712
713
    /* Populate the SecurityPolicies */
714
0
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
715
0
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
716
0
    if(certificate)
717
0
        localCertificate = *certificate;
718
0
    if(privateKey)
719
0
       localPrivateKey = *privateKey;
720
0
    UA_StatusCode retval =
721
0
        UA_SecurityPolicy_Basic128Rsa15(&config->securityPolicies[config->securityPoliciesSize],
722
0
                                        localCertificate, localPrivateKey, config->logging);
723
0
    if(retval != UA_STATUSCODE_GOOD) {
724
0
        if(config->securityPoliciesSize == 0) {
725
0
            UA_free(config->securityPolicies);
726
0
            config->securityPolicies = NULL;
727
0
        }
728
0
        return retval;
729
0
    }
730
731
0
    config->securityPoliciesSize++;
732
0
    return UA_STATUSCODE_GOOD;
733
0
}
734
735
UA_EXPORT UA_StatusCode
736
UA_ServerConfig_addSecurityPolicyBasic256(UA_ServerConfig *config,
737
                                          const UA_ByteString *certificate,
738
0
                                          const UA_ByteString *privateKey) {
739
    /* Allocate the SecurityPolicies */
740
0
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
741
0
        UA_realloc(config->securityPolicies,
742
0
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
743
0
    if(!tmp)
744
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
745
0
    config->securityPolicies = tmp;
746
747
    /* Populate the SecurityPolicies */
748
0
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
749
0
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
750
0
    if(certificate)
751
0
        localCertificate = *certificate;
752
0
    if(privateKey)
753
0
       localPrivateKey = *privateKey;
754
0
    UA_StatusCode retval =
755
0
        UA_SecurityPolicy_Basic256(&config->securityPolicies[config->securityPoliciesSize],
756
0
                                   localCertificate, localPrivateKey, config->logging);
757
0
    if(retval != UA_STATUSCODE_GOOD) {
758
0
        if(config->securityPoliciesSize == 0) {
759
0
            UA_free(config->securityPolicies);
760
0
            config->securityPolicies = NULL;
761
0
        }
762
0
        return retval;
763
0
    }
764
765
0
    config->securityPoliciesSize++;
766
0
    return UA_STATUSCODE_GOOD;
767
0
}
768
769
UA_EXPORT UA_StatusCode
770
UA_ServerConfig_addSecurityPolicyBasic256Sha256(UA_ServerConfig *config,
771
                                                const UA_ByteString *certificate,
772
0
                                                const UA_ByteString *privateKey) {
773
    /* Allocate the SecurityPolicies */
774
0
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
775
0
        UA_realloc(config->securityPolicies,
776
0
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
777
0
    if(!tmp)
778
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
779
0
    config->securityPolicies = tmp;
780
781
    /* Populate the SecurityPolicies */
782
0
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
783
0
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
784
0
    if(certificate)
785
0
        localCertificate = *certificate;
786
0
    if(privateKey)
787
0
       localPrivateKey = *privateKey;
788
0
    UA_StatusCode retval =
789
0
        UA_SecurityPolicy_Basic256Sha256(&config->securityPolicies[config->securityPoliciesSize],
790
0
                                         localCertificate, localPrivateKey, config->logging);
791
0
    if(retval != UA_STATUSCODE_GOOD) {
792
0
        if(config->securityPoliciesSize == 0) {
793
0
            UA_free(config->securityPolicies);
794
0
            config->securityPolicies = NULL;
795
0
        }
796
0
        return retval;
797
0
    }
798
799
0
    config->securityPoliciesSize++;
800
0
    return UA_STATUSCODE_GOOD;
801
0
}
802
803
UA_EXPORT UA_StatusCode
804
UA_ServerConfig_addSecurityPolicyAes128Sha256RsaOaep(UA_ServerConfig *config,
805
                                                const UA_ByteString *certificate,
806
0
                                                const UA_ByteString *privateKey) {
807
    /* Allocate the SecurityPolicies */
808
0
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
809
0
        UA_realloc(config->securityPolicies,
810
0
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
811
0
    if(!tmp)
812
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
813
0
    config->securityPolicies = tmp;
814
815
    /* Populate the SecurityPolicies */
816
0
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
817
0
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
818
0
    if(certificate)
819
0
        localCertificate = *certificate;
820
0
    if(privateKey)
821
0
       localPrivateKey = *privateKey;
822
0
    UA_StatusCode retval =
823
0
        UA_SecurityPolicy_Aes128Sha256RsaOaep(&config->securityPolicies[config->securityPoliciesSize],
824
0
                                              localCertificate, localPrivateKey, config->logging);
825
0
    if(retval != UA_STATUSCODE_GOOD) {
826
0
        if(config->securityPoliciesSize == 0) {
827
0
            UA_free(config->securityPolicies);
828
0
            config->securityPolicies = NULL;
829
0
        }
830
0
        return retval;
831
0
    }
832
833
0
    config->securityPoliciesSize++;
834
0
    return UA_STATUSCODE_GOOD;
835
0
}
836
837
UA_EXPORT UA_StatusCode
838
UA_ServerConfig_addSecurityPolicyAes256Sha256RsaPss(UA_ServerConfig *config,
839
                                                     const UA_ByteString *certificate,
840
0
                                                     const UA_ByteString *privateKey) {
841
    /* Allocate the SecurityPolicies */
842
0
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
843
0
        UA_realloc(config->securityPolicies,
844
0
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
845
0
    if(!tmp)
846
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
847
0
    config->securityPolicies = tmp;
848
849
    /* Populate the SecurityPolicies */
850
0
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
851
0
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
852
0
    if(certificate)
853
0
        localCertificate = *certificate;
854
0
    if(privateKey)
855
0
        localPrivateKey = *privateKey;
856
0
    UA_StatusCode retval =
857
0
        UA_SecurityPolicy_Aes256Sha256RsaPss(&config->securityPolicies[config->securityPoliciesSize],
858
0
                                              localCertificate, localPrivateKey, config->logging);
859
0
    if(retval != UA_STATUSCODE_GOOD) {
860
0
        if(config->securityPoliciesSize == 0) {
861
0
            UA_free(config->securityPolicies);
862
0
            config->securityPolicies = NULL;
863
0
        }
864
0
        return retval;
865
0
    }
866
867
0
    config->securityPoliciesSize++;
868
0
    return UA_STATUSCODE_GOOD;
869
0
}
870
871
#if defined(UA_ENABLE_ENCRYPTION_OPENSSL) || \
872
    (defined(UA_ENABLE_ENCRYPTION_MBEDTLS) && MBEDTLS_VERSION_NUMBER >= 0x03000000)
873
UA_EXPORT UA_StatusCode
874
UA_ServerConfig_addSecurityPolicyEccNistP256(UA_ServerConfig *config,
875
                                                     const UA_ByteString *certificate,
876
                                                     const UA_ByteString *privateKey) {
877
    /* Allocate the SecurityPolicies */
878
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
879
        UA_realloc(config->securityPolicies,
880
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
881
    if(!tmp)
882
        return UA_STATUSCODE_BADOUTOFMEMORY;
883
    config->securityPolicies = tmp;
884
885
    /* Populate the SecurityPolicies */
886
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
887
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
888
    if(certificate)
889
        localCertificate = *certificate;
890
    if(privateKey)
891
        localPrivateKey = *privateKey;
892
    UA_StatusCode retval =
893
        UA_SecurityPolicy_EccNistP256(&config->securityPolicies[config->securityPoliciesSize],
894
                                              UA_APPLICATIONTYPE_SERVER, localCertificate,
895
                                              localPrivateKey, config->logging);
896
    if(retval != UA_STATUSCODE_GOOD) {
897
        if(config->securityPoliciesSize == 0) {
898
            UA_free(config->securityPolicies);
899
            config->securityPolicies = NULL;
900
        }
901
        return retval;
902
    }
903
904
    config->securityPoliciesSize++;
905
    return UA_STATUSCODE_GOOD;
906
}
907
908
/* The AEAD ECC policies (AesGcm / ChaChaPoly) are only implemented in the
909
 * OpenSSL backend; their constructors do not exist for mbedTLS. */
910
#if defined(UA_ENABLE_ENCRYPTION_OPENSSL)
911
UA_EXPORT UA_StatusCode
912
UA_ServerConfig_addSecurityPolicyEccNistP256AesGcm(UA_ServerConfig *config,
913
                                                    const UA_ByteString *certificate,
914
                                                    const UA_ByteString *privateKey) {
915
    /* Allocate the SecurityPolicies */
916
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
917
        UA_realloc(config->securityPolicies,
918
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
919
    if(!tmp)
920
        return UA_STATUSCODE_BADOUTOFMEMORY;
921
    config->securityPolicies = tmp;
922
923
    /* Populate the SecurityPolicies */
924
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
925
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
926
    if(certificate)
927
        localCertificate = *certificate;
928
    if(privateKey)
929
        localPrivateKey = *privateKey;
930
    UA_StatusCode retval =
931
        UA_SecurityPolicy_EccNistP256AesGcm(&config->securityPolicies[config->securityPoliciesSize],
