Skip to content

Commit 350ef18

Browse files
starturtleoroulet
starturtle
authored and
oroulet
committed
Update client.py
#778 PolicyId for an authentication certificate should match the one inside the certificate.
1 parent f567c95 commit 350ef18

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

opcua/client/client.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -469,16 +469,17 @@ def _add_anonymous_auth(self, params):
469469

470470
def _add_certificate_auth(self, params, certificate, challenge):
471471
params.UserIdentityToken = ua.X509IdentityToken()
472-
params.UserIdentityToken.PolicyId = self.server_policy_id(ua.UserTokenType.Certificate, "certificate_basic256")
473472
params.UserIdentityToken.CertificateData = uacrypto.der_from_x509(certificate)
474473
# specs part 4, 5.6.3.1: the data to sign is created by appending
475474
# the last serverNonce to the serverCertificate
476475
params.UserTokenSignature = ua.SignatureData()
477476
if certificate.signature_hash_algorithm.name == "sha256":
477+
params.UserIdentityToken.PolicyId = self.server_policy_id(ua.UserTokenType.Certificate, "certificate_basic256sha256")
478478
sig = uacrypto.sign_sha256(self.user_private_key, challenge)
479479
params.UserTokenSignature.Algorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
480480
params.UserTokenSignature.Signature = sig
481481
else:
482+
params.UserIdentityToken.PolicyId = self.server_policy_id(ua.UserTokenType.Certificate, "certificate_basic256")
482483
sig = uacrypto.sign_sha1(self.user_private_key, challenge)
483484
params.UserTokenSignature.Algorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
484485
params.UserTokenSignature.Signature = sig

0 commit comments

Comments
 (0)