UA Server SDK C++ Bundle  1.3.2.200
 All Data Structures Namespaces Functions Variables Typedefs Enumerations Enumerator Groups Pages
Supplement A: Setting up security

Content:

For reasons of clarity the previous lessons of this tutorial passed on loading the client certificate. We are going to make up this in the present lesson.

Step 1: Introducing class SessionSecurityInfo

TBD

Step 2: Implementing setup

Add the following code to header,

/* OPC UA service calls */
UaStatus setupSecurity(SessionSecurityInfo& sessionSecurityInfo);

and source file, rsp.:

/*============================================================================
Security Helper
*===========================================================================*/
UaStatus setupSecurity(SessionSecurityInfo& sessionSecurityInfo)
{
UaStatus uStatus;
UaString sCertificateRevocationListLocation;
UaString sCertificateTrustListLocation;
UaString sClientCertificateFile;
UaString sClientPrivateKeyFile;
UaString sServerCertificateFile;
#ifdef _WIN32
char szAppPath[MAX_PATH];
char* pszAppPath = szAppPath;
GetModuleFileNameA(0, szAppPath, MAX_PATH);
int len = strlen(szAppPath);
pszAppPath += len;
for ( int ii=0; ii<len; ii++ )
{
pszAppPath--;
if ( *pszAppPath == '\\' )
{
*pszAppPath = 0;
break;
}
}
UaString sAppPath = szAppPath;
sAppPath += "\\";
sCertificateRevocationListLocation = sAppPath;
sCertificateRevocationListLocation += CertificateRevocationListLocation;
sCertificateTrustListLocation = sAppPath;
sCertificateTrustListLocation += CertificateTrustListLocation;
sClientCertificateFile = sAppPath;
sClientCertificateFile += CLIENT_CERT_LOCATION;
sClientPrivateKeyFile = sAppPath;
sClientPrivateKeyFile += CLIENT_PKEY_LOCATION;
sServerCertificateFile = sAppPath;
sServerCertificateFile += SERVER_CERT_LOCATION;
#else
sCertificateRevocationListLocation = CertificateRevocationListLocation;
sCertificateTrustListLocation = CertificateTrustListLocation;
sClientCertificateFile = CLIENT_CERT_LOCATION;
sClientPrivateKeyFile = CLIENT_PKEY_LOCATION;
sServerCertificateFile = SERVER_CERT_LOCATION;
#endif
/*********************************************************************
Initialize the PKI provider for OpenSSL
**********************************************************************/
uStatus = sessionSecurityInfo.initializePkiProviderOpenSSL(
sCertificateRevocationListLocation,
sCertificateTrustListLocation);
/*********************************************************************/
if(uStatus.isBad())
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** Could not initialize PKI\n");
printf("*******************************************************\n");
return uStatus;
}
/*********************************************************************
Load certificate and private key for client from OpenSSL store
**********************************************************************/
uStatus = sessionSecurityInfo.loadClientCertificateOpenSSL(
sClientCertificateFile,
sClientPrivateKeyFile);
/*********************************************************************/
if(uStatus.isBad())
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** Could not load Client certificate\n");
printf("** Connect will work only without security\n");
printf("*******************************************************\n");
return uStatus;
}
/*********************************************************************
Load certificate for server from OpenSSL store
**********************************************************************/
uStatus = sessionSecurityInfo.loadServerCertificateOpenSSL(sServerCertificateFile);
/*********************************************************************/
if(uStatus.isBad())
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** Could not load Server certificate\n");
printf("*******************************************************\n");
}
return uStatus;
}

Finally call setupSecurity in main() :

// Initialize the UA Stack platform layer
UaPlatformLayer::init();
// ++
status = setupSecurity(sessionSecurityInfo);
// ++