def _set_endpoints(self, policy=ua.SecurityPolicy, mode=ua.MessageSecurityMode.None_):
idtoken = ua.UserTokenPolicy()
idtoken.PolicyId = 'anonymous'
idtoken.TokenType = ua.UserTokenType.Anonymous
idtoken2 = ua.UserTokenPolicy()
idtoken2.PolicyId = 'certificate_basic256'
idtoken2.TokenType = ua.UserTokenType.Certificate
idtoken3 = ua.UserTokenPolicy()
idtoken3.PolicyId = 'certificate_basic128'
idtoken3.TokenType = ua.UserTokenType.Certificate
idtoken4 = ua.UserTokenPolicy()
idtoken4.PolicyId = 'username'
idtoken4.TokenType = ua.UserTokenType.UserName
appdesc = ua.ApplicationDescription()
appdesc.ApplicationName = ua.LocalizedText(self.name)
appdesc.ApplicationUri = self.application_uri
appdesc.ApplicationType = self.application_type
appdesc.ProductUri = self.product_uri
appdesc.DiscoveryUrls.append(self.endpoint.geturl())
edp = ua.EndpointDescription()
edp.EndpointUrl = self.endpoint.geturl()
edp.Server = appdesc
if self.certificate:
edp.ServerCertificate = uacrypto.der_from_x509(self.certificate)
edp.SecurityMode = mode
edp.SecurityPolicyUri = policy.URI
edp.UserIdentityTokens = [idtoken, idtoken2, idtoken3, idtoken4]
edp.TransportProfileUri = 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary'
edp.SecurityLevel = 0
self.iserver.add_endpoint(edp)
def register_server(self, server, conf=None):
appdesc = ua.ApplicationDescription()
appdesc.ApplicationUri = server.ServerUri
appdesc.ProductUri = server.ProductUri
appdesc.ApplicationName = server.ServerNames[0] # FIXME: select name from client locale
appdesc.ApplicationType = server.ServerType
appdesc.GatewayServerUri = server.GatewayServerUri
appdesc.DiscoveryUrls = server.DiscoveryUrls # FIXME: select discovery uri using reachability from client network
self._known_servers[server.ServerUri] = ServerDesc(appdesc, conf)
def create_session(self):
"""
send a CreateSessionRequest to server with reasonable parameters.
If you want o modify settings look at code of this methods
and make your own
"""
desc = ua.ApplicationDescription()
desc.ApplicationUri = self.application_uri
desc.ProductUri = self.product_uri
desc.ApplicationName = ua.LocalizedText(self.name)
desc.ApplicationType = ua.ApplicationType.Client
params = ua.CreateSessionParameters()
# at least 32 random bytes for server to prove possession of private key (specs part 4, 5.6.2.2)
nonce = utils.create_nonce(32)
params.ClientNonce = nonce
params.ClientCertificate = self.security_policy.client_certificate
params.ClientDescription = desc
params.EndpointUrl = self.server_url.geturl()
params.SessionName = self.description + " Session" + str(
self._session_counter)
params.RequestedSessionTimeout = self.session_timeout
params.MaxResponseMessageSize = 0 # means no max size
response = self.uaclient.create_session(params)
if self.security_policy.client_certificate is None:
data = nonce
else:
data = self.security_policy.client_certificate + nonce
self.security_policy.asymmetric_cryptography.verify(
data, response.ServerSignature.Signature)
self._server_nonce = response.ServerNonce
if not self.security_policy.server_certificate:
self.security_policy.server_certificate = response.ServerCertificate
elif self.security_policy.server_certificate != response.ServerCertificate:
raise ua.UaError("Server certificate mismatch")
# remember PolicyId's: we will use them in activate_session()
ep = Client.find_endpoint(response.ServerEndpoints,
self.security_policy.Mode,
self.security_policy.URI)
self._policy_ids = ep.UserIdentityTokens
if self.session_timeout != response.RevisedSessionTimeout:
_logger.warning(
"Requested session timeout to be %dms, got %dms instead",
self.secure_channel_timeout, response.RevisedSessionTimeout)
self.session_timeout = response.RevisedSessionTimeout
self.keepalive = KeepAlive(
self,
min(self.session_timeout, self.secure_channel_timeout) *
0.7) # 0.7 is from spec
self.keepalive.start()
return response
def _set_endpoints(self,
policy=ua.SecurityPolicy,
mode=ua.MessageSecurityMode.None_):
idtokens = []
supported_token_classes = []
if "Anonymous" in self._policyIDs:
idtoken = ua.UserTokenPolicy()
idtoken.PolicyId = 'anonymous'
idtoken.TokenType = ua.UserTokenType.Anonymous
idtokens.append(idtoken)
supported_token_classes.append(ua.AnonymousIdentityToken)
if "Basic256Sha256" in self._policyIDs:
idtoken = ua.UserTokenPolicy()
idtoken.PolicyId = 'certificate_basic256sha256'
idtoken.TokenType = ua.UserTokenType.Certificate
idtokens.append(idtoken)