932
                                              UA_APPLICATIONTYPE_SERVER, localCertificate,
933
                                              localPrivateKey, config->logging);
934
    if(retval != UA_STATUSCODE_GOOD) {
935
        if(config->securityPoliciesSize == 0) {
936
            UA_free(config->securityPolicies);
937
            config->securityPolicies = NULL;
938
        }
939
        return retval;
940
    }
941
942
    config->securityPoliciesSize++;
943
    return UA_STATUSCODE_GOOD;
944
}
945
946
UA_EXPORT UA_StatusCode
947
UA_ServerConfig_addSecurityPolicyEccNistP256ChaChaPoly(UA_ServerConfig *config,
948
                                                       const UA_ByteString *certificate,
949
                                                       const UA_ByteString *privateKey) {
950
    /* Allocate the SecurityPolicies */
951
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
952
        UA_realloc(config->securityPolicies,
953
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
954
    if(!tmp)
955
        return UA_STATUSCODE_BADOUTOFMEMORY;
956
    config->securityPolicies = tmp;
957
958
    /* Populate the SecurityPolicies */
959
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
960
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
961
    if(certificate)
962
        localCertificate = *certificate;
963
    if(privateKey)
964
        localPrivateKey = *privateKey;
965
    UA_StatusCode retval =
966
        UA_SecurityPolicy_EccNistP256ChaChaPoly(&config->securityPolicies[config->securityPoliciesSize],
967
                                                UA_APPLICATIONTYPE_SERVER, localCertificate,
968
                                                localPrivateKey, config->logging);
969
    if(retval != UA_STATUSCODE_GOOD) {
970
        if(config->securityPoliciesSize == 0) {
971
            UA_free(config->securityPolicies);
972
            config->securityPolicies = NULL;
973
        }
974
        return retval;
975
    }
976
977
    config->securityPoliciesSize++;
978
    return UA_STATUSCODE_GOOD;
979
}
980
#endif /* UA_ENABLE_ENCRYPTION_OPENSSL (AEAD ECC policies) */
981
982
UA_EXPORT UA_StatusCode
983
UA_ServerConfig_addSecurityPolicyEccNistP384(UA_ServerConfig *config,
984
                                             const UA_ByteString *certificate,
985
                                             const UA_ByteString *privateKey) {
986
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
987
        UA_realloc(config->securityPolicies,
988
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
989
    if(!tmp)
990
        return UA_STATUSCODE_BADOUTOFMEMORY;
991
    config->securityPolicies = tmp;
992
993
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
994
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
995
    if(certificate)
996
        localCertificate = *certificate;
997
    if(privateKey)
998
        localPrivateKey = *privateKey;
999
    UA_StatusCode retval =
1000
        UA_SecurityPolicy_EccNistP384(&config->securityPolicies[config->securityPoliciesSize],
1001
                                      UA_APPLICATIONTYPE_SERVER, localCertificate,
1002
                                      localPrivateKey, config->logging);
1003
    if(retval != UA_STATUSCODE_GOOD) {
1004
        if(config->securityPoliciesSize == 0) {
1005
            UA_free(config->securityPolicies);
1006
            config->securityPolicies = NULL;
1007
        }
1008
        return retval;
1009
    }
1010
1011
    config->securityPoliciesSize++;
1012
    return UA_STATUSCODE_GOOD;
1013
}
1014
UA_EXPORT UA_StatusCode
1015
UA_ServerConfig_addSecurityPolicyEccBrainpoolP256r1(UA_ServerConfig *config,
1016
                                                    const UA_ByteString *certificate,
1017
                                                    const UA_ByteString *privateKey) {
1018
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
1019
        UA_realloc(config->securityPolicies,
1020
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
1021
    if(!tmp)
1022
        return UA_STATUSCODE_BADOUTOFMEMORY;
1023
    config->securityPolicies = tmp;
1024
1025
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
1026
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
1027
    if(certificate)
1028
        localCertificate = *certificate;
1029
    if(privateKey)
1030
        localPrivateKey = *privateKey;
1031
    UA_StatusCode retval =
1032
        UA_SecurityPolicy_EccBrainpoolP256r1(&config->securityPolicies[config->securityPoliciesSize],
1033
                                             UA_APPLICATIONTYPE_SERVER, localCertificate,
1034
                                             localPrivateKey, config->logging);
1035
    if(retval != UA_STATUSCODE_GOOD) {
1036
        if(config->securityPoliciesSize == 0) {
1037
            UA_free(config->securityPolicies);
1038
            config->securityPolicies = NULL;
1039
        }
1040
        return retval;
1041
    }
1042
1043
    config->securityPoliciesSize++;
1044
    return UA_STATUSCODE_GOOD;
1045
}
1046
UA_EXPORT UA_StatusCode
1047
UA_ServerConfig_addSecurityPolicyEccBrainpoolP384r1(UA_ServerConfig *config,
1048
                                                    const UA_ByteString *certificate,
1049
                                                    const UA_ByteString *privateKey) {
1050
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
1051
        UA_realloc(config->securityPolicies,
1052
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
1053
    if(!tmp)
1054
        return UA_STATUSCODE_BADOUTOFMEMORY;
1055
    config->securityPolicies = tmp;
1056
1057
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
1058
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
1059
    if(certificate)
1060
        localCertificate = *certificate;
1061
    if(privateKey)
1062
        localPrivateKey = *privateKey;
1063
    UA_StatusCode retval =
1064
        UA_SecurityPolicy_EccBrainpoolP384r1(&config->securityPolicies[config->securityPoliciesSize],
1065
                                             UA_APPLICATIONTYPE_SERVER, localCertificate,
1066
                                             localPrivateKey, config->logging);
1067
    if(retval != UA_STATUSCODE_GOOD) {
1068
        if(config->securityPoliciesSize == 0) {
1069
            UA_free(config->securityPolicies);
1070
            config->securityPolicies = NULL;
1071
        }
1072
        return retval;
1073
    }
1074
1075
    config->securityPoliciesSize++;
1076
    return UA_STATUSCODE_GOOD;
1077
}
1078
#endif /* UA_ENABLE_ENCRYPTION_OPENSSL || mbedTLS ECC */
1079
1080
#if defined(UA_ENABLE_ENCRYPTION_OPENSSL)
1081
UA_EXPORT UA_StatusCode
1082
UA_ServerConfig_addSecurityPolicyEccCurve25519(UA_ServerConfig *config,
1083
                                               const UA_ByteString *certificate,
1084
                                               const UA_ByteString *privateKey) {
1085
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
1086
        UA_realloc(config->securityPolicies,
1087
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
1088
    if(!tmp)
1089
        return UA_STATUSCODE_BADOUTOFMEMORY;
1090
    config->securityPolicies = tmp;
1091
1092
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
1093
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
1094
    if(certificate)
1095
        localCertificate = *certificate;
1096
    if(privateKey)
1097
        localPrivateKey = *privateKey;
1098
    UA_StatusCode retval =
1099
        UA_SecurityPolicy_EccCurve25519(&config->securityPolicies[config->securityPoliciesSize],
1100
                                        UA_APPLICATIONTYPE_SERVER, localCertificate,
1101
                                        localPrivateKey, config->logging);
1102
    if(retval != UA_STATUSCODE_GOOD) {
1103
        if(config->securityPoliciesSize == 0) {
1104
            UA_free(config->securityPolicies);
1105
            config->securityPolicies = NULL;
1106
        }
1107
        return retval;
1108
    }
1109
1110
    config->securityPoliciesSize++;
1111
    return UA_STATUSCODE_GOOD;
1112
}
1113
UA_EXPORT UA_StatusCode
1114
UA_ServerConfig_addSecurityPolicyEccCurve448(UA_ServerConfig *config,
1115
                                             const UA_ByteString *certificate,
1116
                                             const UA_ByteString *privateKey) {
1117
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
1118
        UA_realloc(config->securityPolicies,
1119
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
1120
    if(!tmp)
1121
        return UA_STATUSCODE_BADOUTOFMEMORY;
1122
    config->securityPolicies = tmp;
1123
1124
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
1125
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
1126
    if(certificate)
1127
        localCertificate = *certificate;
1128
    if(privateKey)
1129
        localPrivateKey = *privateKey;
1130
    UA_StatusCode retval =
1131
        UA_SecurityPolicy_EccCurve448(&config->securityPolicies[config->securityPoliciesSize],
1132
                                      UA_APPLICATIONTYPE_SERVER, localCertificate,
1133
                                      localPrivateKey, config->logging);
1134
    if(retval != UA_STATUSCODE_GOOD) {
1135
        if(config->securityPoliciesSize == 0) {
1136
            UA_free(config->securityPolicies);
1137
            config->securityPolicies = NULL;
1138
        }
1139
        return retval;
1140
    }
1141
1142
    config->securityPoliciesSize++;
1143
    return UA_STATUSCODE_GOOD;
1144
}
1145
#endif
1146
1147
1148
/* This assumes that the sp array has enough space for up to SECURITY_POLICY_SIZE policies.
1149
 * Policies that have been added are not cleaned up after an error.
1150
 * Certificate and/or pricateKey can be NULL and will not be used then.
