def _set_endpoints(self, policy=ua.SecurityPolicy, mode=ua.MessageSecurityMode.None_): idtoken = ua.UserTokenPolicy() idtoken.PolicyId = 'anonymous' idtoken.TokenType = ua.UserTokenType.Anonymous idtoken2 = ua.UserTokenPolicy() idtoken2.PolicyId = 'certificate_basic256' idtoken2.TokenType = ua.UserTokenType.Certificate idtoken3 = ua.UserTokenPolicy() idtoken3.PolicyId = 'certificate_basic128' idtoken3.TokenType = ua.UserTokenType.Certificate idtoken4 = ua.UserTokenPolicy() idtoken4.PolicyId = 'username' idtoken4.TokenType = ua.UserTokenType.UserName appdesc = ua.ApplicationDescription() appdesc.ApplicationName = ua.LocalizedText(self.name) appdesc.ApplicationUri = self.application_uri appdesc.ApplicationType = self.application_type appdesc.ProductUri = self.product_uri appdesc.DiscoveryUrls.append(self.endpoint.geturl()) edp = ua.EndpointDescription() edp.EndpointUrl = self.endpoint.geturl() edp.Server = appdesc if self.certificate: edp.ServerCertificate = uacrypto.der_from_x509(self.certificate) edp.SecurityMode = mode edp.SecurityPolicyUri = policy.URI edp.UserIdentityTokens = [idtoken, idtoken2, idtoken3, idtoken4] edp.TransportProfileUri = 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary' edp.SecurityLevel = 0 self.iserver.add_endpoint(edp)
def register_server(self, server, conf=None): appdesc = ua.ApplicationDescription() appdesc.ApplicationUri = server.ServerUri appdesc.ProductUri = server.ProductUri appdesc.ApplicationName = server.ServerNames[0] # FIXME: select name from client locale appdesc.ApplicationType = server.ServerType appdesc.GatewayServerUri = server.GatewayServerUri appdesc.DiscoveryUrls = server.DiscoveryUrls # FIXME: select discovery uri using reachability from client network self._known_servers[server.ServerUri] = ServerDesc(appdesc, conf)
def create_session(self): """ send a CreateSessionRequest to server with reasonable parameters. If you want o modify settings look at code of this methods and make your own """ desc = ua.ApplicationDescription() desc.ApplicationUri = self.application_uri desc.ProductUri = self.product_uri desc.ApplicationName = ua.LocalizedText(self.name) desc.ApplicationType = ua.ApplicationType.Client params = ua.CreateSessionParameters() # at least 32 random bytes for server to prove possession of private key (specs part 4, 5.6.2.2) nonce = utils.create_nonce(32) params.ClientNonce = nonce params.ClientCertificate = self.security_policy.client_certificate params.ClientDescription = desc params.EndpointUrl = self.server_url.geturl() params.SessionName = self.description + " Session" + str( self._session_counter) params.RequestedSessionTimeout = self.session_timeout params.MaxResponseMessageSize = 0 # means no max size response = self.uaclient.create_session(params) if self.security_policy.client_certificate is None: data = nonce else: data = self.security_policy.client_certificate + nonce self.security_policy.asymmetric_cryptography.verify( data, response.ServerSignature.Signature) self._server_nonce = response.ServerNonce if not self.security_policy.server_certificate: self.security_policy.server_certificate = response.ServerCertificate elif self.security_policy.server_certificate != response.ServerCertificate: raise ua.UaError("Server certificate mismatch") # remember PolicyId's: we will use them in activate_session() ep = Client.find_endpoint(response.ServerEndpoints, self.security_policy.Mode, self.security_policy.URI) self._policy_ids = ep.UserIdentityTokens if self.session_timeout != response.RevisedSessionTimeout: _logger.warning( "Requested session timeout to be %dms, got %dms instead", self.secure_channel_timeout, response.RevisedSessionTimeout) self.session_timeout = response.RevisedSessionTimeout self.keepalive = KeepAlive( self, min(self.session_timeout, self.secure_channel_timeout) * 0.7) # 0.7 is from spec self.keepalive.start() return response
