Update client.py

make the detailed policy ID match the signature algorithm and its other implications.

Update client.py
make the detailed policy ID match the signature algorithm and its other implications.
c9c998f9 · starturtle · oroulet · f3de377a · c9c998f9
Commit c9c998f9 authored Sep 11, 2020 by starturtle Committed by oroulet Sep 11, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

asyncua/client/client.py asyncua/client/client.py +2 -1

No files found.
--- a/asyncua/client/client.py
+++ b/asyncua/client/client.py
@@ -449,17 +449,18 @@ class Client:

    def _add_certificate_auth(self, params, certificate, challenge):
        params.UserIdentityToken = ua.X509IdentityToken()
-        params.UserIdentityToken.PolicyId = self.server_policy_id(ua.UserTokenType.Certificate, "certificate_basic256")
        params.UserIdentityToken.CertificateData = uacrypto.der_from_x509(certificate)
        # specs part 4, 5.6.3.1: the data to sign is created by appending
        # the last serverNonce to the serverCertificate
        params.UserTokenSignature = ua.SignatureData()
        # use signature algorithm that was used for certificate generation
        if certificate.signature_hash_algorithm.name == "sha256":
+            params.UserIdentityToken.PolicyId = self.server_policy_id(ua.UserTokenType.Certificate, "certificate_basic256sha256")
            sig = uacrypto.sign_sha256(self.user_private_key, challenge)
            params.UserTokenSignature.Algorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
            params.UserTokenSignature.Signature = sig
        else:
+            params.UserIdentityToken.PolicyId = self.server_policy_id(ua.UserTokenType.Certificate, "certificate_basic256")
            sig = uacrypto.sign_sha1(self.user_private_key, challenge)
            params.UserTokenSignature.Algorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
            params.UserTokenSignature.Signature = sig