Re: [I] [Feature Request]: Basic256Sha256 policy not implemented?

Thu, 24 Oct 2024 00:56:46 -0700 


sciortid commented on issue #1844:
URL: https://github.com/apache/plc4x/issues/1844#issuecomment-2434559124

   Hello @splatch. Thank you for the support.
   
   I admit it's a lack of knowledge from my point of view. Just a bit of 
context:
   I'm developing an OPCUA client for a server developed by a third party, it 
currently has no authentication but i know for a fact that this third party 
will want to use **certificate authentication OR username+password**.
   I developed a python OPCUA server to test my client, so it currently looks 
like this:
   
   ```
   from opcua import Server, ua
   import time
   import random
   
   # Imposta il server
   server = Server()
   
   # Imposta l'endpoint del server
   server.set_endpoint("opc.tcp://127.0.0.1:4840")
   
   # Aggiungi un namespace personalizzato
   uri = "urn:freeopcua:python:server"
   idx = server.register_namespace(uri)
   
   # Imposta le politiche di sicurezza
   server.set_security_policy([
       ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt  # Connessioni 
sicure con cifratura
   ])
   
   # Imposta i tipi di sicurezza
   server.set_security_IDs(["Basic256Sha256", "Username"])
   
   ### AUTENTICAZIONE CON USERNAME E PASSWORD ###
   def user_manager(isession, username, password):
       users = {
           "user1": "password1",
           "user2": "password2"
       }
       if username in users and users[username] == password:
           print(f"Login riuscito per l'utente: {username}")
           return True
       else:
           print(f"Tentativo di login fallito per l'utente: {username}")
           return False
   
   # Configura il server per utilizzare l'autenticazione username/password
   server.user_manager.set_user_manager(user_manager)
   
   ### AUTENTICAZIONE CON CERTIFICATI ###
   server.load_certificate("certificates/server_certificate.der")
   server.load_private_key("certificates/server_private_key.pem")
   
   [...]
   server.start()
   
   try:
       while True:
           [...]
           time.sleep(1)  # Aspetta 1 secondo
   finally:
       # Ferma il server al termine
       server.stop()
   ```
   
   So what I'm doing is trying to authenticate with either username+password or 
certificates.
   I proved that i can authenticate with user+psw, but did i correctly 
understand that even the 0.13SNAPSHOT does not support the certificate 
authentication method? It doesn't look like it does from the commit you linked, 
will the library support it in the foreseeable future?
    
   Alo, is the server setup correctly for this scope (authentication with 
user+sw OR certificate) ? Again, lack of my knowledge, sorry for that, but i 
just want to ensure that I'm not misinterpreting things:
   
   ```
   server.set_security_policy([
       ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt  
   ])
   
   server.set_security_IDs(["Basic256Sha256", "Username"])
   ```
   
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to