Skip to content

Configuration

Jump to bottom
locka99 edited this page Nov 14, 2017 · 4 revisions

The client and server APIs work use configuration to controls many of the runtime aspects.

  • Location of certificates and private keys
  • Endpoints - their path, security policy and message mode
  • Users - which users may connect to which endpoints and their credentials
  • Trust - flags that control how certificates are trusted

Configuration can be done programmatically when a Server or Client object is being constructed. Each has a corresponding ServerConfig and ClientConfig that sets it up. These config objects may be built in code, or they can be read from file, or a combination of each.

When they are read from file, the code will do something like this

let mut server = Server::new(ServerConfig::load(&PathBuf::from("../server.conf")).unwrap());

This reads the file into a ServerConfig and the server is constructed from that. Obviously this example assumes there is no problem with reading that file path otherwise the unwrap() would cause a panic.

Look at the samples/client.conf and samples/server.conf for example files. These are automatically created by unit tests so they are always up to date.

Configuration files are YAML, so they are a relatively readable format. For example, here is a client file.

---
application_name: OPC UA Sample Client
application_uri: "urn:SampleClient"
create_sample_keypair: true
trust_server_certs: true
product_uri: ""
pki_dir: ./pki
default_endpoint: sample_basic128rsa15
user_tokens: 
  sample_user: 
    user: sample
    password: sample1
endpoints: 
  sample_basic128rsa15: 
    url: "opc.tcp://127.0.0.1:4855/"
    security_policy: Basic128Rsa15
    security_mode: SignAndEncrypt
    user_token_id: ANONYMOUS

So this client defines a default endpoint sample_basic128rsa15 which is set up to point to opc.tcp://127.0.0.1:4855 with Basic128Rsa15 encryption and using ANONYMOUS identity. We could edit the file to use sample_user as the identity in which case the client would connect with the supplied user/pass.

Server

Server config:

  1. Application name and uri
  2. Product uri
  3. Pki directory for certificates etc.
  4. Flag to auto create certs if none are found. Use this for testing only.
  5. TCP config info - hello timeout, host, port
  6. User identity tokens - usernames and passwords. A special ANONYMOUS token exists for anonymous connections
  7. Endpoints. Each specifies a path, a security policy, a security mode and a list of user identity tokens it allows, including anonymous

Client

Client config:

  1. Application name and uri
  2. Flag to auto create certs
  3. Flag to auto trust servers
  4. Pki directory for certificates etc.
  5. User tokens the client can use, each defined by an id. A special ANONYMOUS token is implicit.
  6. Default endpoint. The id of the endpoint to use in the absence of the user specifying another one.
  7. Endpoints. These are endpoints the client can connect to, each identified by an id and specifying a url, security policy, security mode and the user token id to connect with.
Clone this wiki locally