Beispiel #1
0
 def register_server(self, server, conf=None):
     appdesc = ua.ApplicationDescription()
     appdesc.ApplicationUri = server.ServerUri
     appdesc.ProductUri = server.ProductUri
     # FIXME: select name from client locale
     appdesc.ApplicationName = server.ServerNames[0]
     appdesc.ApplicationType = server.ServerType
     appdesc.DiscoveryUrls = server.DiscoveryUrls
     # FIXME: select discovery uri using reachability from client network
     appdesc.GatewayServerUri = server.GatewayServerUri
     self._known_servers[server.ServerUri] = ServerDesc(appdesc, conf)
Beispiel #2
0
 async def create_session(self):
     """
     send a CreateSessionRequest to server with reasonable parameters.
     If you want o modify settings look at code of this methods
     and make your own
     """
     desc = ua.ApplicationDescription()
     desc.ApplicationUri = self.application_uri
     desc.ProductUri = self.product_uri
     desc.ApplicationName = ua.LocalizedText(self.name)
     desc.ApplicationType = ua.ApplicationType.Client
     params = ua.CreateSessionParameters()
     # at least 32 random bytes for server to prove possession of private key (specs part 4, 5.6.2.2)
     nonce = create_nonce(32)
     params.ClientNonce = nonce
     params.ClientCertificate = self.security_policy.host_certificate
     params.ClientDescription = desc
     params.EndpointUrl = self.server_url.geturl()
     params.SessionName = f"{self.description} Session{self._session_counter}"
     # Requested maximum number of milliseconds that a Session should remain open without activity
     params.RequestedSessionTimeout = self.session_timeout
     params.MaxResponseMessageSize = 0  # means no max size
     response = await self.uaclient.create_session(params)
     if self.security_policy.host_certificate is None:
         data = nonce
     else:
         data = self.security_policy.host_certificate + nonce
     self.security_policy.asymmetric_cryptography.verify(
         data, response.ServerSignature.Signature)
     self._server_nonce = response.ServerNonce
     if not self.security_policy.peer_certificate:
         self.security_policy.peer_certificate = response.ServerCertificate
     elif self.security_policy.peer_certificate != response.ServerCertificate:
         raise ua.UaError("Server certificate mismatch")
     # remember PolicyId's: we will use them in activate_session()
     ep = Client.find_endpoint(response.ServerEndpoints,
                               self.security_policy.Mode,
                               self.security_policy.URI)
     self._policy_ids = ep.UserIdentityTokens
     #  Actual maximum number of milliseconds that a Session shall remain open without activity
     if self.session_timeout != response.RevisedSessionTimeout:
         _logger.warning(
             "Requested session timeout to be %dms, got %dms instead",
             self.secure_channel_timeout, response.RevisedSessionTimeout)
         self.session_timeout = response.RevisedSessionTimeout
     self._renew_channel_task = self.loop.create_task(
         self._renew_channel_loop())
     return response
Beispiel #3
0
    def _set_endpoints(self,
                       policy=ua.SecurityPolicy,
                       mode=ua.MessageSecurityMode.None_):
        idtokens = []
        if "Anonymous" in self._policyIDs:
            idtoken = ua.UserTokenPolicy()
            idtoken.PolicyId = "anonymous"
            idtoken.TokenType = ua.UserTokenType.Anonymous
            idtokens.append(idtoken)

        if "Basic256Sha256" in self._policyIDs:
            idtoken = ua.UserTokenPolicy()
            idtoken.PolicyId = 'certificate_basic256sha256'
            idtoken.TokenType = ua.UserTokenType.Certificate
            idtokens.append(idtoken)

        if "Username" in self._policyIDs:
            idtoken = ua.UserTokenPolicy()
            idtoken.PolicyId = "username"
            idtoken.TokenType = ua.UserTokenType.UserName
            idtokens.append(idtoken)

        appdesc = ua.ApplicationDescription()
        appdesc.ApplicationName = ua.LocalizedText(self.name)
        appdesc.ApplicationUri = self._application_uri
        appdesc.ApplicationType = self.application_type
        appdesc.ProductUri = self.product_uri
        appdesc.DiscoveryUrls.append(self.endpoint.geturl())

        edp = ua.EndpointDescription()
        edp.EndpointUrl = self.endpoint.geturl()
        edp.Server = appdesc
        if self.certificate:
            edp.ServerCertificate = uacrypto.der_from_x509(self.certificate)
        edp.SecurityMode = mode
        edp.SecurityPolicyUri = policy.URI
        edp.UserIdentityTokens = idtokens
        edp.TransportProfileUri = "http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary"
        edp.SecurityLevel = 0
        self.iserver.add_endpoint(edp)