1151
 * Logs a warning if policies could not be added. */
1152
static void
1153
addAllSecurityPolicies(UA_SecurityPolicy *sp, size_t *length,
1154
                       const UA_ByteString certificate, const UA_ByteString privateKey,
1155
                       UA_Boolean onlySecure, UA_ApplicationType applicationType,
1156
0
                       UA_Logger *logging) {
1157
    /* Basic256Sha256 */
1158
0
    UA_StatusCode retval = UA_SecurityPolicy_Basic256Sha256(sp + *length, certificate, privateKey, logging);
1159
0
    *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0;
1160
0
    if(retval != UA_STATUSCODE_GOOD) {
1161
0
        UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION,
1162
0
                       "Could not add SecurityPolicy#Basic256Sha256 with error code %s",
1163
0
                       UA_StatusCode_name(retval));
1164
0
    }
1165
1166
    /* Aes256Sha256RsaPss */
1167
0
    retval = UA_SecurityPolicy_Aes256Sha256RsaPss(sp + *length, certificate, privateKey, logging);
1168
0
    *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0;
1169
0
    if(retval != UA_STATUSCODE_GOOD) {
1170
0
        UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION,
1171
0
                       "Could not add SecurityPolicy#Aes256Sha256RsaPss with error code %s",
1172
0
                       UA_StatusCode_name(retval));
1173
0
    }
1174
1175
    /* Aes128Sha256RsaOaep */
1176
0
    retval = UA_SecurityPolicy_Aes128Sha256RsaOaep(sp + *length, certificate, privateKey, logging);
1177
0
    *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0;
1178
0
    if(retval != UA_STATUSCODE_GOOD) {
1179
0
        UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION,
1180
0
                       "Could not add SecurityPolicy#Aes128Sha256RsaOaep with error code %s",
1181
0
                       UA_StatusCode_name(retval));
1182
0
    }
1183
1184
    /* The non-deprecated ECC SecurityPolicies are the AEAD profiles, which are
1185
     * implemented only in the OpenSSL backend. The deprecated non-AEAD ECC
1186
     * policies (EccNistP256/P384, EccBrainpoolP256r1/P384r1) are not part of the
1187
     * default set; add them explicitly via UA_ServerConfig_addSecurityPolicyEcc*. */
1188
#if defined(UA_ENABLE_ENCRYPTION_OPENSSL)
1189
    /* EccNistP256AesGcm */
1190
    retval = UA_SecurityPolicy_EccNistP256AesGcm(sp + *length, applicationType,
1191
                                                  certificate, privateKey, logging);
1192
    *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0;
1193
    if(retval != UA_STATUSCODE_GOOD) {
1194
        UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION,
1195
                       "Could not add SecurityPolicy#EccNistP256_AesGcm with error code %s",
1196
                       UA_StatusCode_name(retval));
1197
    }
1198
1199
    /* EccNistP256ChaChaPoly */
1200
    retval = UA_SecurityPolicy_EccNistP256ChaChaPoly(sp + *length, applicationType,
1201
                                                     certificate, privateKey, logging);
1202
    *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0;
1203
    if(retval != UA_STATUSCODE_GOOD) {
1204
        UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION,
1205
                       "Could not add SecurityPolicy#EccNistP256_ChaChaPoly with error code %s",
1206
                       UA_StatusCode_name(retval));
1207
    }
1208
1209
    /* EccCurve25519 */
1210
    retval = UA_SecurityPolicy_EccCurve25519(sp + *length, applicationType,
1211
                                             certificate, privateKey, logging);
1212
    *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0;
1213
    if(retval != UA_STATUSCODE_GOOD) {
1214
        UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION,
1215
                       "Could not add SecurityPolicy#EccCurve25519 with error code %s",
1216
                       UA_StatusCode_name(retval));
1217
    }
1218
1219
    /* EccCurve448 */
1220
    retval = UA_SecurityPolicy_EccCurve448(sp + *length, applicationType,
1221
                                           certificate, privateKey, logging);
1222
    *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0;
1223
    if(retval != UA_STATUSCODE_GOOD) {
1224
        UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION,
1225
                       "Could not add SecurityPolicy#EccCurve448 with error code %s",
1226
                       UA_StatusCode_name(retval));
1227
    }
1228
#endif
1229
1230
    /* Don't add "unsecure" SecurityPolicies */
1231
0
    if(onlySecure)
1232
0
        return;
1233
1234
    /* None */
1235
0
    retval = UA_SecurityPolicy_None(sp + *length, certificate, logging);
1236
0
    *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0;
1237
0
    if(retval != UA_STATUSCODE_GOOD) {
1238
0
        UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION,
1239
0
                       "Could not add SecurityPolicy#None with error code %s",
1240
0
                       UA_StatusCode_name(retval));
1241
0
    }
1242
1243
#ifdef UA_INCLUDE_INSECURE_POLICIES
1244
    /* Basic128Rsa15 should no longer be used */
1245
    retval = UA_SecurityPolicy_Basic128Rsa15(sp + *length, certificate, privateKey, logging);
1246
    *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0;
1247
    if(retval != UA_STATUSCODE_GOOD) {
1248
        UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION,
1249
                       "Could not add SecurityPolicy#Basic128Rsa15 with error code %s",
1250
                       UA_StatusCode_name(retval));
1251
    }
1252
1253
    /* Basic256 should no longer be used */
1254
    retval = UA_SecurityPolicy_Basic256(sp + *length, certificate, privateKey, logging);
1255
    *length += (retval == UA_STATUSCODE_GOOD) ? 1 : 0;
1256
    if(retval != UA_STATUSCODE_GOOD) {
1257
        UA_LOG_WARNING(logging, UA_LOGCATEGORY_APPLICATION,
1258
                       "Could not add SecurityPolicy#Basic256 with error code %s",
1259
                       UA_StatusCode_name(retval));
1260
    }
1261
#endif
1262
1263
    /* The non-AEAD ECC SecurityPolicies (EccNistP256/P384,
1264
     * EccBrainpoolP256r1/P384r1) are deprecated (OPC UA Part 7), superseded by
1265
     * their *_AesGcm / *_ChaChaPoly variants. They are not part of the default
1266
     * policy set; use the UA_ServerConfig_addSecurityPolicyEcc* functions to add
1267
     * them explicitly. */
1268
0
}
1269
1270
static UA_StatusCode
1271
addAllServerSecurityPolicies(UA_ServerConfig *config,
1272
                             const UA_ByteString *certificate, const UA_ByteString *privateKey,
1273
0
                             UA_Boolean onlySecure) {
1274
    /* Populate the cert variables */
1275
0
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
1276
0
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
1277
0
    if(certificate)
1278
0
        localCertificate = *certificate;
1279
0
    if(privateKey)
1280
0
       localPrivateKey = *privateKey;
1281
1282
    /* Load the private key and convert to the DER format. Use an empty password
1283
     * on the first try -- maybe the key does not require a password. */
1284
0
    UA_ByteString decryptedPrivateKey = UA_BYTESTRING_NULL;
1285
0
    UA_ByteString keyPassword = UA_BYTESTRING_NULL;
1286
0
    UA_StatusCode keySuccess = UA_STATUSCODE_GOOD;
1287
0
    if(privateKey && privateKey->length > 0)
1288
0
        keySuccess = UA_CertificateUtils_decryptPrivateKey(localPrivateKey, keyPassword,
1289
0
                                                           &decryptedPrivateKey);
1290
1291
    /* Get the password and decrypt. An application might want to loop / retry
1292
     * here to allow users to correct their entry. */
1293
0
    if(keySuccess != UA_STATUSCODE_GOOD) {
1294
0
        if(config->privateKeyPasswordCallback)
1295
0
            keySuccess = config->privateKeyPasswordCallback(config, &keyPassword);
1296
0
        else
1297
0
            keySuccess = readPrivateKeyPassword(&keyPassword);
1298
0
        if(keySuccess != UA_STATUSCODE_GOOD)
1299
0
            return keySuccess;
1300
0
        keySuccess = UA_CertificateUtils_decryptPrivateKey(localPrivateKey, keyPassword,
1301
0
                                                           &decryptedPrivateKey);
1302
0
        UA_ByteString_memZero(&keyPassword);
1303
0
        UA_ByteString_clear(&keyPassword);
1304
0
    }
1305
0
    if(keySuccess != UA_STATUSCODE_GOOD) {
1306
0
        UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION,
1307
0
                     "Could not decrypt the private key with status code %s",
1308
0
                     UA_StatusCode_name(keySuccess));
1309
0
        return keySuccess;
1310
0
    }
1311
1312
    /* Clear up the old SecurityPolicies */
1313
0
    for(size_t i = 0; i < config->securityPoliciesSize; i++) {
1314
0
        config->securityPolicies[i].clear(&config->securityPolicies[i]);
1315
0
    }
1316
1317
    /* Allocate memory for the additional policies */
1318
0
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy*)
1319
0
        UA_realloc(config->securityPolicies, sizeof(UA_SecurityPolicy) * SECURITY_POLICY_SIZE);
1320
0
    if(!tmp) {
1321
0
        UA_ByteString_memZero(&decryptedPrivateKey);
1322
0
        UA_ByteString_clear(&decryptedPrivateKey);
1323
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
1324
0
    }
1325
1326
0
    config->securityPolicies = tmp;
1327
0
    config->securityPoliciesSize = 0;
1328
1329
    /* Do the generic addition of certificates */
1330
0
    addAllSecurityPolicies(config->securityPolicies, &config->securityPoliciesSize,
1331
0
                           localCertificate, decryptedPrivateKey, onlySecure,
1332
0
                           UA_APPLICATIONTYPE_SERVER, config->logging);
1333
1334
0
    if(config->securityPoliciesSize == 0) {
1335