def _set_endpoints(self, policy=ua.SecurityPolicy, mode=ua.MessageSecurityMode.None_): idtokens = [] supported_token_classes = [] if "Anonymous" in self._policyIDs: idtoken = ua.UserTokenPolicy() idtoken.PolicyId = 'anonymous' idtoken.TokenType = ua.UserTokenType.Anonymous idtokens.append(idtoken) supported_token_classes.append(ua.AnonymousIdentityToken) if "Basic256Sha256" in self._policyIDs: idtoken = ua.UserTokenPolicy() idtoken.PolicyId = 'certificate_basic256sha256' idtoken.TokenType = ua.UserTokenType.Certificate idtokens.append(idtoken) supported_token_classes.append(ua.X509IdentityToken) if "Username" in self._policyIDs: idtoken = ua.UserTokenPolicy() idtoken.PolicyId = 'username' idtoken.TokenType = ua.UserTokenType.UserName idtokens.append(idtoken) supported_token_classes.append(ua.UserNameIdentityToken) appdesc = ua.ApplicationDescription() appdesc.ApplicationName = ua.LocalizedText(self.name) appdesc.ApplicationUri = self._application_uri appdesc.ApplicationType = self.application_type appdesc.ProductUri = self.product_uri appdesc.DiscoveryUrls.append(self.endpoint.geturl()) edp = ua.EndpointDescription() edp.EndpointUrl = self.endpoint.geturl() edp.Server = appdesc if self.certificate: edp.ServerCertificate = uacrypto.der_from_x509(self.certificate) edp.SecurityMode = mode edp.SecurityPolicyUri = policy.URI edp.UserIdentityTokens = idtokens edp.TransportProfileUri = 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary' edp.SecurityLevel = 0 self.iserver.add_endpoint(edp) self.iserver.supported_tokens = tuple(supported_token_classes)
def register_server(self, registeredServer, uaDiscoveryConfiguration=None): assert (isinstance(registeredServer, ua.uaprotocol_auto.RegisteredServer)) appDesc = ua.ApplicationDescription() appDesc.ApplicationUri = registeredServer.ServerUri appDesc.ProductUri = registeredServer.ProductUri # FIXME: select name from client locale appDesc.ApplicationName = registeredServer.ServerNames[0] appDesc.ApplicationType = registeredServer.ServerType appDesc.DiscoveryUrls = registeredServer.DiscoveryUrls # FIXME: select discovery uri using reachability from client network appDesc.GatewayServerUri = registeredServer.GatewayServerUri # Create and add ServerDescription, so it is resolved by find_servers(). srvDesc = LocalDiscoveryService.ServerDescription( appDesc, uaDiscoveryConfiguration) self.add_server_description(srvDesc) # Auto-expire server registrations after REG_EXPIRE_TIMEOUT seconds. expire_cb = partial(self._expire_server_description, srvDesc) self.thread_loop.call_later(self.REG_EXPIRE_TIMEOUT, expire_cb)
def create_session(self): desc = ua.ApplicationDescription() desc.ApplicationUri = self.application_uri desc.ProductUri = self.product_uri desc.ApplicationName = ua.LocalizedText(self.name) desc.ApplicationType = ua.ApplicationType.Client params = ua.CreateSessionParameters() nonce = utils.create_nonce( 32 ) # at least 32 random bytes for server to prove possession of private key (specs part 4, 5.6.2.2) params.ClientNonce = nonce params.ClientCertificate = self.security_policy.client_certificate params.ClientDescription = desc params.EndpointUrl = self.server_url.geturl() params.SessionName = self.description + " Session" + str( self._session_counter) params.RequestedSessionTimeout = 3600000 params.MaxResponseMessageSize = 0 # means no max size response = self.bclient.create_session(params) self.security_policy.asymmetric_cryptography.verify( self.security_policy.client_certificate + nonce, response.ServerSignature.Signature) self._server_nonce = response.ServerNonce if not self.security_policy.server_certificate: self.security_policy.server_certificate = response.ServerCertificate elif self.security_policy.server_certificate != response.ServerCertificate: raise Exception("Server certificate mismatch") # remember PolicyId's: we will use them in activate_session() ep = Client.find_endpoint(response.ServerEndpoints, self.security_policy.Mode, self.security_policy.URI) self._policy_ids = ep.UserIdentityTokens self.session_timeout = response.RevisedSessionTimeout self.keepalive = KeepAlive( self, min(self.session_timeout, self.secure_channel_timeout) * 0.7) # 0.7 is from spec self.keepalive.start() return response
def _set_endpoints(self): idtoken = ua.UserTokenPolicy() idtoken.PolicyId = 'anonymous' idtoken.TokenType = ua.UserTokenType.Anonymous appdesc = ua.ApplicationDescription() appdesc.ApplicationName = ua.LocalizedText(self.name) appdesc.ApplicationUri = self.server_uri appdesc.ApplicationType = ua.ApplicationType.Server appdesc.ProductUri = self.product_uri appdesc.DiscoveryUrls.append(self.endpoint.geturl()) edp = ua.EndpointDescription() edp.EndpointUrl = self.endpoint.geturl() edp.Server = appdesc edp.SecurityMode = ua.MessageSecurityMode.None_ edp.SecurityPolicyUri = 'http://opcfoundation.org/UA/SecurityPolicy#None' edp.UserIdentityTokens = [idtoken] edp.TransportProfileUri = 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary' edp.SecurityLevel = 0 self.iserver.add_endpoint(edp)