security policies

united-manufacturing-hub · Jan 30, 2025 · 83e81de · 83e81de
1 parent 4e410e6
commit 83e81de
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/opcua_plugin/authentication.go b/opcua_plugin/authentication.go
@@ -16,21 +16,27 @@ func (g *OPCUAInput) orderEndpoints(
 	selectedAuthentication ua.UserTokenType,
 ) []*ua.EndpointDescription {
 
-	var highSecurityEndpoints, noSecurityEndpoints []*ua.EndpointDescription
+	var highSecurityEndpoints, mediumSecurityEndpoints, lowSecurityEndpoints, noSecurityEndpoints []*ua.EndpointDescription
 
 	for _, endpoint := range endpoints {
 		if isUserTokenSupported(endpoint, selectedAuthentication) {
 			switch {
 			case isSignAndEncryptbasic256Sha256Endpoint(endpoint):
 				highSecurityEndpoints = append(highSecurityEndpoints, endpoint)
+			case isSignAndEncryptbasic256Endpoint(endpoint):
+				mediumSecurityEndpoints = append(mediumSecurityEndpoints, endpoint)
+			case isSignAndEncryptbasic128Rsa15Endpoint(endpoint):
+				lowSecurityEndpoints = append(lowSecurityEndpoints, endpoint)
 			case isNoSecurityEndpoint(endpoint):
 				noSecurityEndpoints = append(noSecurityEndpoints, endpoint)
 			}
 		}
 	}
 
 	// Append no security endpoints to the end of the high security endpoints.
-	orderedEndpoints := append(highSecurityEndpoints, noSecurityEndpoints...)
+	orderedEndpoints := append(highSecurityEndpoints, mediumSecurityEndpoints...)
+	orderedEndpoints = append(orderedEndpoints, lowSecurityEndpoints...)
+	orderedEndpoints = append(orderedEndpoints, noSecurityEndpoints...)
 
 	return orderedEndpoints
 }
@@ -51,6 +57,16 @@ func isSignAndEncryptbasic256Sha256Endpoint(endpoint *ua.EndpointDescription) bo
 		endpoint.SecurityPolicyURI == "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"
 }
 
+func isSignAndEncryptbasic256Endpoint(endpoint *ua.EndpointDescription) bool {
+	return endpoint.SecurityMode == ua.MessageSecurityModeFromString("SignAndEncrypt") &&
+		endpoint.SecurityPolicyURI == "http://opcfoundation.org/UA/SecurityPolicy#Basic256"
+}
+
+func isSignAndEncryptbasic128Rsa15Endpoint(endpoint *ua.EndpointDescription) bool {
+	return endpoint.SecurityMode == ua.MessageSecurityModeFromString("SignAndEncrypt") &&
+		endpoint.SecurityPolicyURI == "http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15"
+}
+
 // isNoSecurityEndpoint checks if the endpoint has no security configured.
 func isNoSecurityEndpoint(endpoint *ua.EndpointDescription) bool {
 	return endpoint.SecurityMode == ua.MessageSecurityModeFromString("None") &&

diff --git a/opcua_plugin/connect.go b/opcua_plugin/connect.go
@@ -40,7 +40,7 @@ func (g *OPCUAInput) GetOPCUAClientOptions(selectedEndpoint *ua.EndpointDescript
 	// Generate certificates if Basic256Sha256
 	if selectedEndpoint.SecurityPolicyURI == ua.SecurityPolicyURIBasic256Sha256 {
 		randomStr := randomString(8) // Generates an 8-character random string
-		clientName := "urn:benthos-umh:client-" + randomStr
+		clientName := "urn:benthos-umh-test:client-" + randomStr
 		certPEM, keyPEM, err := GenerateCert(clientName, 2048, 24*time.Hour*365*10)
 		if err != nil {
 			g.Log.Errorf("Failed to generate certificate: %v", err)