# HG changeset patch
# User Edouard Tisserant <edouard.tisserant@gmail.com>
# Date 1668541419 -3600
# Node ID 6d9040e07c322746e968e485f9078bef2cc785d8
# Parent  2f79540660f6a2cb2eec14769eb910625fc32398
OPC-UA: only support the encryption policy selected in config.

By default open62541 client accepts all supported policies, but in makes problem
when negociating with some servers while most clients seems to only support
one policy at a time.

diff -r 2f79540660f6 -r 6d9040e07c32 opc_ua/opcua_client_maker.py
--- a/opc_ua/opcua_client_maker.py	Tue Nov 15 14:04:10 2022 +0100
+++ b/opc_ua/opcua_client_maker.py	Tue Nov 15 20:43:39 2022 +0100
@@ -521,6 +521,7 @@
 #include <open62541/client_highlevel.h>
 #include <open62541/plugin/log_stdout.h>
 #include <open62541/plugin/securitypolicy.h>
+#include <open62541/plugin/securitypolicy_default.h>
 
 #include <open62541/types.h>
 #include <open62541/types_generated_handling.h>
@@ -587,7 +588,7 @@
     UA_ClientConfig_setDefault(cc);                                                                \\
     retval = UA_Client_connect(client, uri);
 
-/* Note : Policy is ignored here since open62541 client supports all policies by default */
+/* Note : Single policy is enforced here, by default open62541 client supports all policies */
 #define INIT_x509(Policy, UpperCaseMode, PrivateKey, Certificate)                                  \\
     LogInfo("OPC-UA Init x509 %s,%s,%s,%s", #Policy, #UpperCaseMode, PrivateKey, Certificate);     \\
                                                                                                    \\
@@ -595,7 +596,35 @@
     UA_ByteString privateKey  = loadFile(PrivateKey);                                              \\
                                                                                                    \\
     cc->securityMode = UA_MESSAGESECURITYMODE_##UpperCaseMode;                                     \\
-    UA_ClientConfig_setDefaultEncryption(cc, certificate, privateKey, NULL, 0, NULL, 0);           \\
+                                                                                                   \\
+    /* replacement for default behaviour */                                                        \\
+    /* UA_ClientConfig_setDefaultEncryption(cc, certificate, privateKey, NULL, 0, NULL, 0); */     \\
+    do{{                                                                                           \\
+        retval = UA_ClientConfig_setDefault(cc);                                                   \\
+        if(retval != UA_STATUSCODE_GOOD)                                                           \\
+            break;                                                                                 \\
+                                                                                                   \\
+        UA_SecurityPolicy *sp = (UA_SecurityPolicy*)                                               \\
+            UA_realloc(cc->securityPolicies, sizeof(UA_SecurityPolicy) * 2);                       \\
+        if(!sp){{                                                                                  \\
+            retval = UA_STATUSCODE_BADOUTOFMEMORY;                                                 \\
+            break;                                                                                 \\
+        }}                                                                                         \\
+        cc->securityPolicies = sp;                                                                 \\
+                                                                                                   \\
+        retval = UA_SecurityPolicy_##Policy(&cc->securityPolicies[cc->securityPoliciesSize],       \\
+                                                 certificate, privateKey, &cc->logger);            \\
+        if(retval != UA_STATUSCODE_GOOD) {{                                                        \\
+            UA_LOG_WARNING(&cc->logger, UA_LOGCATEGORY_USERLAND,                                   \\
+                           "Could not add SecurityPolicy Policy with error code %s",               \\
+                           UA_StatusCode_name(retval));                                            \\
+            UA_free(cc->securityPolicies);                                                         \\
+            cc->securityPolicies = NULL;                                                           \\
+            break;                                                                                 \\
+        }}                                                                                         \\
+                                                                                                   \\
+        ++cc->securityPoliciesSize;                                                                \\
+    }} while(0);                                                                                   \\
                                                                                                    \\
     retval = UA_Client_connect(client, uri);                                                       \\
                                                                                                    \\