[opcua] Implementation of client side security policy

[PatrykGala]

no text TBD

---

fixes #625
fixes #642
fixes #621
fixes #595

[chrisdutz]

Hi,

do you need any help with your PR? Would also be awesome, if you could sign up to our mailinglist and get a bit more in touch with the rest of the community [email protected] (subscribe by sending an empty email to [email protected]).

Chris

[splatch]

@takraj Can you reserve some time next week to test this PR with your environment? Subscription tests are currently failing due to incomplete logic update, but these changes should address several aspects, including threading within driver.

[splatch]

Hey folks, could you have a look on these changes? I am working on last fixes for windows unit tests (I'll probably remove certDirectory option), all changes needed to get driver working with various security modes are in place ready for review.

[chrisdutz]

Had a look at mainly the changes in the shared parts (SPI) no objections.
Didn't review the OPC-UA stuff, as you know I usually don't care about OPC-UA ;-)
But thanks for your work on it :-)

[hutcheb]

Nothing holding you out from merging this.
Had a quick look, the existing functionality still seems to be working.
I haven't tested the security stuff yet, but will do eventually (Although a short readme on how to generate a keystore wouldn't go astray ;) )

[sruehl]

@splatch I would recommend the PR then ASAP otherwise we get into merge issues again at some point :)

[splatch]

Fair enough, I'll first rebase and then get a fresh sign off from @PatrykGala. For some reason github looses commit author when rebase is being made.

[chrisdutz]

Well ... you could merge in changes? Doesn't need to be a rebase ... especially when we do a squash merge back, right?

[splatch]

Rebase is not an issue. I think hardest part was getting it after all fixes we had prior 0.11 release.

I'd prefer to keep these four commits as they are, simply because first one is made by someone else (maybe we can squash failing unit test). Then there is mspec update which, for ease of porting to other languages, I'd leave alone too. Last commit is update of driver logic and adjustment of encryption logic which is large enough on its own to be left alone.

[chrisdutz]

The one thing I'm a bit worried about is that the mspec changes seem to imply a completely different structure ... so I'm a bit worried about which ones are actually the right ones? Were the changes only affecting message types that haven't been used in the past (Possibly still not being used)? If they were not used in the past, I guess updating the mspec doesn't cause any harm. If they have been used, I wonder which is the right format. One option would be to create a new "version" of the mspec (You know that we can provide multiple versions of an mspec and simply reference the version we want in the code-generator. So technically we could reference version 2 in java and version 1 in go.

[chrisdutz]

Had a look at the stuff outside of the OPC-UA driver directories and have no objections to merging this.

[splatch]

@chrisdutz I saw the dataio updates and I strive to merge this before you do. ;-) I will rebase it on top of current develop and wait for Patryk to amend sign-off on his commit. Today we will merge that, despite of remaining stability issue mentioned in #1364.

[sruehl]

Even if you would get a conflict with the generated code, it should be now problem as it always can be solved by regenerating :)

[splatch]

Pushed on develop as:

• 6b033d3 (golang fixes)
• f8b0b3b (checking of generated golang code)
• d0893d7 (chunking / encryption implementation)
• 6692f6f (mspec updates)
• 7202ec6 (test fixes)
• c572e58 (implementation of Basic256 policy from @PatrykGala)