Beispiel #1
0
    def __init__(self,
                 peer_cert,
                 host_cert,
                 client_pk,
                 mode,
                 permission_ruleset=None):
        require_cryptography(self)
        if isinstance(peer_cert, bytes):
            peer_cert = uacrypto.x509_from_der(peer_cert)
        # even in Sign mode we need to asymmetrically encrypt secrets
        # transmitted in OpenSecureChannel. So SignAndEncrypt here
        self.asymmetric_cryptography = Cryptography(
            MessageSecurityMode.SignAndEncrypt)
        self.asymmetric_cryptography.Signer = SignerSha256(client_pk)
        self.asymmetric_cryptography.Verifier = VerifierSha256(peer_cert)
        self.asymmetric_cryptography.Encryptor = EncryptorRsa(
            peer_cert, uacrypto.encrypt_rsa_oaep, 42)
        self.asymmetric_cryptography.Decryptor = DecryptorRsa(
            client_pk, uacrypto.decrypt_rsa_oaep, 42)
        self.symmetric_cryptography = Cryptography(mode)
        self.Mode = mode
        self.peer_certificate = uacrypto.der_from_x509(peer_cert)
        self.host_certificate = uacrypto.der_from_x509(host_cert)
        if permission_ruleset is None:
            from asyncua.crypto.permission_rules import SimpleRoleRuleset
            permission_ruleset = SimpleRoleRuleset()

        self.permissions = permission_ruleset
Beispiel #2
0
async def srv_crypto_one_cert(request):
    cert_user_manager = CertificateUserManager()
    admin_peer_certificate = admin_peer_creds["certificate"]
    user_peer_certificate = user_peer_creds["certificate"]
    anonymous_peer_certificate = anonymous_peer_creds["certificate"]
    key, cert = request.param
    await cert_user_manager.add_admin(admin_peer_certificate, name='Admin')
    await cert_user_manager.add_user(user_peer_certificate, name='User')
    await cert_user_manager.add_role(anonymous_peer_certificate, name='Anonymous', user_role=UserRole.Anonymous)
    srv = Server(user_manager=cert_user_manager)

    srv.set_endpoint(uri_crypto_cert)
    srv.set_security_policy([ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt],
                            permission_ruleset=SimpleRoleRuleset())
    await srv.init()
    await srv.load_certificate(cert)
    await srv.load_private_key(key)
    idx = 0
    myobj = await srv.nodes.objects.add_object(idx, "MyObject")
    myvar = await myobj.add_variable(idx, "MyVariable", 0.0)
    await myvar.set_writable()  # Set MyVariable to be writable by clients

    await srv.start()
    yield srv
    # stop the server
    await srv.stop()
Beispiel #3
0
async def main():

    cert_user_manager = CertificateUserManager()
    await cert_user_manager.add_user(
        "certificates/peer-certificate-example-1.der", name='test_user')

    server = Server(user_manager=cert_user_manager)

    await server.init()

    server.set_endpoint("opc.tcp://0.0.0.0:4840/freeopcua/server/")
    server.set_security_policy(
        [ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt],
        permission_ruleset=SimpleRoleRuleset())
    # load server certificate and private key. This enables endpoints
    # with signing and encryption.

    await server.load_certificate("certificate-example.der")
    await server.load_private_key("private-key-example.pem")

    idx = 0

    # populating our address space
    myobj = await server.nodes.objects.add_object(idx, "MyObject")
    myvar = await myobj.add_variable(idx, "MyVariable", 0.0)
    await myvar.set_writable()  # Set MyVariable to be writable by clients

    # starting!
    async with server:
        while True:
            await asyncio.sleep(1)
            current_val = await myvar.get_value()
            count = current_val + 0.1
            await myvar.write_value(count)
Beispiel #4
0
async def server_with_certificates(server_url,
                                   server_certificate_path,
                                   server_private_key_path,
                                   certificates=None,
                                   test=False):
    """
    :param server_url:
    :type server_url: str
    :param server_certificate_path:
    :type server_certificate_path: str
    :param server_private_key_path:
    :type server_private_key_path: str
    :param certificates:
    :type certificates: list
    :return:
    """
    # setup our serverclone_and_subscribe(client_node, server_node, sub_handler)
    certificate_handler = CertificateUserManager()
    if certificates is not None and test is not True:
        for role_add in certificates:
            certificate_path = role_add['certificate_path']
            name = role_add['name']
            role = role_add['role']
            if role == 'admin':
                await certificate_handler.add_admin(
                    certificate_path=certificate_path, name=name)
            elif role == 'user':
                await certificate_handler.add_user(
                    certificate_path=certificate_path, name=name)
            else:
                raise NotImplementedError

        server = Server(user_manager=certificate_handler)
    else:
        server = Server()
    await server.init()
    server.set_endpoint(server_url)
    security_policies = []
    permission_ruleset = SimpleRoleRuleset()

    if certificates is not None:
        security_policies.append(
            ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt)

    if certificates is None or test:
        security_policies.append(ua.SecurityPolicyType.NoSecurity)

    server.set_security_policy(security_policies,
                               permission_ruleset=permission_ruleset)
    if server_certificate_path:
        await server.load_certificate(server_certificate_path)
        await server.load_private_key(server_private_key_path)
    return server, certificate_handler