feat(binding-opcua): Add channel security support #1401#1415
Conversation
erossignon
requested review from
JKRhb,
danielpeintner and
relu91
as code owners
|
Waiting for #1417 to be completed |
erossignon
force-pushed
the
feat/binding_opcua_set_security_1401
branch
2 times, most recently
from
7acf786 to
cce16ef
Compare
Implements OPC UA channel security by allowing the configuration of
security mode and policy and authentication
This change introduces a certificate manager to handle client-side certificates.
Key changes:
- Added new SecurityScheme
OPCUASecureSecuritySchemeBase (abstract)
-> OPCUAChannelSecurityScheme
-> OPCUAUnsecureChannelScheme
-> OPCUASecureSecurityScheme
-> OPCUASecureSecurityScheme
-> OPCUACertificateAuthenticationScheme
-> OPCUAUserNameAuthenticationScheme
- Implemented a shared `OPCUACertificateManager` for PKI.
PKI folder for OPCUAPrococolClient is set to
env-path("binding-opcua-wot").PKI
which resolve to
on window:
C:\Users\<User>\AppData\Roaming\binding-opcua-node-wot\Config\PKI
on linux:
~/.config/binding-opcua-node-wot/PKI on linux'
on macOs:
~/Library/Application Support/binding-opcua-node-wot/PKI
- Added tests for secure communication.
erossignon
force-pushed
the
feat/binding_opcua_set_security_1401
branch
from
cce16ef to
2e190cb
Compare
…authenticated and security in demo server
- add ability to call the WhoIAm method
to loopback on the actual credentials settings
of the connected user,
This ensure that the security scheme has worked
as expected.
…cua security schemes
…rity schemes used in tests
erossignon
force-pushed
the
feat/binding_opcua_set_security_1401
branch
from
2e190cb to
250be6e
Compare
|
PR looks good, but I have these two questions/suggestions:
|
Ideally, we should not do that. |
@relu91, Can you clarify what you have in mind ? |
|
two things:
p.s. I noticed that |
👍 Makes sense |
I can take it while I am here. |
|
Maybe I'm wrong, but I think you missed this:
|
@relu91 Sorry Can you be more specific ? update: I guess, by extrapolating the meaning of "ClientManager" that you wan't the singleton management for the OPCACertificateManager to be factored out of the OpcuaProtocolClient class. I'll also move the resolution of WotSecurity=>OPCUASecurity to a dedicated file. Let me know if there are more you had in mind. |
erossignon
force-pushed
the
feat/binding_opcua_set_security_1401
branch
from
4c643cd to
01a1a56
Compare
move certificate management and OPCUA security resolution to own files, for clarity. improve OCPUA Certificate manager singleton lifecycle
erossignon
force-pushed
the
feat/binding_opcua_set_security_1401
branch
from
01a1a56 to
269ea39
Compare
relu91
left a comment
relu91
left a comment
There was a problem hiding this comment.
Yes, that's what I had in mind, thank you.
|
Ah, now I noticed a little bit of inconsistency in the file naming scheme, sometimes using _ sometime - . We can fix it later with a refector PR. |
3 participants
Implements OPC UA channel security by allowing the configuration of security mode and policy and authentication
This change introduces a certificate manager to handle client-side certificates.
Key changes:
Implemented a shared
OPCUACertificateManagerfor PKI.PKI folder for OPCUAPrococolClient is set to env-path("binding-opcua-wot").PKI
which resolve to
on window:
C:\Users<User>\AppData\Roaming\binding-opcua-node-wot\Config\PKI
on linux:
~/.config/binding-opcua-node-wot/PKI on linux'
on macOs:
~/Library/Application Support/binding-opcua-node-wot/PKI
Added tests for secure communication.