diff options
author | Rainer Keller <Rainer.Keller@qt.io> | 2019-07-23 10:19:29 +0200 |
---|---|---|
committer | Rainer Keller <Rainer.Keller@qt.io> | 2019-07-31 15:06:14 +0200 |
commit | f7155c1bdffbab5cd98579789a2fbcffe427a019 (patch) | |
tree | 727ff993032ca08a22613f12d2588bc301396ef9 | |
parent | 9fbb02f9f3f3e6057872ae638616594e5343d07c (diff) |
uacpp: Support client certificate together with user authentication
Using when using the client authentication with certificates it was not
possible to authenticate the user by password.
Change-Id: I20ffb35b209066679ac5093f6af9622e75ac7b33
Reviewed-by: Jannis Völker <jannis.voelker@basyskom.com>
-rw-r--r-- | src/plugins/opcua/uacpp/quacppbackend.cpp | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/src/plugins/opcua/uacpp/quacppbackend.cpp b/src/plugins/opcua/uacpp/quacppbackend.cpp index 445d1d7..580d52d 100644 --- a/src/plugins/opcua/uacpp/quacppbackend.cpp +++ b/src/plugins/opcua/uacpp/quacppbackend.cpp @@ -261,16 +261,9 @@ void UACppAsyncBackend::connectToEndpoint(const QOpcUaEndpointDescription &endpo sessionSecurityInfo.messageSecurityMode = static_cast<OpcUa_MessageSecurityMode>(endpoint.securityMode()); } - if (authInfo.authenticationType() == QOpcUaUserTokenPolicy::TokenType::Anonymous) { - // nothing to do - } else if (authInfo.authenticationType() == QOpcUaUserTokenPolicy::TokenType::Username) { - const auto credentials = authInfo.authenticationData().value<QPair<QString, QString>>(); - UaString username(credentials.first.toUtf8().constData()); - UaString password(credentials.second.toUtf8().constData()); - sessionSecurityInfo.setUserPasswordUserIdentity(username, password); - if (m_disableEncryptedPasswordCheck) - sessionSecurityInfo.disableEncryptedPasswordCheck = OpcUa_True; - } else if (authInfo.authenticationType() == QOpcUaUserTokenPolicy::TokenType::Certificate) { + if (QOpcUa::isSecurePolicy(endpoint.securityPolicy())) { + // We are going to connect to a secure endpoint + // try to load the client certificate const UaString certificateFilePath(pkiConfig.clientCertificateFile().toUtf8()); const UaString privateKeyFilePath(pkiConfig.privateKeyFile().toUtf8()); @@ -327,7 +320,20 @@ void UACppAsyncBackend::connectToEndpoint(const QOpcUaEndpointDescription &endpo qCWarning(QT_OPCUA_PLUGINS_UACPP) << "Failed to connect using certificate authentication: " << QString::fromUtf8(result.toString().toUtf8()); return; } + } // end secure endpoint + + if (authInfo.authenticationType() == QOpcUaUserTokenPolicy::TokenType::Anonymous) { + // nothing to do + } else if (authInfo.authenticationType() == QOpcUaUserTokenPolicy::TokenType::Username) { + const auto credentials = authInfo.authenticationData().value<QPair<QString, QString>>(); + UaString username(credentials.first.toUtf8().constData()); + UaString password(credentials.second.toUtf8().constData()); + sessionSecurityInfo.setUserPasswordUserIdentity(username, password); + if (m_disableEncryptedPasswordCheck) + sessionSecurityInfo.disableEncryptedPasswordCheck = OpcUa_True; } else { + // QOpcUaUserTokenPolicy::TokenType::Certificate is currently unsupported + emit stateAndOrErrorChanged(QOpcUaClient::Disconnected, QOpcUaClient::UnsupportedAuthenticationInformation); qCWarning(QT_OPCUA_PLUGINS_UACPP) << "Failed to connect: Selected authentication type" << authInfo.authenticationType() << "is not supported."; @@ -341,7 +347,7 @@ void UACppAsyncBackend::connectToEndpoint(const QOpcUaEndpointDescription &endpo emit stateAndOrErrorChanged(QOpcUaClient::Disconnected, QOpcUaClient::AccessDenied); qCWarning(QT_OPCUA_PLUGINS_UACPP) << "Failed to connect:" << QString::fromUtf8(result.toString().toUtf8()); - if (result.code() == OpcUa_BadEncodingLimitsExceeded && !endpoint.securityPolicy().endsWith("#None")) + if (result.code() == OpcUa_BadEncodingLimitsExceeded && QOpcUa::isSecurePolicy(endpoint.securityPolicy())) qCWarning(QT_OPCUA_PLUGINS_UACPP) << "Reason may be not using a DER encoded client certificate"; return; |