0
        UA_free(config->securityPolicies);
1336
0
        config->securityPolicies = NULL;
1337
0
    }
1338
1339
0
    UA_ByteString_memZero(&decryptedPrivateKey);
1340
0
    UA_ByteString_clear(&decryptedPrivateKey);
1341
0
    return UA_STATUSCODE_GOOD;
1342
0
}
1343
1344
UA_StatusCode
1345
UA_ServerConfig_addAllSecurityPolicies(UA_ServerConfig *config,
1346
                                       const UA_ByteString *certificate,
1347
0
                                       const UA_ByteString *privateKey) {
1348
0
    return addAllServerSecurityPolicies(config, certificate, privateKey, false);
1349
0
}
1350
1351
/* Always returns UA_STATUSCODE_GOOD. Logs a warning if policies could not be added. */
1352
UA_StatusCode
1353
UA_ServerConfig_addAllSecureSecurityPolicies(UA_ServerConfig *config,
1354
                                             const UA_ByteString *certificate,
1355
0
                                             const UA_ByteString *privateKey) {
1356
0
    return addAllServerSecurityPolicies(config, certificate, privateKey, true);
1357
0
}
1358
1359
UA_EXPORT UA_StatusCode
1360
UA_ServerConfig_setDefaultWithSecurityPolicies(UA_ServerConfig *conf,
1361
                                               UA_UInt16 portNumber,
1362
                                               const UA_ByteString *certificate,
1363
                                               const UA_ByteString *privateKey,
1364
                                               const UA_ByteString *trustList,
1365
                                               size_t trustListSize,
1366
                                               const UA_ByteString *issuerList,
1367
                                               size_t issuerListSize,
1368
                                               const UA_ByteString *revocationList,
1369
0
                                               size_t revocationListSize) {
1370
0
    UA_StatusCode retval = setDefaultConfig(conf, portNumber);
1371
0
    if(retval != UA_STATUSCODE_GOOD) {
1372
0
        UA_ServerConfig_clear(conf);
1373
0
        return retval;
1374
0
    }
1375
1376
0
    if(trustListSize > 0) {
1377
0
        UA_TrustListDataType list;
1378
0
        UA_TrustListDataType_init(&list);
1379
0
        list.specifiedLists |= UA_TRUSTLISTMASKS_TRUSTEDCERTIFICATES;
1380
0
        retval = UA_Array_copy(trustList, trustListSize,
1381
0
                               (void**)&list.trustedCertificates,
1382
0
                               &UA_TYPES[UA_TYPES_BYTESTRING]);
1383
0
        if(retval != UA_STATUSCODE_GOOD)
1384
0
            return retval;
1385
0
        list.trustedCertificatesSize = trustListSize;
1386
1387
0
        if(issuerListSize > 0) {
1388
0
            list.specifiedLists |= UA_TRUSTLISTMASKS_ISSUERCERTIFICATES;
1389
0
            retval = UA_Array_copy(issuerList, issuerListSize,
1390
0
                                   (void**)&list.issuerCertificates,
1391
0
                                   &UA_TYPES[UA_TYPES_BYTESTRING]);
1392
0
            if(retval != UA_STATUSCODE_GOOD) {
1393
0
                UA_TrustListDataType_clear(&list);
1394
0
                return retval;
1395
0
            }
1396
0
            list.issuerCertificatesSize = issuerListSize;
1397
0
        }
1398
1399
0
        if(revocationListSize > 0) {
1400
0
            list.specifiedLists |= UA_TRUSTLISTMASKS_TRUSTEDCRLS;
1401
0
            retval = UA_Array_copy(revocationList, revocationListSize,
1402
0
                                   (void**)&list.trustedCrls,
1403
0
                                   &UA_TYPES[UA_TYPES_BYTESTRING]);
1404
0
            if(retval != UA_STATUSCODE_GOOD) {
1405
0
                UA_TrustListDataType_clear(&list);
1406
0
                return retval;
1407
0
            }
1408
0
            list.trustedCrlsSize = revocationListSize;
1409
0
        }
1410
1411
        /* Set up the parameters */
1412
0
        UA_KeyValuePair params[2];
1413
0
        size_t paramsSize = 2;
1414
1415
0
        params[0].key = UA_QUALIFIEDNAME(0, "max-trust-listsize");
1416
0
        UA_Variant_setScalar(&params[0].value, &conf->maxTrustListSize,
1417
0
                             &UA_TYPES[UA_TYPES_UINT32]);
1418
0
        params[1].key = UA_QUALIFIEDNAME(0, "max-rejected-listsize");
1419
0
        UA_Variant_setScalar(&params[1].value, &conf->maxRejectedListSize,
1420
0
                             &UA_TYPES[UA_TYPES_UINT32]);
1421
1422
0
        UA_KeyValueMap paramsMap;
1423
0
        paramsMap.map = params;
1424
0
        paramsMap.mapSize = paramsSize;
1425
1426
0
        UA_NodeId defaultApplicationGroup =
1427
0
            UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTAPPLICATIONGROUP);
1428
0
        retval = UA_CertificateGroup_Memorystore(&conf->secureChannelPKI,
1429
0
                                                 &defaultApplicationGroup, &list,
1430
0
                                                 conf->logging, &paramsMap);
1431
0
        if(retval != UA_STATUSCODE_GOOD) {
1432
0
            UA_TrustListDataType_clear(&list);
1433
0
            return retval;
1434
0
        }
1435
1436
0
        UA_NodeId defaultUserTokenGroup =
1437
0
            UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTUSERTOKENGROUP);
1438
0
        retval = UA_CertificateGroup_Memorystore(&conf->sessionPKI,
1439
0
                                                 &defaultUserTokenGroup, &list,
1440
0
                                                 conf->logging, &paramsMap);
1441
0
        UA_TrustListDataType_clear(&list);
1442
0
        if(retval != UA_STATUSCODE_GOOD)
1443
0
            return retval;
1444
0
    } else {
1445
0
        UA_LOG_WARNING(conf->logging, UA_LOGCATEGORY_APPLICATION,
1446
0
                       "Empty trustlist passed. Leaving the previously "
1447
0
                       "configured certificate verification in place");
1448
0
    }
1449
1450
0
    retval = UA_ServerConfig_addAllSecurityPolicies(conf, certificate, privateKey);
1451
1452
    /* Reinitialize AccessControl to take the changed SecurityPolicies into account
1453
     * TODO: This looses username/pw during the reinitialization */
1454
0
    if(retval == UA_STATUSCODE_GOOD)
1455
0
        retval = UA_AccessControl_default(conf, true, NULL, 0, NULL);
1456
1457
0
    if(retval != UA_STATUSCODE_GOOD) {
1458
0
        UA_ServerConfig_clear(conf);
1459
0
        return retval;
1460
0
    }
1461
1462
0
    retval = UA_ServerConfig_addAllEndpoints(conf);
1463
0
    if(retval != UA_STATUSCODE_GOOD) {
1464
0
        UA_ServerConfig_clear(conf);
1465
0
        return retval;
1466
0
    }
1467
1468
0
    return UA_STATUSCODE_GOOD;
1469
0
}
1470
1471
UA_EXPORT UA_StatusCode
1472
UA_ServerConfig_setDefaultWithSecureSecurityPolicies(UA_ServerConfig *conf,
1473
                                               UA_UInt16 portNumber,
1474
                                               const UA_ByteString *certificate,
1475
                                               const UA_ByteString *privateKey,
1476
                                               const UA_ByteString *trustList,
1477
                                               size_t trustListSize,
1478
                                               const UA_ByteString *issuerList,
1479
                                               size_t issuerListSize,
1480
                                               const UA_ByteString *revocationList,
1481
0
                                               size_t revocationListSize) {
1482
0
    UA_StatusCode retval = setDefaultConfig(conf, portNumber);
1483
0
    if(retval != UA_STATUSCODE_GOOD) {
1484
0
        UA_ServerConfig_clear(conf);
1485
0
        return retval;
1486
0
    }
1487
1488
0
    if(trustListSize > 0) {
1489
0
        UA_TrustListDataType list;
1490
0
        UA_TrustListDataType_init(&list);
1491
0
        list.specifiedLists |= UA_TRUSTLISTMASKS_TRUSTEDCERTIFICATES;
1492
0
        retval = UA_Array_copy(trustList, trustListSize,
1493
0
                               (void**)&list.trustedCertificates,
1494
0
                               &UA_TYPES[UA_TYPES_BYTESTRING]);
1495
0
        if(retval != UA_STATUSCODE_GOOD)
1496
0
            return retval;
1497
0
        list.trustedCertificatesSize = trustListSize;
1498
1499
0
        if(issuerListSize > 0) {
1500
0
            list.specifiedLists |= UA_TRUSTLISTMASKS_ISSUERCERTIFICATES;
1501
0
            retval = UA_Array_copy(issuerList, issuerListSize,
1502
0
                                   (void**)&list.issuerCertificates,
1503
0
                                   &UA_TYPES[UA_TYPES_BYTESTRING]);
1504
0
            if(retval != UA_STATUSCODE_GOOD) {
1505
0
                UA_TrustListDataType_clear(&list);
1506
0
                return retval;
1507
0
            }
1508
0
            list.issuerCertificatesSize = issuerListSize;
1509
0
        }
1510
1511
0
        if(revocationListSize > 0) {
1512
0
            list.specifiedLists |= UA_TRUSTLISTMASKS_TRUSTEDCRLS;
1513
0
            retval = UA_Array_copy(revocationList, revocationListSize,
1514
0
                                   (void**)&list.trustedCrls,
1515
0
                                   &UA_TYPES[UA_TYPES_BYTESTRING]);
1516
0
            if(retval != UA_STATUSCODE_GOOD) {
1517
0
                UA_TrustListDataType_clear(&list);
1518
0
                return retval;
1519
0
            }
1520
0
            list.trustedCrlsSize = revocationListSize;
1521
0
        }
1522
1523
        /* Set up the parameters */
1524
0
        UA_KeyValuePair params[2];
1525
0
        size_t paramsSize = 2;
1526
1527
0
        params[0].key = UA_QUALIFIEDNAME(0, "max-trust-listsize");
1528
0
        UA_Variant_setScalar(&params[0].value, &conf->maxTrustListSize, &UA_TYPES[UA_TYPES_UINT32]);
1529
0
        params[1].key = UA_QUALIFIEDNAME(0, "max-rejected-listsize");
