Feature: Security Policies as Plugins #1003
Conversation
…into OPN_chunking
… if opn messages are longer than one chunk
…o remove asymmetric header decoding from processOPN
…N and into chunking
-Added todo for send chunking. probably needs major restructuring
-Added SecurityPolicy -Added SecurityContexts -Added SecurityPolicy_None -Modified SecureChannel and ServerConfig to accomodate for SecurityPolicies
|
|
|
If you like, i can remove the rest of the noise as well. Some files just have some includes changed. Those are mainly because the file was used, but not included directly. |
examples/server.c
Outdated
| UA_ByteString cert = loadCertificate(); | ||
|
|
||
| UA_ServerConfig *config = UA_ServerConfig_new_minimal(16664, &cert); | ||
| if(config == NULL) |
There was a problem hiding this comment.
The cert variable can already be deleted here, since it is copied in UA_ServerConfig_new_minimal (as it is already in master).
This also avoids memleaks on the return -1 cases
plugins/ua_accesscontrol_default.h
Outdated
| @@ -5,6 +5,7 @@ | |||
| #define UA_ACCESSCONTROL_DEFAULT_H_ | |||
|
|
|||
| #include "ua_server.h" | |||
| #include "ua_types_generated.h" | |||
There was a problem hiding this comment.
Is this really needed here?
Sometimes CLion adds includes even if the are not needed here...
plugins/ua_config_standard.h
Outdated
| @@ -12,6 +12,7 @@ extern "C" { | |||
| #include "ua_server_config.h" | |||
| #include "ua_client.h" | |||
| #include "ua_client_highlevel.h" | |||
| #include "ua_types.h" | |||
There was a problem hiding this comment.
Is this needed? Try to move it into .c file where it is needed or the specific header file
| @@ -5,12 +5,14 @@ | |||
| #include "ua_securechannel_manager.h" | |||
| #include "ua_session.h" | |||
| #include "ua_server_internal.h" | |||
| #include "ua_transport_generated_handling.h" | |||
| #include "ua_types_generated_handling.h" | |||
There was a problem hiding this comment.
Same here, check if the additional includes are really needed.
src/server/ua_server_discovery.c
Outdated
| @@ -5,6 +5,8 @@ | |||
| #include "ua_server_internal.h" | |||
| #include "ua_client.h" | |||
| #include "ua_config_standard.h" | |||
| #include "ua_types_generated.h" | |||
| #include "ua_types_generated_handling.h" | |||
There was a problem hiding this comment.
Same here... Porbably not needed, because the .c file did not change, so it should not require new includes?
| @@ -5,6 +5,7 @@ | |||
| #include "ua_server_internal.h" | |||
| #include "ua_services.h" | |||
| #include "ua_mdns_internal.h" | |||
| #include "ua_connection_internal.h" | |||
| @@ -4,6 +4,8 @@ | |||
|
|
|||
| #include "ua_server_internal.h" | |||
| #include "ua_services.h" | |||
| #include "ua_types_generated.h" | |||
| #include "ua_types_generated_handling.h" | |||
There was a problem hiding this comment.
These includes are needed afaik but can be omitted, since they are included in the other header files, that are included here. I can remove them.
…d error. This may need some further investigation
plugins/ua_config_standard.c
Outdated
| @@ -9,6 +9,7 @@ | |||
| #include "ua_securitypolicy_none.h" | |||
| #include "ua_types.h" | |||
| #include "ua_types_generated_handling.h" | |||
| #include "ua_client_highlevel.h" | |||
There was a problem hiding this comment.
CLion's fault? The config should not include client stuff.
There was a problem hiding this comment.
No. This struct is only defined in the client file and is used in line 305 in the default config, since it supplies config for both server and client.
There was a problem hiding this comment.
@jpfr Should we put the UA_SubscriptionSettings struct into another more fitting header? E.g. ua_server_config.h to avoid including client functionality here.
There was a problem hiding this comment.
Keep in mind, that the client config struct is needed as well. This is included through that header as well (although transitively)
There was a problem hiding this comment.
Hmm, right... 👍
Since the include is now in the source file it shouldn't have that much impact on compilation and Co. So IMHO we can leave it like this for now
There was a problem hiding this comment.
Though it might be worth a thought to split the default client and default server config into two separate files.
There was a problem hiding this comment.
Separate PR or this one? I'd really prefer if this one is merged soon, since the conflicts are getting out of hand.
There was a problem hiding this comment.
I'd create a new PR based on master for the separate configs and also integrate it in this PR.
IMHO this PR can then be merged, but let's wait for @jpfr
There was a problem hiding this comment.
Yeah, you're right. I'd forgotten that the config stuff is on master already.
|
Finally the CI tests run through again. @Infinity95 can you think of a few unit test which you could write? If yes, you could create them in a new PR |
|
Sure. Although I'd first like to change the certificate handling, since that is still somewhat ugly and non useful. I think i already mentioned this, but the certificates would get their own CertificateManager plugin, where certificates are stored and can be validated. |
|
Is there any further input needed from me before this can be merged? |
|
@Infinity95 if you have time, you could create the PR for the separate configurations to master. Because I think that we first need to merge that, and than we can finally merge this veeeeery nice PR |
|
You mean splitting the config into client and server part? |
|
Yes, that shouldn't be that much of a change but makes the code more understandable. |
|
@Infinity95 Can you hold your horses for a little bit? |
|
I finally found the bug i mentioned in this comment. Should i wait pushing the fix to this branch? (It's already pushed to my other branch: mlgiraud@32e280c) |
|
Merged via #1187 |
This PR implements a plugin architecture to support encryption with different security policies as plugins.
The architecture is mainly finished. Mainly error handling is still incomplete and im working on that.
Some encryption stuff still needs some work since im not quite sure about what the standard specifies.
I'm not quite done working on this, but thought it might be useful to already create a PR so others can see the current status. Also errors might get noticed earlier this way.