C++ Based OPC UA Client/Server/PubSub SDK
1.7.8.584
|
The SessionSecurityInfo class contains the security related session settings for connect. More...
#include <uaclientsdk.h>
Inherits UaClientSdk::ClientSecurityInfo.
Public Member Functions | |
SessionSecurityInfo () | |
Constructs a session security info object with initial values for this class and the base class ClientSecurityInfo. More... | |
~SessionSecurityInfo () | |
Destroys the session security info object. | |
SessionSecurityInfo (const SessionSecurityInfo &) | |
Constructs a copy of the passed session security info object. | |
SessionSecurityInfo & | operator= (const SessionSecurityInfo &) |
Assigns a copy of the passed session security info to this object and returns a reference to this object. More... | |
UaStatusCode | loadServerCertificateOpenSSL (const UaString &sServerCertificateFile) |
Load server certificate using the file based OpenSSL certificate store. More... | |
UaStatusCode | loadServerCertificateWindows (const UaString &sCertificateThumbprint) |
Load server certificate using the Windows certificate store. More... | |
UaStatusCode | splitCertificateChain (const UaByteString &certificateChain, UaByteStringArray &chainEntries) |
Splits a certificate chain into its single components. More... | |
UaStatusCode | saveServerCertificate (UaString &sCertificateName) |
Save certificate in store. More... | |
UaStatus | verifyServerCertificate (CertificateValidationCallback *pCallback=OpcUa_Null) |
This function verifies if the server certificate is trusted by the client. More... | |
UaStatusCode | getCurrentErrorInformationOpenSSL (OpcUa_Void *pvVerifyContext, OpcUa_Int32 &iNativeError, UaString &sErrorMessage) |
Retrieves detailed information about errors returned by CertificateValidationCallback::verificationError. More... | |
void | setAnonymousUserIdentity () |
This function is setting the user identity type used for connection establishment to Anonymous. | |
void | setUserPasswordUserIdentity (const UaString &userName, const UaString &password) |
This function is setting the user identity type used for connection establishment to UserPassword. More... | |
void | setCertificateUserIdentity (const UaByteString &userCertificate, const UaByteString &userPrivateKey) |
This function is setting the user identity type used for connection establishment to Certificate. More... | |
const UaUserIdentityToken * | pUserIdentityToken () const |
Returns the user identity token configured for this setting object. More... | |
OpcUa_UserTokenType | userTokenType () const |
Returns the type of the UaUserIdentityToken configured for this SessionSecurityInfo object. More... | |
bool | getSecurityCheckOverride (const UaStatus &status) const |
Check if an override for a specific validation status exists. More... | |
Public Member Functions inherited from UaClientSdk::ClientSecurityInfo | |
ClientSecurityInfo () | |
Constructs a client security info object with initial values. More... | |
~ClientSecurityInfo () | |
Destroys the client security info object. | |
UaStatusCode | initializePkiProviderOpenSSL (const UaString &sCertificateRevocationListLocation, const UaString &sCertificateTrustListLocation) |
Initialize the PKI provider to use the file based OpenSSL certificate store. More... | |
UaStatusCode | initializePkiProviderOpenSSL (const UaString &sCertificateRevocationListLocation, const UaString &sCertificateTrustListLocation, const UaString &sIssuersRevocationListLocation, const UaString &sIssuersCertificatesLocation) |
Initialize the PKI provider to use the file based OpenSSL certificate store. More... | |
UaStatusCode | loadClientCertificateOpenSSL (const UaString &sClientCertificateFile, const UaString &sClientPrivateKeyFile, const UaString &sPassword=UaString()) |
Load client certificate and client private key using the file based OpenSSL certificate store. More... | |
UaStatusCode | initializePkiProviderWindows (WindowsStoreLocation certificateStoreLocation, const UaString &sCertificateStoreName) |
Initialize the PKI provider to use the Windows certificate store. More... | |
UaStatusCode | initializePkiProviderWindows (WindowsStoreLocation certificateStoreLocation, const UaString &sCertificateStoreName, const UaString &sIssuersCertificateStoreName) |
Initialize the PKI provider to use the Windows certificate store. More... | |
UaStatusCode | loadClientCertificateWindows (const UaString &sCertificateThumbprint) |
Load client certificate and client private key using the Windows certificate store. More... | |
OpcUa_Void * | pkiCfg () |
Internally used function to provide the PKI provider for the UA Stack. | |
bool | isPkiProviderValid () |
Checks if the PKI provider is configured. | |
UaStatusCode | initializePkiProviderHttps (const UaString &sHttpsIssuersRevocationListLocation, const UaString &sHttpsIssuersCertificatesLocation) |
Initialize the PKI provider to use for validating HTTPS certificates. More... | |
OpcUa_Void * | pkiCfgHttps () |
Internally used function to provide the PKI provider for the UA Stack used for HTTPS connections. | |
