Search in sources :

Example 1 with X509IdentityProvider

use of org.eclipse.milo.opcua.sdk.client.api.identity.X509IdentityProvider in project vantiq-extension-sources by Vantiq.

the class OpcUaESClient method constructIdentityProvider.

private IdentityProvider constructIdentityProvider(Map<String, Object> config) throws OpcExtConfigException, OpcExtKeyStoreException {
    IdentityProvider retVal = null;
    String anonymous = (String) config.get(OpcConstants.CONFIG_IDENTITY_ANONYMOUS);
    // This can be empty -- presence is sufficient
    boolean anonIsPresent = anonymous != null;
    String certAlias = (String) config.get(OpcConstants.CONFIG_IDENTITY_CERTIFICATE);
    boolean certIsPresent = foundValue(certAlias);
    String userPass = (String) config.get(OpcConstants.CONFIG_IDENTITY_USERNAME_PASSWORD);
    boolean upwIsPresent = foundValue(userPass);
    boolean exactlyOnePresent = (anonIsPresent ^ certIsPresent ^ upwIsPresent) ^ (anonIsPresent && certIsPresent && upwIsPresent);
    if (!anonIsPresent && !certIsPresent && !upwIsPresent) {
        log.warn(ERROR_PREFIX + ".noIdentitySpecification: No identity specification was provided.  Using Anonymous as default.");
        retVal = new AnonymousProvider();
    } else if (exactlyOnePresent) {
        // Now we know there is exactly one of them set.
        if (anonIsPresent) {
            retVal = new AnonymousProvider();
        } else if (certIsPresent) {
            X509Certificate namedCert = keyStoreManager.fetchCertByAlias(certAlias);
            PrivateKey pKey = keyStoreManager.fetchPrivateKeyByAlias(certAlias);
            retVal = new X509IdentityProvider(namedCert, pKey);
        } else if (upwIsPresent) {
            String[] upw = userPass.split(",[ ]*");
            if (upw.length != 2) {
                String errMsg = MessageFormatter.arrayFormat(ERROR_PREFIX + ".invalidUserPasswordSpecification: the {} ({}) must contain only a username AND password separated by a comma.", new Object[] { OpcConstants.CONFIG_IDENTITY_USERNAME_PASSWORD, userPass }).getMessage();
                log.error(errMsg);
                throw new OpcExtConfigException(errMsg);
            } else {
                retVal = new UsernameProvider(upw[0], upw[1]);
            }
        }
    } else {
        String errMsg = MessageFormatter.arrayFormat(ERROR_PREFIX + ".invalidIdentitySpecification: exactly one identity specification ({}, {}, {}) is required.", new Object[] { OpcConstants.CONFIG_IDENTITY_ANONYMOUS, OpcConstants.CONFIG_IDENTITY_CERTIFICATE, OpcConstants.CONFIG_IDENTITY_USERNAME_PASSWORD }).getMessage();
        log.error(errMsg);
        throw new OpcExtConfigException(errMsg);
    }
    return retVal;
}
Also used : PrivateKey(java.security.PrivateKey) AnonymousProvider(org.eclipse.milo.opcua.sdk.client.api.identity.AnonymousProvider) X509IdentityProvider(org.eclipse.milo.opcua.sdk.client.api.identity.X509IdentityProvider) IdentityProvider(org.eclipse.milo.opcua.sdk.client.api.identity.IdentityProvider) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) X509Certificate(java.security.cert.X509Certificate) UsernameProvider(org.eclipse.milo.opcua.sdk.client.api.identity.UsernameProvider) X509IdentityProvider(org.eclipse.milo.opcua.sdk.client.api.identity.X509IdentityProvider)

Aggregations

PrivateKey (java.security.PrivateKey)1 X509Certificate (java.security.cert.X509Certificate)1 AnonymousProvider (org.eclipse.milo.opcua.sdk.client.api.identity.AnonymousProvider)1 IdentityProvider (org.eclipse.milo.opcua.sdk.client.api.identity.IdentityProvider)1 UsernameProvider (org.eclipse.milo.opcua.sdk.client.api.identity.UsernameProvider)1 X509IdentityProvider (org.eclipse.milo.opcua.sdk.client.api.identity.X509IdentityProvider)1 ByteString (org.eclipse.milo.opcua.stack.core.types.builtin.ByteString)1