supported_token_classes.append(ua.X509IdentityToken)
if "Username" in self._policyIDs:
idtoken = ua.UserTokenPolicy()
idtoken.PolicyId = 'username'
idtoken.TokenType = ua.UserTokenType.UserName
idtokens.append(idtoken)
supported_token_classes.append(ua.UserNameIdentityToken)
appdesc = ua.ApplicationDescription()
appdesc.ApplicationName = ua.LocalizedText(self.name)
appdesc.ApplicationUri = self._application_uri
appdesc.ApplicationType = self.application_type
appdesc.ProductUri = self.product_uri
appdesc.DiscoveryUrls.append(self.endpoint.geturl())
edp = ua.EndpointDescription()
edp.EndpointUrl = self.endpoint.geturl()
edp.Server = appdesc
if self.certificate:
edp.ServerCertificate = uacrypto.der_from_x509(self.certificate)
edp.SecurityMode = mode
edp.SecurityPolicyUri = policy.URI
edp.UserIdentityTokens = idtokens
edp.TransportProfileUri = 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary'
edp.SecurityLevel = 0
self.iserver.add_endpoint(edp)
self.iserver.supported_tokens = tuple(supported_token_classes)
def register_server(self, registeredServer, uaDiscoveryConfiguration=None):
assert (isinstance(registeredServer,
ua.uaprotocol_auto.RegisteredServer))
appDesc = ua.ApplicationDescription()
appDesc.ApplicationUri = registeredServer.ServerUri
appDesc.ProductUri = registeredServer.ProductUri
# FIXME: select name from client locale
appDesc.ApplicationName = registeredServer.ServerNames[0]
appDesc.ApplicationType = registeredServer.ServerType
appDesc.DiscoveryUrls = registeredServer.DiscoveryUrls
# FIXME: select discovery uri using reachability from client network
appDesc.GatewayServerUri = registeredServer.GatewayServerUri
# Create and add ServerDescription, so it is resolved by find_servers().
srvDesc = LocalDiscoveryService.ServerDescription(
appDesc, uaDiscoveryConfiguration)
self.add_server_description(srvDesc)
# Auto-expire server registrations after REG_EXPIRE_TIMEOUT seconds.
expire_cb = partial(self._expire_server_description, srvDesc)
self.thread_loop.call_later(self.REG_EXPIRE_TIMEOUT, expire_cb)
def create_session(self):
desc = ua.ApplicationDescription()
desc.ApplicationUri = self.application_uri
desc.ProductUri = self.product_uri
desc.ApplicationName = ua.LocalizedText(self.name)
desc.ApplicationType = ua.ApplicationType.Client
params = ua.CreateSessionParameters()
nonce = utils.create_nonce(
32
) # at least 32 random bytes for server to prove possession of private key (specs part 4, 5.6.2.2)
params.ClientNonce = nonce
params.ClientCertificate = self.security_policy.client_certificate
params.ClientDescription = desc
params.EndpointUrl = self.server_url.geturl()
params.SessionName = self.description + " Session" + str(
self._session_counter)
params.RequestedSessionTimeout = 3600000
params.MaxResponseMessageSize = 0 # means no max size
response = self.bclient.create_session(params)
self.security_policy.asymmetric_cryptography.verify(
self.security_policy.client_certificate + nonce,
response.ServerSignature.Signature)
self._server_nonce = response.ServerNonce
if not self.security_policy.server_certificate:
self.security_policy.server_certificate = response.ServerCertificate
elif self.security_policy.server_certificate != response.ServerCertificate:
raise Exception("Server certificate mismatch")
# remember PolicyId's: we will use them in activate_session()
ep = Client.find_endpoint(response.ServerEndpoints,
self.security_policy.Mode,
self.security_policy.URI)
self._policy_ids = ep.UserIdentityTokens
self.session_timeout = response.RevisedSessionTimeout
self.keepalive = KeepAlive(
self,
min(self.session_timeout, self.secure_channel_timeout) *
0.7) # 0.7 is from spec
self.keepalive.start()
return response
def _set_endpoints(self):
idtoken = ua.UserTokenPolicy()
idtoken.PolicyId = 'anonymous'
idtoken.TokenType = ua.UserTokenType.Anonymous
appdesc = ua.ApplicationDescription()
appdesc.ApplicationName = ua.LocalizedText(self.name)
appdesc.ApplicationUri = self.server_uri
appdesc.ApplicationType = ua.ApplicationType.Server
appdesc.ProductUri = self.product_uri
appdesc.DiscoveryUrls.append(self.endpoint.geturl())
edp = ua.EndpointDescription()
edp.EndpointUrl = self.endpoint.geturl()
edp.Server = appdesc
edp.SecurityMode = ua.MessageSecurityMode.None_
edp.SecurityPolicyUri = 'http://opcfoundation.org/UA/SecurityPolicy#None'
edp.UserIdentityTokens = [idtoken]
edp.TransportProfileUri = 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary'
edp.SecurityLevel = 0
self.iserver.add_endpoint(edp)
