OPC Security
------------
....
| |
...
....
| |
....
[
+ to each item can corrsenpond attachment in following format
struct OPCData {
void *ptr
unsigned long size;
}
]
Two types of XML encryption/signing
1. All inside tag
2. All inside tag
Specifications
--------------
OPC XML-DA specification
XML Encryption specification
XML Signature specification
Request processing
------------------
1. Decrypt List if encrypted (encrypted using Server certificate,
or one of Item certificates)
[ If failed return error ]
2. Decrypt Encrypted Items
[ If one of items failed, replace with empty item and set error in
OPCSecurityRequestContext ]
3. Verify List and Items signatures
[ All certificates corresponding to valid signatures place into
OPCSecurityRequestContext ]
4. Remove signatures from XML document
5. Analyze EncryptAnswer, SignAnswer fields and remove them from XML
Repsonse processing
-------------------
1. Sign and encrypt items and list depending on supported
OPCSecurityRequestContext
a) SignItems
b) SignList
c) EncyptItems
d) EncryptList
Classes
-------
struct OPCSecurityContextT {
Server Certificate
Server Key
OPCContext sctx;
};
OPCSecurityContext opcSecurityCreateContext()
int opcSecurityInitContext(ctx, cert_file, key_file, ???)
void opcSecurityFreeContext(ctx)
void opcSecurityDestroyContext(ctx)
opcSecurityDecryptItem(ctx, xmlnode, attachment)
opcSecurityDecryptList(ctx, xmlnode, attachments)
opcSecuritySignItem(ctx, xmlnode, attachment)
opcSecuritySignList(ctx, xmlnode, attachments)
opcSecurityEncryptItem(ctx, certificate, xmlnode, attachment)
opcSecurityEncryptList(ctx, certificate, xmlnode, attachments)
opcSecurityVerifyItem(ctx, &certificate, xmlnode, attachment)
opcSecurityVerifyList(ctx, &certificate, xmlnode, attachment)
opcSecurityProcessRequest(ctx, &requestctx, xmldoc, attachments)
opcSecurityProcessAnswer(ctx, requestctx, xmldoc, attachments)
struct OPCSecurityRequestContextT {
usercert_list
usercert_item[]
tosign_list
tosign_item[]
toencrypt_list
toencrypt_item[]
failure_list (0 - OK, 1 - Decrypt failed, 2 - Verify failed)
failure_item[]
};
OPCSecuriyRequest opcSecurityRequestCreateContext()
int opcSecurityInitContext(OPCSecurityRequest ctx, ...)
void opcSecurityFreeContext(OPCSecurityRequest ctx)
void opcSecurityDestroyContext(OPCSecurityRequest ctx)
External Function:
-----------------
OPCSecurityContext opcServerInterfaceGetItemSecurity(OPCContext ctx, item_path, item_name);
[ In development treat that it returns server security context ]
External Libraries
------------------
Gnome XML Library (http://libxml.org)
Gnome XML Security Library xmlsec (http://www.aleksey.com/xmlsec/)
OpenSSL