1530
0
        UA_Variant_setScalar(&params[1].value, &conf->maxRejectedListSize, &UA_TYPES[UA_TYPES_UINT32]);
1531
1532
0
        UA_KeyValueMap paramsMap;
1533
0
        paramsMap.map = params;
1534
0
        paramsMap.mapSize = paramsSize;
1535
1536
0
        UA_NodeId defaultApplicationGroup =
1537
0
            UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTAPPLICATIONGROUP);
1538
0
        retval = UA_CertificateGroup_Memorystore(&conf->secureChannelPKI, &defaultApplicationGroup,
1539
0
                                                 &list, conf->logging, &paramsMap);
1540
0
        if(retval != UA_STATUSCODE_GOOD) {
1541
0
            UA_TrustListDataType_clear(&list);
1542
0
            return retval;
1543
0
        }
1544
1545
0
        UA_NodeId defaultUserTokenGroup =
1546
0
            UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTUSERTOKENGROUP);
1547
0
        retval = UA_CertificateGroup_Memorystore(&conf->sessionPKI, &defaultUserTokenGroup,
1548
0
                                                 &list, conf->logging, &paramsMap);
1549
0
        if(retval != UA_STATUSCODE_GOOD) {
1550
0
            UA_TrustListDataType_clear(&list);
1551
0
            return retval;
1552
0
        }
1553
0
        UA_TrustListDataType_clear(&list);
1554
0
    } else {
1555
0
        UA_LOG_WARNING(conf->logging, UA_LOGCATEGORY_APPLICATION,
1556
0
                       "Empty trustlist passed. Leaving the previously "
1557
0
                       "configured certificate verification in place");
1558
0
    }
1559
1560
0
    retval = UA_ServerConfig_addAllSecureSecurityPolicies(conf, certificate, privateKey);
1561
1562
0
    if(retval == UA_STATUSCODE_GOOD) {
1563
0
        retval = UA_AccessControl_default(conf, false, NULL, 0, NULL);
1564
0
    }
1565
0
    if(retval != UA_STATUSCODE_GOOD) {
1566
0
        UA_ServerConfig_clear(conf);
1567
0
        return retval;
1568
0
    }
1569
1570
0
    retval = UA_ServerConfig_addAllSecureEndpoints(conf);
1571
0
    if(retval != UA_STATUSCODE_GOOD) {
1572
0
        UA_ServerConfig_clear(conf);
1573
0
        return retval;
1574
0
    }
1575
1576
0
    return UA_STATUSCODE_GOOD;
1577
0
}
1578
1579
#if defined(__linux__) || defined(UA_ARCHITECTURE_WIN32)
1580
1581
UA_StatusCode
1582
UA_ServerConfig_addSecurityPolicy_Filestore(UA_ServerConfig *config,
1583
                                            UA_SecurityPolicy *innerPolicy,
1584
0
                                            const UA_String storePath) {
1585
    /* Allocate the SecurityPolicies */
1586
0
    UA_SecurityPolicy *tmp = (UA_SecurityPolicy *)
1587
0
        UA_realloc(config->securityPolicies,
1588
0
                   sizeof(UA_SecurityPolicy) * (1 + config->securityPoliciesSize));
1589
0
    if(!tmp)
1590
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
1591
0
    config->securityPolicies = tmp;
1592
1593
0
    UA_StatusCode retval =
1594
0
        UA_SecurityPolicy_Filestore(&config->securityPolicies[config->securityPoliciesSize],
1595
0
                                    innerPolicy, storePath);
1596
0
    if(retval != UA_STATUSCODE_GOOD) {
1597
0
        if(config->securityPoliciesSize == 0) {
1598
0
            UA_free(config->securityPolicies);
1599
0
            config->securityPolicies = NULL;
1600
0
        }
1601
0
        return retval;
1602
0
    }
1603
1604
0
    config->securityPoliciesSize++;
1605
0
    return UA_STATUSCODE_GOOD;
1606
0
}
1607
1608
UA_StatusCode
1609
UA_ServerConfig_addSecurityPolicies_Filestore(UA_ServerConfig *config,
1610
                                              const UA_ByteString *certificate,
1611
                                              const UA_ByteString *privateKey,
1612
0
                                              const UA_String storePath) {
1613
0
    UA_StatusCode retval = UA_STATUSCODE_GOOD;
1614
0
    UA_Boolean onlySecure = false;
1615
0
    UA_Boolean onlyNone = false;
1616
1617
    /* Populate the SecurityPolicies */
1618
0
    UA_ByteString localCertificate = UA_BYTESTRING_NULL;
1619
0
    UA_ByteString localPrivateKey  = UA_BYTESTRING_NULL;
1620
1621
0
    if(certificate)
1622
0
        localCertificate = *certificate;
1623
0
    if(privateKey)
1624
0
        localPrivateKey = *privateKey;
1625
1626
0
    if(certificate && privateKey) {
1627
0
        size_t certificateKeyLength = 0;
1628
0
        if(UA_CertificateUtils_getKeySize((UA_ByteString*)(uintptr_t)certificate,
1629
0
                                          &certificateKeyLength) == UA_STATUSCODE_GOOD &&
1630
0
           certificateKeyLength > 2048)
1631
0
            onlySecure = true;
1632
0
    } else {
1633
0
        onlyNone = true;
1634
0
    }
1635
1636
    /* Load the private key and convert to the DER format. Use an empty password
1637
     * on the first try -- maybe the key does not require a password. */
1638
0
    UA_ByteString decryptedPrivateKey = UA_BYTESTRING_NULL;
1639
0
    UA_ByteString keyPassword = UA_BYTESTRING_NULL;
1640
0
    UA_StatusCode keySuccess = UA_STATUSCODE_GOOD;
1641
1642
0
    if(privateKey && privateKey->length > 0)
1643
0
        keySuccess = UA_CertificateUtils_decryptPrivateKey(localPrivateKey, keyPassword,
1644
0
                                              &decryptedPrivateKey);
1645
1646
    /* Get the password and decrypt. An application might want to loop / retry
1647
     * here to allow users to correct their entry. */
1648
0
    if(keySuccess != UA_STATUSCODE_GOOD) {
1649
0
        if(config->privateKeyPasswordCallback)
1650
0
            keySuccess = config->privateKeyPasswordCallback(config, &keyPassword);
1651
0
        else
1652
0
            keySuccess = readPrivateKeyPassword(&keyPassword);
1653
0
        if(keySuccess != UA_STATUSCODE_GOOD)
1654
0
            return keySuccess;
1655
0
        keySuccess = UA_CertificateUtils_decryptPrivateKey(localPrivateKey, keyPassword,
1656
0
                                              &decryptedPrivateKey);
1657
0
        UA_ByteString_memZero(&keyPassword);
1658
0
        UA_ByteString_clear(&keyPassword);
1659
0
    }
1660
0
    if(keySuccess != UA_STATUSCODE_GOOD)
1661
0
        return keySuccess;
1662
1663
0
    if(onlyNone) {
1664
        /* None */
1665
0
        UA_SecurityPolicy *nonePolicy =
1666
0
            (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy));
1667
0
        if(!nonePolicy) {
1668
0
            UA_ByteString_memZero(&decryptedPrivateKey);
1669
0
            UA_ByteString_clear(&decryptedPrivateKey);
1670
0
            return UA_STATUSCODE_BADOUTOFMEMORY;
1671
0
        }
1672
0
        retval = UA_SecurityPolicy_None(nonePolicy, localCertificate, config->logging);
1673
0
        if(retval != UA_STATUSCODE_GOOD) {
1674
0
            UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1675
0
                           "Could not add SecurityPolicy#None with error code %s",
1676
0
                           UA_StatusCode_name(retval));
1677
0
            nonePolicy->clear(nonePolicy);
1678
0
            UA_free(nonePolicy);
1679
0
            nonePolicy = NULL;
1680
0
        } else {
1681
0
            retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, nonePolicy, storePath);
1682
0
            if(retval != UA_STATUSCODE_GOOD) {
1683
0
                UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1684
0
                               "Could not add SecurityPolicy#None with error code %s",
1685
0
                               UA_StatusCode_name(retval));
1686
0
            }
1687
0
        }
1688
0
        UA_ByteString_memZero(&decryptedPrivateKey);
1689
0
        UA_ByteString_clear(&decryptedPrivateKey);
1690
0
        return retval;
1691
0
    }
1692
1693
    /* Basic256Sha256 */
1694
0
    UA_SecurityPolicy *basic256Sha256Policy =
1695
0
        (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy));
1696
0
    if(!basic256Sha256Policy) {
1697
0
        UA_ByteString_memZero(&decryptedPrivateKey);
1698
0
        UA_ByteString_clear(&decryptedPrivateKey);
1699
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
1700
0
    }
1701
0
    retval = UA_SecurityPolicy_Basic256Sha256(basic256Sha256Policy, localCertificate,
1702
0
                                              decryptedPrivateKey, config->logging);
1703
0
    if(retval != UA_STATUSCODE_GOOD) {
1704
0
        UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1705
0
                       "Could not add SecurityPolicy#Basic256Sha256 with error code %s",
1706
0
                       UA_StatusCode_name(retval));
1707
0
        basic256Sha256Policy->clear(basic256Sha256Policy);
1708
0
        UA_free(basic256Sha256Policy);
1709
0
        basic256Sha256Policy = NULL;
1710
0
    } else {
1711
0
        retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, basic256Sha256Policy, storePath);
1712
0
        if(retval != UA_STATUSCODE_GOOD) {
1713
0
            UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1714
0
                           "Could not add SecurityPolicy#Basic256Sha256 with error code %s",
1715
0
                           UA_StatusCode_name(retval));
1716
0
        }
1717
0
    }
1718
1719
    /* Aes256Sha256RsaPss */
1720
0
    UA_SecurityPolicy *aes256Sha256RsaPssPolicy =
1721
0
        (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy));
1722
0
    if(!aes256Sha256RsaPssPolicy) {
1723
0
        UA_ByteString_memZero(&decryptedPrivateKey);
1724
0
        UA_ByteString_clear(&decryptedPrivateKey);
1725
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
1726
0
    }
1727
0
    retval = UA_SecurityPolicy_Aes256Sha256RsaPss(aes256Sha256RsaPssPolicy, localCertificate,
1728
0
                                                  decryptedPrivateKey, config->logging);
1729
0
    if(retval != UA_STATUSCODE_GOOD) {
1730
0
        UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1731
0