OpcUa_Key * | getClientPrivateKey () |
Get the client private key. | |
UaByteArray | getClientPrivateKeyDer () |
Get the client private key as DER encoded byte array. | |
void | setClientPrivateKeyDer (const UaByteString &privateKey) |
Set the client private key as DER encoded byte array. | |
Public Attributes | |
UaByteString | serverCertificate |
Server certificate (public key). More... | |
OpcUa_Boolean | doServerCertificateVerify |
Indicates if the client SDK must verify the server certificate or if this was done already by the application. More... | |
OpcUa_Boolean | disableErrorCertificateTimeInvalid |
Flag used to disable the server certificate validation error BadCertificateTimeInvalid, default is false. More... | |
OpcUa_Boolean | disableErrorCertificateIssuerTimeInvalid |
Flag used to disable the client certificate validation error BadCertificateIssuerTimeInvalid, default is false. More... | |
OpcUa_Boolean | disableErrorCertificateRevocationUnknown |
Flag used to disable the client certificate validation error BadCertificateRevocationUnknown, default is false. More... | |
OpcUa_Boolean | disableErrorCertificateIssuerRevocationUnknown |
Flag used to disable the client certificate validation error BadCertificateIssuerRevocationUnknown, default is false. More... | |
OpcUa_Boolean | disableErrorCertificateHostNameInvalid |
Flag used to disable the check if the hostname the client connected to matches one of the hostnames or IP addresses in the server certificate. More... | |
OpcUa_Boolean | disableEncryptedPasswordCheck |
Flag used to disable the check if the password of a UserPassword identity token is encrypted properly. More... | |
OpcUa_Boolean | disableApplicationUriCheck |
Flag used to disable the check if the ApplicationUri in the ServerCertificate matches the ApplicationUri the Server returns in the EndpointDescription. More... | |
OpcUa_Boolean | disableNonceLengthCheck |
Flag used to disable the check if the ServerNonce has the correct length of minimum 32 bytes. More... | |
OpcUa_Boolean | disableTrustedCertificateForUserTokenRequired |
Flag used to disable the check if the certificate used to encrypt a password needs to be trusted. More... | |
OpcUa_Boolean | disableSessionIdCheck |
Flag used to disable the check if the Server returned Null SessionId. More... | |
OpcUa_Boolean | disableCertificateUsageCheck |
Flag used to disable the checks for certificate structure and key usage. More... | |
Public Attributes inherited from UaClientSdk::ClientSecurityInfo | |
UaString | sSecurityPolicy |
The name of the security policy used for the connection. More... | |
OpcUa_MessageSecurityMode | messageSecurityMode |
The message security mode used for the connection. More... | |
UaByteString | clientCertificate |
Client certificate (public key). More... | |
The SessionSecurityInfo class contains the security related session settings for connect.
The Security section of the client SDK introduction contains a detailed description on how the certificate store is set up, on how application instance certificates are created and how an secure connection to a server is initiated.
UaClientSdk::SessionSecurityInfo::SessionSecurityInfo | ( | ) |
Constructs a session security info object with initial values for this class and the base class ClientSecurityInfo.
The user identity token type is set to Anonymous
UaStatusCode UaClientSdk::SessionSecurityInfo::getCurrentErrorInformationOpenSSL | ( | OpcUa_Void * | pvVerifyContext, |
OpcUa_Int32 & | iNativeError, | ||
UaString & | sErrorMessage | ||
) |
Retrieves detailed information about errors returned by CertificateValidationCallback::verificationError.
[in] | pvVerifyContext | The verification context returned by CertificateValidationCallback::verificationError. |
[out] | iNativeError | The native OpenSSL error code. |
[out] | sErrorMessage | The string representation of iNativeError. |
bool UaClientSdk::SessionSecurityInfo::getSecurityCheckOverride | ( | const UaStatus & | status | ) | const |
Check if an override for a specific validation status exists.
UaStatusCode UaClientSdk::SessionSecurityInfo::loadServerCertificateOpenSSL | ( | const UaString & | sServerCertificate | ) |
Load server certificate using the file based OpenSSL certificate store.
[in] | sServerCertificate | Path and file name of the server certificate (public key) |
UaStatusCode UaClientSdk::SessionSecurityInfo::loadServerCertificateWindows | ( | const UaString & | sCertificateThumbprint | ) |
Load server certificate using the Windows certificate store.
[in] | sCertificateThumbprint | Thumbprint of the certificate in the Windows store as string. |
SessionSecurityInfo & UaClientSdk::SessionSecurityInfo::operator= | ( | const SessionSecurityInfo & | other | ) |
Assigns a copy of the passed session security info to this object and returns a reference to this object.
const UaUserIdentityToken * UaClientSdk::SessionSecurityInfo::pUserIdentityToken | ( | ) | const |
Returns the user identity token configured for this setting object.
