Refactor and bugfix SOPC_KeyManager_Certificate_CheckApplicationUri
The motivation of the modification is to avoid the creation of a new parameter in the LibSub layer, which is for now missing: the application uri given by the client.
Description
When receiving the CreateSessionRequest, the server checks that the ApplicationUri given in the ApplicationDescription of the request is the same as the ApplicationUri of the certificate of the connected client.
To do so, the server calls SOPC_KeyManager_Certificate_CheckApplicationUri
which takes a SOPC_Certificate and the given applicationUri, extracts the application from the certificate and compares them.
It may be useful to re-use the current code and add a feature: SOPC_KeyManager_Certificate_GetApplicationUri
which would return the ApplicationUri from the certificate.
The main benefit from this new function is to avoid duplicate configuration parameters: if the client is able to extract the ApplicationUri from the certificate, it is not a configuration parameter anymore, and the client configuration can be simplified (SOPC_SecureChannel_Config
).
Analysis
The extraction part of the CheckApplicationUri should not be re-used, as it incompletely parses the certificate to extract the ApplicationUri. In other words, it may fail unpredictably. However, if it fails, CheckApplicationUri would also fail, and the CreateSessionRequest would be refused by the server. Thus, failing to extract the ApplicationUri from the client certificate has the same consequence in an S2OPC-S2OPC conversation: the session is not created.
In this context, it was decided to do the extraction in another function and avoid the configuration parameter duplication:
- add
SOPC_KeyManager_Certificate_GetFirstApplicationUri
, - refactor
SOPC_KeyManager_Certificate_CheckApplicationUri
, - bugfix, where the length of the ApplicationUri was not checked by
SOPC_KeyManager_Certificate_CheckApplicationUri
, resulting in prefix comparisons.