                       "Could not add SecurityPolicy#Aes256Sha256RsaPss with error code %s",
1732
0
                       UA_StatusCode_name(retval));
1733
0
        aes256Sha256RsaPssPolicy->clear(aes256Sha256RsaPssPolicy);
1734
0
        UA_free(aes256Sha256RsaPssPolicy);
1735
0
        aes256Sha256RsaPssPolicy = NULL;
1736
0
    } else {
1737
0
        retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, aes256Sha256RsaPssPolicy, storePath);
1738
0
        if(retval != UA_STATUSCODE_GOOD) {
1739
0
            UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1740
0
                           "Could not add SecurityPolicy#Aes256Sha256RsaPss with error code %s",
1741
0
                           UA_StatusCode_name(retval));
1742
0
        }
1743
0
    }
1744
1745
    /* Aes128Sha256RsaOaep */
1746
0
    UA_SecurityPolicy *aes128Sha256RsaOaepPolicy =
1747
0
        (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy));
1748
0
    if(!aes128Sha256RsaOaepPolicy) {
1749
0
        UA_ByteString_memZero(&decryptedPrivateKey);
1750
0
        UA_ByteString_clear(&decryptedPrivateKey);
1751
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
1752
0
    }
1753
0
    retval = UA_SecurityPolicy_Aes128Sha256RsaOaep(aes128Sha256RsaOaepPolicy, localCertificate,
1754
0
                                                   decryptedPrivateKey, config->logging);
1755
0
    if(retval != UA_STATUSCODE_GOOD) {
1756
0
        UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1757
0
                       "Could not add SecurityPolicy#Aes128Sha256RsaOaep with error code %s",
1758
0
                       UA_StatusCode_name(retval));
1759
0
        aes128Sha256RsaOaepPolicy->clear(aes128Sha256RsaOaepPolicy);
1760
0
        UA_free(aes128Sha256RsaOaepPolicy);
1761
0
        aes128Sha256RsaOaepPolicy = NULL;
1762
0
    } else {
1763
0
        retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, aes128Sha256RsaOaepPolicy, storePath);
1764
0
        if(retval != UA_STATUSCODE_GOOD) {
1765
0
            UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1766
0
                           "Could not add SecurityPolicy#Aes128Sha256RsaOaep with error code %s",
1767
0
                           UA_StatusCode_name(retval));
1768
0
        }
1769
0
    }
1770
1771
0
    if(onlySecure) {
1772
0
        UA_ByteString_memZero(&decryptedPrivateKey);
1773
0
        UA_ByteString_clear(&decryptedPrivateKey);
1774
0
        return UA_STATUSCODE_GOOD;
1775
0
    }
1776
1777
    /* None */
1778
0
    UA_SecurityPolicy *nonePolicy =
1779
0
        (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy));
1780
0
    if(!nonePolicy) {
1781
0
        UA_ByteString_memZero(&decryptedPrivateKey);
1782
0
        UA_ByteString_clear(&decryptedPrivateKey);
1783
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
1784
0
    }
1785
0
    retval = UA_SecurityPolicy_None(nonePolicy, localCertificate, config->logging);
1786
0
    if(retval != UA_STATUSCODE_GOOD) {
1787
0
        UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1788
0
                       "Could not add SecurityPolicy#None with error code %s",
1789
0
                       UA_StatusCode_name(retval));
1790
0
        nonePolicy->clear(nonePolicy);
1791
0
        UA_free(nonePolicy);
1792
0
        nonePolicy = NULL;
1793
0
    } else {
1794
0
        retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, nonePolicy, storePath);
1795
0
        if(retval != UA_STATUSCODE_GOOD) {
1796
0
            UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1797
0
                           "Could not add SecurityPolicy#None with error code %s",
1798
0
                           UA_StatusCode_name(retval));
1799
0
        }
1800
0
    }
1801
1802
    /* Basic128Rsa15 */
1803
0
    UA_SecurityPolicy *basic128Rsa15Policy =
1804
0
        (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy));
1805
0
    if(!basic128Rsa15Policy) {
1806
0
        UA_ByteString_memZero(&decryptedPrivateKey);
1807
0
        UA_ByteString_clear(&decryptedPrivateKey);
1808
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
1809
0
    }
1810
0
    retval = UA_SecurityPolicy_Basic128Rsa15(basic128Rsa15Policy, localCertificate,
1811
0
                                             decryptedPrivateKey, config->logging);
1812
0
    if(retval != UA_STATUSCODE_GOOD) {
1813
0
        UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1814
0
                       "Could not add SecurityPolicy#Basic128Rsa15 with error code %s",
1815
0
                       UA_StatusCode_name(retval));
1816
0
        basic128Rsa15Policy->clear(basic128Rsa15Policy);
1817
0
        UA_free(basic128Rsa15Policy);
1818
0
        basic128Rsa15Policy = NULL;
1819
0
    } else {
1820
0
        retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, basic128Rsa15Policy, storePath);
1821
0
        if(retval != UA_STATUSCODE_GOOD) {
1822
0
            UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1823
0
                           "Could not add SecurityPolicy#Basic128Rsa15 with error code %s",
1824
0
                           UA_StatusCode_name(retval));
1825
0
        }
1826
0
    }
1827
1828
    /* Basic256 */
1829
0
    UA_SecurityPolicy *basic256Policy =
1830
0
        (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy));
1831
0
    if(!basic256Policy) {
1832
0
        UA_ByteString_memZero(&decryptedPrivateKey);
1833
0
        UA_ByteString_clear(&decryptedPrivateKey);
1834
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
1835
0
    }
1836
0
    retval = UA_SecurityPolicy_Basic256(basic256Policy, localCertificate,
1837
0
                                        decryptedPrivateKey, config->logging);
1838
0
    if(retval != UA_STATUSCODE_GOOD) {
1839
0
        UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1840
0
                       "Could not add SecurityPolicy#Basic256 with error code %s",
1841
0
                       UA_StatusCode_name(retval));
1842
0
        basic256Policy->clear(basic256Policy);
1843
0
        UA_free(basic256Policy);
1844
0
        basic256Policy = NULL;
1845
0
    } else {
1846
0
        retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, basic256Policy, storePath);
1847
0
        if(retval != UA_STATUSCODE_GOOD) {
1848
0
            UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1849
0
                           "Could not add SecurityPolicy#Basic256 with error code %s",
1850
0
                           UA_StatusCode_name(retval));
1851
0
        }
1852
0
    }
1853
1854
    /* EccNistP256AesGcm (OpenSSL-only AEAD policy) */
1855
#if defined(UA_ENABLE_ENCRYPTION_OPENSSL)
1856
    UA_SecurityPolicy *eccnistp256AesGcmPolicy =
1857
        (UA_SecurityPolicy*)UA_calloc(1, sizeof(UA_SecurityPolicy));
1858
    if(!eccnistp256AesGcmPolicy) {
1859
        UA_ByteString_memZero(&decryptedPrivateKey);
1860
        UA_ByteString_clear(&decryptedPrivateKey);
1861
        return UA_STATUSCODE_BADOUTOFMEMORY;
1862
    }
1863
    retval = UA_SecurityPolicy_EccNistP256AesGcm(eccnistp256AesGcmPolicy,
1864
                                                  UA_APPLICATIONTYPE_SERVER,
1865
                                                  localCertificate, decryptedPrivateKey,
1866
                                                  config->logging);
1867
    if(retval != UA_STATUSCODE_GOOD) {
1868
        UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1869
                       "Could not add SecurityPolicy#ECC_nistP256_AesGcm with error code %s",
1870
                       UA_StatusCode_name(retval));
1871
        eccnistp256AesGcmPolicy->clear(eccnistp256AesGcmPolicy);
1872
        UA_free(eccnistp256AesGcmPolicy);
1873
        eccnistp256AesGcmPolicy = NULL;
1874
    } else {
1875
        retval = UA_ServerConfig_addSecurityPolicy_Filestore(config, eccnistp256AesGcmPolicy, storePath);
1876
        if(retval != UA_STATUSCODE_GOOD) {
1877
            UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_APPLICATION,
1878
                           "Could not add SecurityPolicy#ECC_nistP256_AesGcm with error code %s",
1879
                           UA_StatusCode_name(retval));
1880
        }
1881
    }
1882
#endif
1883
1884
    /* The non-AEAD ECC SecurityPolicies (EccNistP256/P384,
1885
     * EccBrainpoolP256r1/P384r1) are deprecated (OPC UA Part 7), superseded by
1886
     * their *_AesGcm / *_ChaChaPoly variants. They are not part of the default
1887
     * policy set; use the UA_ServerConfig_addSecurityPolicyEcc* functions to add
1888
     * them explicitly. */
1889
1890
0
    UA_ByteString_memZero(&decryptedPrivateKey);
1891
0
    UA_ByteString_clear(&decryptedPrivateKey);
1892
0
    return UA_STATUSCODE_GOOD;
1893
0
}
1894
1895
UA_EXPORT UA_StatusCode
1896
UA_ServerConfig_setDefaultWithFilestore(UA_ServerConfig *conf,
1897
                                        UA_UInt16 portNumber,
1898
                                        const UA_ByteString *certificate,
1899
                                        const UA_ByteString *privateKey,
1900
0
                                        const UA_String storePath) {
1901
0
    UA_StatusCode retval = setDefaultConfig(conf, portNumber);
1902
0
    if(retval != UA_STATUSCODE_GOOD) {
1903
0
        return retval;
1904
0
    }
1905
1906
0
    if(!storePath.data) {
1907
0
        UA_LOG_ERROR(conf->logging, UA_LOGCATEGORY_APPLICATION,
1908
0
                     "The path to a PKI folder has not been specified");
1909
0
        return UA_STATUSCODE_BADINVALIDARGUMENT;
1910
0
    }
1911
1912
    /* Set up the parameters */
1913
0
    UA_KeyValuePair params[2];
1914
0
    size_t paramsSize = 2;
1915
1916
0
    params[0].key = UA_QUALIFIEDNAME(0, "max-trust-listsize");
1917
0
    UA_Variant_setScalar(&params[0].value, &conf->maxTrustListSize, &UA_TYPES[UA_TYPES_UINT32]);
1918
0
