splatch commented on issue #1844:
URL: https://github.com/apache/plc4x/issues/1844#issuecomment-2434611691
Buongiorno @sciortid,
> I proved that i can authenticate with user+psw, but did i correctly
understand that even the 0.13SNAPSHOT does not support the certificate
authentication method? It doesn't look like it does from the commit you linked,
will the library support it in the foreseeable future?
Looking at your code I think you probably mix certificate authentication
with transport level encryption. The OPC-UA protocol can use certificates to
secure communication channel as well as to authenticate user. While I know
little about python, below lines look more like transport level security:
```python
server.load_certificate("certificates/server_certificate.der")
server.load_private_key("certificates/server_private_key.pem")
```
Another point - python code snippet uses
`ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt`. In Apache PLC4X ua
client this value is split into two connection options
`security-policy=Basic256Sha256` and `message-security=SIGN_ENCRYPT`.
Both 0.12 and 0.13-SNAPSHOT support SIGN_ENCRYPT and can work with
certificates. The keystore you configure is client private key and certificate
used to secure channel. This certificate can be used by server to accept or
refuse connection.
If you will have a look on
https://reference.opcfoundation.org/Core/Part4/v104/docs/7.37 you will find
there are few options for tokenType (UserTokenType): Anonymous, Username,
Certificate, IssuedToken. We support only first two, however this does not
prevent you at all from using certificates to secure channel.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
