opcua_server/
identity_token.rs

1// OPCUA for Rust
2// SPDX-License-Identifier: MPL-2.0
3// Copyright (C) 2017-2024 Adam Lock
4
5use opcua_types::{
6    match_extension_object_owned, AnonymousIdentityToken, ExtensionObject, IssuedIdentityToken,
7    UAString, UserNameIdentityToken, X509IdentityToken,
8};
9
10pub(crate) const POLICY_ID_ANONYMOUS: &str = "anonymous";
11pub(crate) const POLICY_ID_USER_PASS_NONE: &str = "userpass_none";
12pub(crate) const POLICY_ID_USER_PASS_RSA_15: &str = "userpass_rsa_15";
13pub(crate) const POLICY_ID_USER_PASS_RSA_OAEP: &str = "userpass_rsa_oaep";
14pub(crate) const POLICY_ID_USER_PASS_RSA_OAEP_SHA256: &str = "userpass_rsa_oaep_sha256";
15pub(crate) const POLICY_ID_ISSUED_TOKEN_NONE: &str = "userpass_none";
16pub(crate) const POLICY_ID_ISSUED_TOKEN_RSA_15: &str = "userpass_rsa_15";
17pub(crate) const POLICY_ID_ISSUED_TOKEN_RSA_OAEP: &str = "userpass_rsa_oaep";
18pub(crate) const POLICY_ID_ISSUED_TOKEN_RSA_OAEP_SHA256: &str = "userpass_rsa_oaep_sha256";
19pub(crate) const POLICY_ID_X509: &str = "x509";
20
21/// Identity token representation on the server, decoded from the client.
22pub enum IdentityToken {
23    /// No identity token specified at all.
24    None,
25    /// Identity token for anonymous access.
26    Anonymous(AnonymousIdentityToken),
27    /// Identity token for user name and password.
28    UserName(UserNameIdentityToken),
29    /// Identity token for X.509 certificate.
30    X509(X509IdentityToken),
31    /// Identity token for an issued identity token, i.e. OAuth.
32    IssuedToken(IssuedIdentityToken),
33    /// Invalid identity token with some unknown structure.
34    Invalid(ExtensionObject),
35}
36
37impl IdentityToken {
38    /// Decode an identity token from an extension object received from the client.
39    /// Returns `Invalid` if decoding failed.
40    pub fn new(o: ExtensionObject) -> Self {
41        if o.is_null() {
42            // Treat as anonymous
43            IdentityToken::Anonymous(AnonymousIdentityToken {
44                policy_id: UAString::from(POLICY_ID_ANONYMOUS),
45            })
46        } else {
47            match_extension_object_owned!(o,
48                v: AnonymousIdentityToken => Self::Anonymous(v),
49                v: UserNameIdentityToken => Self::UserName(v),
50                v: X509IdentityToken => Self::X509(v),
51                v: IssuedIdentityToken => Self::IssuedToken(v),
52                _ => Self::Invalid(o)
53            )
54        }
55    }
56}