    params[1].key = UA_QUALIFIEDNAME(0, "max-rejected-listsize");
1919
0
    UA_Variant_setScalar(&params[1].value, &conf->maxRejectedListSize, &UA_TYPES[UA_TYPES_UINT32]);
1920
1921
0
    UA_KeyValueMap paramsMap;
1922
0
    paramsMap.map = params;
1923
0
    paramsMap.mapSize = paramsSize;
1924
1925
0
    UA_NodeId defaultApplicationGroup =
1926
0
            UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTAPPLICATIONGROUP);
1927
0
    retval = UA_CertificateGroup_Filestore(&conf->secureChannelPKI, &defaultApplicationGroup,
1928
0
                                           storePath, conf->logging, &paramsMap);
1929
0
    if(retval != UA_STATUSCODE_GOOD)
1930
0
        return retval;
1931
1932
0
    UA_NodeId defaultUserTokenGroup =
1933
0
            UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTUSERTOKENGROUP);
1934
0
    retval = UA_CertificateGroup_Filestore(&conf->sessionPKI, &defaultUserTokenGroup,
1935
0
                                           storePath, conf->logging, &paramsMap);
1936
0
    if(retval != UA_STATUSCODE_GOOD)
1937
0
        return retval;
1938
1939
0
    retval = UA_ServerConfig_addSecurityPolicies_Filestore(conf, certificate, privateKey, storePath);
1940
1941
0
    if(retval == UA_STATUSCODE_GOOD) {
1942
0
        retval = UA_AccessControl_default(conf, true, NULL, 0, NULL);
1943
0
    }
1944
1945
0
    if(retval == UA_STATUSCODE_GOOD) {
1946
0
        retval = UA_ServerConfig_addAllEndpoints(conf);
1947
0
    }
1948
1949
0
    return retval;
1950
0
}
1951
1952
#endif /* defined(__linux__) || defined(UA_ARCHITECTURE_WIN32) */
1953
1954
#endif /* UA_ENABLE_ENCRYPTION */
1955
1956
#if defined(UA_ENABLE_DISCOVERY) || defined(UA_ENABLE_AMALGAMATION)
1957
1958
/***************************/
1959
/* Default Client Settings */
1960
/***************************/
1961
1962
40
UA_Client * UA_Client_new(void) {
1963
40
    UA_ClientConfig config;
1964
40
    memset(&config, 0, sizeof(UA_ClientConfig));
1965
    /* Set up basic usable config including logger and event loop */
1966
40
    UA_StatusCode res = UA_ClientConfig_setDefault(&config);
1967
40
    if(res != UA_STATUSCODE_GOOD)
1968
0
        return NULL;
1969
40
    return UA_Client_newWithConfig(&config);
1970
40
}
1971
1972
#if defined(UA_ARCHITECTURE_POSIX) || defined(UA_ARCHITECTURE_WIN32) || defined(UA_ARCHITECTURE_ZEPHYR)
1973
1974
struct ClientInterruptContext {
1975
    UA_Client *client;
1976
    UA_Boolean running;
1977
};
1978
1979
static void
1980
interruptClient(UA_InterruptManager *im, uintptr_t interruptHandle,
1981
0
                void *context, const UA_KeyValueMap *parameters) {
1982
0
    struct ClientInterruptContext *ic = (struct ClientInterruptContext*)context;
1983
0
    UA_ClientConfig *config = UA_Client_getConfig(ic->client);
1984
0
    UA_LOG_INFO(config->logging, UA_LOGCATEGORY_APPLICATION, "Stopping the client");
1985
0
    ic->running = false;
1986
0
}
1987
1988
UA_StatusCode
1989
0
UA_Client_runUntilInterrupt(UA_Client *client) {
1990
0
    if(!client)
1991
0
        return UA_STATUSCODE_BADINTERNALERROR;
1992
0
    UA_ClientConfig *config = UA_Client_getConfig(client);
1993
0
    UA_EventLoop *el = config->eventLoop;
1994
0
    if(!el)
1995
0
        return UA_STATUSCODE_BADINTERNALERROR;
1996
1997
    /* Get the interrupt manager */
1998
0
    UA_EventSource *es = el->eventSources;
1999
0
    while(es) {
2000
0
        if(es->eventSourceType == UA_EVENTSOURCETYPE_INTERRUPTMANAGER)
2001
0
            break;
2002
0
        es = es->next;
2003
0
    }
2004
0
    if(!es) {
2005
0
        UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION,
2006
0
                       "No Interrupt EventSource configured");
2007
0
        return UA_STATUSCODE_BADINTERNALERROR;
2008
0
    }
2009
0
    UA_InterruptManager *im = (UA_InterruptManager*)es;
2010
2011
    /* Register the interrupt */
2012
0
    struct ClientInterruptContext ic;
2013
0
    ic.client = client;
2014
0
    ic.running = true;
2015
0
    UA_StatusCode res =
2016
0
        im->registerInterrupt(im, SIGINT, &UA_KEYVALUEMAP_NULL,
2017
0
                              interruptClient, &ic);
2018
0
    if(res != UA_STATUSCODE_GOOD) {
2019
0
        UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION,
2020
0
                     "Could not register the interrupt with status code %s",
2021
0
                     UA_StatusCode_name(res));
2022
0
        return res;
2023
0
    }
2024
2025
    /* Run the client */
2026
0
    while(ic.running) {
2027
0
        res = UA_Client_run_iterate(client, 100);
2028
0
        if(res != UA_STATUSCODE_GOOD)
2029
0
            break;
2030
0
    }
2031
2032
    /* Deregister the interrupt */
2033
0
    im->deregisterInterrupt(im, SIGINT);
2034
0
    return res;
2035
0
}
2036
2037
#endif /* defined(UA_ARCHITECTURE_POSIX) || defined(UA_ARCHITECTURE_WIN32) */
2038
2039
UA_StatusCode
2040
40
UA_ClientConfig_setDefault(UA_ClientConfig *config) {
2041
    /* The following fields are untouched and OK to leave as NULL or 0:
2042
     *  clientContext
2043
     *  userIdentityToken
2044
     *  securityMode
2045
     *  securityPolicyUri
2046
     *  endpoint
2047
     *  userTokenPolicy
2048
     *  customDataTypes
2049
     *  connectivityCheckInterval
2050
     *  stateCallback
2051
     *  inactivityCallback
2052
     *  outStandingPublishRequests
2053
     *  subscriptionInactivityCallback
2054
     *  sessionLocaleIds
2055
     *  sessionLocaleIdsSize */
2056
2057
40
    if(config->timeout == 0)
2058
40
        config->timeout = 5 * 1000; /* 5 seconds */
2059
40
    if(config->secureChannelLifeTime == 0)
2060
40
        config->secureChannelLifeTime = 10 * 60 * 1000; /* 10 minutes */
2061
2062
40
    if(config->logging == NULL)
2063
40
        config->logging = UA_Log_Stdout_new(UA_LOGLEVEL_INFO);
2064
2065
    /* EventLoop */
2066
40
    if(config->eventLoop == NULL) {
2067
#if defined(UA_ARCHITECTURE_ZEPHYR)
2068
        config->eventLoop = UA_EventLoop_new_Zephyr(config->logging);
2069
#elif defined(UA_ARCHITECTURE_LWIP)
2070
        config->eventLoop = UA_EventLoop_new_LWIP(config->logging, NULL);
2071
#else
2072
40
        config->eventLoop = UA_EventLoop_new_POSIX(config->logging);
2073
40
#endif
2074
40
        config->externalEventLoop = false;
2075
2076
        /* Add the TCP connection manager */
2077
#if defined(UA_ARCHITECTURE_ZEPHYR)
2078
        UA_ConnectionManager *tcpCM =
2079
            UA_ConnectionManager_new_Zephyr_TCP(UA_STRING("tcp connection manager"));
2080
#elif defined(UA_ARCHITECTURE_LWIP)
2081
        UA_ConnectionManager *tcpCM =
2082
            UA_ConnectionManager_new_LWIP_TCP(UA_STRING("tcp connection manager"));
2083
#else
2084
40
        UA_ConnectionManager *tcpCM =
2085
40
            UA_ConnectionManager_new_POSIX_TCP(UA_STRING("tcp connection manager"));
2086
40
#endif
2087
40
        config->eventLoop->registerEventSource(config->eventLoop, (UA_EventSource *)tcpCM);
2088
2089
#if defined(UA_ARCHITECTURE_LWIP)
2090
        UA_ConnectionManager *udpCM =
2091
            UA_ConnectionManager_new_LWIP_UDP(UA_STRING("udp connection manager"));
2092
        if(udpCM)
2093
            config->eventLoop->registerEventSource(config->eventLoop, (UA_EventSource *)udpCM);
2094
#elif !defined(UA_ARCHITECTURE_ZEPHYR)
2095
        /* Add the UDP connection manager */
2096
40
        UA_ConnectionManager *udpCM =
2097
40
            UA_ConnectionManager_new_POSIX_UDP(UA_STRING("udp connection manager"));
2098
40
        config->eventLoop->registerEventSource(config->eventLoop, (UA_EventSource *)udpCM);
2099
40
#endif
2100
2101
40
#if !defined(UA_ARCHITECTURE_ZEPHYR) && !defined(UA_ARCHITECTURE_LWIP)
2102
        /* Add the interrupt manager */
2103
40
        UA_InterruptManager *im = UA_InterruptManager_new_POSIX(UA_STRING("interrupt manager"));
2104
40
        if(im) {
2105
40
            config->eventLoop->registerEventSource(config->eventLoop, &im->eventSource);
2106
40
        } else {
2107
0
            UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION,
2108
0
                         "Cannot create the Interrupt Manager (only relevant if used)");
2109
0
        }
2110
40
#endif
2111
40
    }
2112
2113
40
    if(config->localConnectionConfig.recvBufferSize == 0)
2114
40
        config->localConnectionConfig = UA_ConnectionConfig_default;
2115
2116
40
    if(!config->certificateVerification.logging) {
2117
40
        config->certificateVerification.logging = config->logging;
2118
40
    }
2119
2120
40
#ifdef UA_ENABLE_ENCRYPTION
2121
    /* Limits for TrustList */
2122
40
    config->maxTrustListSize = 0;
2123
40
    config->maxRejectedListSize = 0;
2124
40
#endif
2125
2126
40
    if(!config->certificateVerification.verifyCertificate) {
2127
        /* Certificate Verification that accepts every certificate. Can be
2128
         * overwritten when the policy is specialized. */
2129
40
        UA_CertificateGroup_AcceptAll(&config->certificateVerification);
2130
40
    }
2131
2132
    /* With encryption enabled, the applicationUri needs to match the URI from
2133
     * the certificate */
2134
40
    if(!config->clientDescription.applicationUri.data)
2135
40
        config->clientDescription.applicationUri = UA_STRING_ALLOC(APPLICATION_URI);
2136
40
    if(config->clientDescription.applicationType == 0)
2137
40
        config->clientDescription.applicationType = UA_APPLICATIONTYPE_CLIENT;
2138
2139
40
    if(config->securityPoliciesSize == 0) {
2140
40
        config->securityPolicies = (UA_SecurityPolicy*)UA_malloc(sizeof(UA_SecurityPolicy));
2141
40
        if(!config->securityPolicies)
2142
0
            return UA_STATUSCODE_BADOUTOFMEMORY;
2143
40
        UA_StatusCode retval = UA_SecurityPolicy_None(config->securityPolicies,
2144
40
                                                      UA_BYTESTRING_NULL, config->logging);
2145
40
        if(retval != UA_STATUSCODE_GOOD) {
