Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security policies #1729

Merged
merged 6 commits into from
Dec 4, 2024
Merged

Security policies #1729

merged 6 commits into from
Dec 4, 2024

Conversation

cziebuhr
Copy link
Contributor

  • Removed checking if cryptography is available (it's a requirement since v0.5.1)
  • Removed boilerplate code around SecurityPolicyType and SecurityLevel
  • Moved and restructured some classes from ua to security_policies
    • IMHO these classes don't belong there, because they are internal classes not defined by OPC UA spec
    • Having SecurityPolicy "None" and SecurityPolicies with crypto in different files is bad and already led to issues (Fix SimpleRoleRuleset #1718)
    • Naming is bad, separated classes into abstract base classes and concrete implementations
    • server certificate can also be used with SecurityPolicyNone (needed for password encryption)
  • Client: Combined server_policy_id() and server_policy_uri() to server_policy().
  • Renamed check_user_token to decrypt_user_token: There is no check, it just decrypts the token. Checks are done in UserMananger.
  • WIP: sign and verify X509IdentityToken (untested)

TODOS / to discuss

  • It would even be better to only have crypto algorithms in the SecurityPolicy classes and not to use them as data containers for server and client objects.
    • security policies are used both in server and client code. permissions doesn't belong there, it is only used on server side and fits better into InternalServer.
    • host and peer certificates, as well as Mode could also better be stored in InternalServer and Client classes
      • this allows crypto functions to be used with both, application instance certificate (host_certificate/peer_certificate) as well as X509IdentityToken.CertificateData,
        without the need of having extra functions like encrypt_asymmetric or the newly added sign_asymmetric.
      • SecurityPolicyFactory is no longer required
  • create abstract base class for CryptographyNone/Cryptography

@cziebuhr
Copy link
Contributor Author

Solves #1727

@oroulet
Copy link
Member

oroulet commented Oct 27, 2024

ok now you have a conflic with all the formating changes on master. Sorry for that. hopefully by formating things on your side you should manage to get it through...

@cziebuhr
Copy link
Contributor Author

I am now on vacation and will try to proceed afterwards. Do you have any general feedback on the changes?

@oroulet
Copy link
Member

oroulet commented Oct 28, 2024

@cziebuhr as I wrote somewhere else, I do not know really well the crypto code, it was written by someone else. But generally your code quality looks good and your goals make sense, so I have to trust you. if you do not break everything I will merge ;-)

@cziebuhr
Copy link
Contributor Author

Rebased to master, tested and fixed code for X509IdentityToken

@cziebuhr cziebuhr marked this pull request as ready for review November 20, 2024 16:42
@oroulet oroulet merged commit 3c6317b into FreeOpcUa:master Dec 4, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cziebuhr @oroulet