The returned object can be an instance of
UaStatusCode UaClientSdk::SessionSecurityInfo::saveServerCertificate | ( | UaString & | sCertificateName | ) |
Save certificate in store.
[out] | sCertificateName | Name of the certificate that can be used to load the certificate from the same store. |
void UaClientSdk::SessionSecurityInfo::setCertificateUserIdentity | ( | const UaByteString & | userCertificate, |
const UaByteString & | userPrivateKey | ||
) |
This function is setting the user identity type used for connection establishment to Certificate.
[in] | userCertificate | User certificate for the Certificate user identity type |
[in] | userPrivateKey | User private key for the Certificate user identity type |
void UaClientSdk::SessionSecurityInfo::setUserPasswordUserIdentity | ( | const UaString & | userName, |
const UaString & | password | ||
) |
This function is setting the user identity type used for connection establishment to UserPassword.
[in] | userName | User name for the user password user identity type |
[in] | password | Password for the user password user identity type |
UaStatusCode UaClientSdk::SessionSecurityInfo::splitCertificateChain | ( | const UaByteString & | certificateChain, |
UaByteStringArray & | chainEntries | ||
) |
Splits a certificate chain into its single components.
Certificate chains returned by a server may contain 1..n certificates. This method splits the chain and returns an array containing the elements contained in the chain. If only one certificate is in the chain, chainEntries will be of size one, containing the certificate.
[in] | certificateChain | The certificate chain to split. |
[out] | chainEntries | An array containing the single elements of the certificate chain. |
OpcUa_UserTokenType UaClientSdk::SessionSecurityInfo::userTokenType | ( | ) | const |
Returns the type of the UaUserIdentityToken configured for this SessionSecurityInfo object.
Possible values are
UaStatus UaClientSdk::SessionSecurityInfo::verifyServerCertificate | ( | CertificateValidationCallback * | pCallback = OpcUa_Null | ) |
This function verifies if the server certificate is trusted by the client.
OpcUa_Boolean UaClientSdk::SessionSecurityInfo::disableApplicationUriCheck |
Flag used to disable the check if the ApplicationUri in the ServerCertificate matches the ApplicationUri the Server returns in the EndpointDescription.
The default is false.
OpcUa_Boolean UaClientSdk::SessionSecurityInfo::disableCertificateUsageCheck |
Flag used to disable the checks for certificate structure and key usage.
These checks include checking for the SubjectAlternativeName, the KeyUsage and ExtendedKeyUsage of the certificate. The default is false.
OpcUa_Boolean UaClientSdk::SessionSecurityInfo::disableEncryptedPasswordCheck |
Flag used to disable the check if the password of a UserPassword identity token is encrypted properly.
The check will fail if either the ServerNonce is not set or the PasswordEncryptionMode is None. The default is false.
OpcUa_Boolean UaClientSdk::SessionSecurityInfo::disableErrorCertificateHostNameInvalid |
Flag used to disable the check if the hostname the client connected to matches one of the hostnames or IP addresses in the server certificate.
The default is false.
OpcUa_Boolean UaClientSdk::SessionSecurityInfo::disableErrorCertificateIssuerRevocationUnknown |
Flag used to disable the client certificate validation error BadCertificateIssuerRevocationUnknown, default is false.
OpcUa_Boolean UaClientSdk::SessionSecurityInfo::disableErrorCertificateIssuerTimeInvalid |
Flag used to disable the client certificate validation error BadCertificateIssuerTimeInvalid, default is false.
OpcUa_Boolean UaClientSdk::SessionSecurityInfo::disableErrorCertificateRevocationUnknown |
Flag used to disable the client certificate validation error BadCertificateRevocationUnknown, default is false.
OpcUa_Boolean UaClientSdk::SessionSecurityInfo::disableErrorCertificateTimeInvalid |
Flag used to disable the server certificate validation error BadCertificateTimeInvalid, default is false.
OpcUa_Boolean UaClientSdk::SessionSecurityInfo::disableNonceLengthCheck |
Flag used to disable the check if the ServerNonce has the correct length of minimum 32 bytes.
The default is false.
OpcUa_Boolean UaClientSdk::SessionSecurityInfo::disableSessionIdCheck |
Flag used to disable the check if the Server returned Null SessionId.
The default is false.
OpcUa_Boolean UaClientSdk::SessionSecurityInfo::disableTrustedCertificateForUserTokenRequired |
Flag used to disable the check if the certificate used to encrypt a password needs to be trusted.
The check will fail if the server certificate used to encrypt a user token is not trusted. The default is false.
OpcUa_Boolean UaClientSdk::SessionSecurityInfo::doServerCertificateVerify |
Indicates if the client SDK must verify the server certificate or if this was done already by the application.
The default value is True to force the client SDK to verify the server certificate before establishing the connection.
UaByteString UaClientSdk::SessionSecurityInfo::serverCertificate |
Server certificate (public key).