2146
0
            UA_free(config->securityPolicies);
2147
0
            config->securityPolicies = NULL;
2148
0
            return retval;
2149
0
        }
2150
40
        config->securityPoliciesSize = 1;
2151
40
    }
2152
2153
40
    if(config->requestedSessionTimeout == 0)
2154
40
        config->requestedSessionTimeout = 1200000;
2155
2156
40
#ifdef UA_ENABLE_SUBSCRIPTIONS
2157
40
    if(config->outStandingPublishRequests == 0)
2158
40
        config->outStandingPublishRequests = 10;
2159
40
#endif
2160
2161
40
    return UA_STATUSCODE_GOOD;
2162
40
}
2163
2164
#ifdef UA_ENABLE_ENCRYPTION
2165
2166
static UA_StatusCode
2167
clientConfig_setAuthenticationSecurityPolicies(UA_ClientConfig *config,
2168
                                               UA_ByteString certificateAuth,
2169
0
                                               UA_ByteString privateKeyAuth) {
2170
0
    for(size_t i = 0; i < config->authSecurityPoliciesSize; i++) {
2171
0
        config->authSecurityPolicies[i].clear(&config->authSecurityPolicies[i]);
2172
0
    }
2173
2174
0
    UA_SecurityPolicy *sp = (UA_SecurityPolicy*)
2175
0
        UA_realloc(config->authSecurityPolicies, sizeof(UA_SecurityPolicy) * SECURITY_POLICY_SIZE);
2176
0
    if(!sp)
2177
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
2178
0
    config->authSecurityPolicies = sp;
2179
0
    config->authSecurityPoliciesSize = 0;
2180
2181
0
    addAllSecurityPolicies(sp, &config->authSecurityPoliciesSize,
2182
0
                           certificateAuth, privateKeyAuth, false,
2183
0
                           UA_APPLICATIONTYPE_CLIENT, config->logging);
2184
2185
0
    if(config->authSecurityPoliciesSize == 0) {
2186
0
        UA_free(config->authSecurityPolicies);
2187
0
        config->authSecurityPolicies = NULL;
2188
0
    }
2189
2190
0
    return UA_STATUSCODE_GOOD;
2191
0
}
2192
2193
static UA_StatusCode
2194
clientConfig_setSecurityPolicies(UA_ClientConfig *config,
2195
                                 UA_ByteString certificateAuth,
2196
0
                                 UA_ByteString privateKeyAuth) {
2197
0
    for(size_t i = 0; i < config->securityPoliciesSize; i++) {
2198
0
        config->securityPolicies[i].clear(&config->securityPolicies[i]);
2199
0
    }
2200
2201
0
    UA_SecurityPolicy *sp = (UA_SecurityPolicy*)
2202
0
        UA_realloc(config->securityPolicies,
2203
0
                   sizeof(UA_SecurityPolicy) * SECURITY_POLICY_SIZE);
2204
0
    if(!sp)
2205
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
2206
0
    config->securityPolicies = sp;
2207
0
    config->securityPoliciesSize = 0;
2208
2209
0
    addAllSecurityPolicies(sp, &config->securityPoliciesSize,
2210
0
                           certificateAuth, privateKeyAuth, false,
2211
0
                           UA_APPLICATIONTYPE_CLIENT, config->logging);
2212
2213
0
    if(config->securityPoliciesSize == 0) {
2214
0
        UA_free(config->securityPolicies);
2215
0
        config->securityPolicies = NULL;
2216
0
    }
2217
2218
0
    return UA_STATUSCODE_GOOD;
2219
0
}
2220
2221
UA_StatusCode
2222
UA_ClientConfig_setDefaultEncryption(UA_ClientConfig *config,
2223
                                     UA_ByteString localCertificate, UA_ByteString privateKey,
2224
                                     const UA_ByteString *trustList, size_t trustListSize,
2225
0
                                     const UA_ByteString *revocationList, size_t revocationListSize) {
2226
0
    UA_StatusCode retval = UA_ClientConfig_setDefault(config);
2227
0
    if(retval != UA_STATUSCODE_GOOD)
2228
0
        return retval;
2229
2230
0
    if(trustListSize > 0) {
2231
0
        UA_TrustListDataType list;
2232
0
        UA_TrustListDataType_init(&list);
2233
0
        list.specifiedLists |= UA_TRUSTLISTMASKS_TRUSTEDCERTIFICATES;
2234
0
        retval = UA_Array_copy(trustList, trustListSize,
2235
0
                               (void**)&list.trustedCertificates,
2236
0
                               &UA_TYPES[UA_TYPES_BYTESTRING]);
2237
0
        if(retval != UA_STATUSCODE_GOOD)
2238
0
            return retval;
2239
0
        list.trustedCertificatesSize = trustListSize;
2240
2241
0
        if(revocationListSize > 0) {
2242
0
            list.specifiedLists |= UA_TRUSTLISTMASKS_TRUSTEDCRLS;
2243
0
            retval = UA_Array_copy(revocationList, revocationListSize,
2244
0
                                   (void**)&list.trustedCrls,
2245
0
                                   &UA_TYPES[UA_TYPES_BYTESTRING]);
2246
0
            if(retval != UA_STATUSCODE_GOOD) {
2247
0
                UA_TrustListDataType_clear(&list);
2248
0
                return retval;
2249
0
            }
2250
0
            list.trustedCrlsSize = revocationListSize;
2251
0
        }
2252
2253
        /* Set up the parameters */
2254
0
        UA_KeyValuePair params[2];
2255
0
        size_t paramsSize = 2;
2256
2257
0
        params[0].key = UA_QUALIFIEDNAME(0, "max-trust-listsize");
2258
0
        UA_Variant_setScalar(&params[0].value, &config->maxTrustListSize,
2259
0
                             &UA_TYPES[UA_TYPES_UINT32]);
2260
0
        params[1].key = UA_QUALIFIEDNAME(0, "max-rejected-listsize");
2261
0
        UA_Variant_setScalar(&params[1].value, &config->maxRejectedListSize,
2262
0
                             &UA_TYPES[UA_TYPES_UINT32]);
2263
2264
0
        UA_KeyValueMap paramsMap;
2265
0
        paramsMap.map = params;
2266
0
        paramsMap.mapSize = paramsSize;
2267
2268
0
        if(config->certificateVerification.clear)
2269
0
            config->certificateVerification.clear(&config->certificateVerification);
2270
0
        UA_NodeId defaultApplicationGroup =
2271
0
            UA_NS0ID(SERVERCONFIGURATION_CERTIFICATEGROUPS_DEFAULTAPPLICATIONGROUP);
2272
0
        retval = UA_CertificateGroup_Memorystore(&config->certificateVerification,
2273
0
                                                 &defaultApplicationGroup, &list,
2274
0
                                                 config->logging, &paramsMap);
2275
0
        UA_TrustListDataType_clear(&list);
2276
0
        if(retval != UA_STATUSCODE_GOOD)
2277
0
            return retval;
2278
0
    } else {
2279
0
        UA_LOG_WARNING(config->logging, UA_LOGCATEGORY_SECURITYPOLICY,
2280
0
                       "Empty trustlist passed. Leaving the previously "
2281
0
                       "configured certificate verification in place");
2282
0
    }
2283
2284
    /* Load the private key and convert to the DER format. Use an empty password
2285
     * on the first try -- maybe the key does not require a password. */
2286
0
    UA_ByteString decryptedPrivateKey = UA_BYTESTRING_NULL;
2287
0
    UA_ByteString keyPassword = UA_BYTESTRING_NULL;
2288
0
    UA_StatusCode keySuccess = UA_STATUSCODE_GOOD;
2289
2290
0
    if(privateKey.length > 0)
2291
0
        keySuccess = UA_CertificateUtils_decryptPrivateKey(privateKey, keyPassword,
2292
0
                                                           &decryptedPrivateKey);
2293
2294
    /* Get the password and decrypt. An application might want to loop / retry
2295
     * here to allow users to correct their entry. */
2296
0
    if(keySuccess != UA_STATUSCODE_GOOD) {
2297
0
        if(config->privateKeyPasswordCallback)
2298
0
            keySuccess = config->privateKeyPasswordCallback(config, &keyPassword);
2299
0
        else
2300
0
            keySuccess = readPrivateKeyPassword(&keyPassword);
2301
0
        if(keySuccess != UA_STATUSCODE_GOOD)
2302
0
            return keySuccess;
2303
0
        keySuccess = UA_CertificateUtils_decryptPrivateKey(privateKey, keyPassword, &decryptedPrivateKey);
2304
0
        UA_ByteString_memZero(&keyPassword);
2305
0
        UA_ByteString_clear(&keyPassword);
2306
0
    }
2307
0
    if(keySuccess != UA_STATUSCODE_GOOD)
2308
0
        return keySuccess;
2309
2310
0
    clientConfig_setSecurityPolicies(config, localCertificate, decryptedPrivateKey);
2311
0
    clientConfig_setAuthenticationSecurityPolicies(config, localCertificate, decryptedPrivateKey);
2312
2313
0
    UA_ByteString_memZero(&decryptedPrivateKey);
2314
0
    UA_ByteString_clear(&decryptedPrivateKey);
2315
2316
0
    return UA_STATUSCODE_GOOD;
2317
0
}
2318
#endif
2319
2320
#if defined(UA_ENABLE_ENCRYPTION_OPENSSL) || defined(UA_ENABLE_ENCRYPTION_MBEDTLS)
2321
UA_StatusCode
2322
UA_ClientConfig_setAuthenticationCert(UA_ClientConfig *config,
2323
                                      UA_ByteString certificateAuth,
2324
0
                                      UA_ByteString privateKeyAuth) {
2325
#ifdef UA_ENABLE_ENCRYPTION_LIBRESSL
2326
    UA_LOG_ERROR(config->logging, UA_LOGCATEGORY_APPLICATION,
2327
                 "Certificate authentication with LibreSSL as crypto backend is not supported.");
2328
    return UA_STATUSCODE_BADNOTIMPLEMENTED;
2329
#endif
2330
2331
    /* Create UserIdentityToken */
2332
0
    UA_X509IdentityToken* identityToken = UA_X509IdentityToken_new();
2333
0
    if(!identityToken)
2334
0
        return UA_STATUSCODE_BADOUTOFMEMORY;
2335
    /* Don't set identityToken->policyId. This is taken from the appropriate
2336
     * endpoint at runtime. */
2337
0
    UA_StatusCode retval = UA_ByteString_copy(&certificateAuth, &identityToken->certificateData);
2338
0
    if(retval != UA_STATUSCODE_GOOD)
2339
0
        return retval;
2340
0
    UA_ExtensionObject_clear(&config->userIdentityToken);
2341
0
    config->userIdentityToken.encoding = UA_EXTENSIONOBJECT_DECODED;
2342
0
    config->userIdentityToken.content.decoded.type = &UA_TYPES[UA_TYPES_X509IDENTITYTOKEN];
2343
0
    config->userIdentityToken.content.decoded.data = identityToken;
2344
2345
    /* Populate SecurityPolicies */
2346
0
    return clientConfig_setAuthenticationSecurityPolicies(config, certificateAuth, privateKeyAuth);
2347
0
}
2348
#endif
2349
2350
#endif /* UA_ENABLE_DISCOVERY OR UA_ENABLE_AMALGAMATION*/