def __init__(self, peer_cert, host_cert, client_pk, mode, permission_ruleset=None): require_cryptography(self) if isinstance(peer_cert, bytes): peer_cert = uacrypto.x509_from_der(peer_cert) # even in Sign mode we need to asymmetrically encrypt secrets # transmitted in OpenSecureChannel. So SignAndEncrypt here self.asymmetric_cryptography = Cryptography( MessageSecurityMode.SignAndEncrypt) self.asymmetric_cryptography.Signer = SignerSha256(client_pk) self.asymmetric_cryptography.Verifier = VerifierSha256(peer_cert) self.asymmetric_cryptography.Encryptor = EncryptorRsa( peer_cert, uacrypto.encrypt_rsa_oaep, 42) self.asymmetric_cryptography.Decryptor = DecryptorRsa( client_pk, uacrypto.decrypt_rsa_oaep, 42) self.symmetric_cryptography = Cryptography(mode) self.Mode = mode self.peer_certificate = uacrypto.der_from_x509(peer_cert) self.host_certificate = uacrypto.der_from_x509(host_cert) if permission_ruleset is None: from asyncua.crypto.permission_rules import SimpleRoleRuleset permission_ruleset = SimpleRoleRuleset() self.permissions = permission_ruleset
async def srv_crypto_one_cert(request): cert_user_manager = CertificateUserManager() admin_peer_certificate = admin_peer_creds["certificate"] user_peer_certificate = user_peer_creds["certificate"] anonymous_peer_certificate = anonymous_peer_creds["certificate"] key, cert = request.param await cert_user_manager.add_admin(admin_peer_certificate, name='Admin') await cert_user_manager.add_user(user_peer_certificate, name='User') await cert_user_manager.add_role(anonymous_peer_certificate, name='Anonymous', user_role=UserRole.Anonymous) srv = Server(user_manager=cert_user_manager) srv.set_endpoint(uri_crypto_cert) srv.set_security_policy([ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt], permission_ruleset=SimpleRoleRuleset()) await srv.init() await srv.load_certificate(cert) await srv.load_private_key(key) idx = 0 myobj = await srv.nodes.objects.add_object(idx, "MyObject") myvar = await myobj.add_variable(idx, "MyVariable", 0.0) await myvar.set_writable() # Set MyVariable to be writable by clients await srv.start() yield srv # stop the server await srv.stop()
async def main(): cert_user_manager = CertificateUserManager() await cert_user_manager.add_user( "certificates/peer-certificate-example-1.der", name='test_user') server = Server(user_manager=cert_user_manager) await server.init() server.set_endpoint("opc.tcp://0.0.0.0:4840/freeopcua/server/") server.set_security_policy( [ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt], permission_ruleset=SimpleRoleRuleset()) # load server certificate and private key. This enables endpoints # with signing and encryption. await server.load_certificate("certificate-example.der") await server.load_private_key("private-key-example.pem") idx = 0 # populating our address space myobj = await server.nodes.objects.add_object(idx, "MyObject") myvar = await myobj.add_variable(idx, "MyVariable", 0.0) await myvar.set_writable() # Set MyVariable to be writable by clients # starting! async with server: while True: await asyncio.sleep(1) current_val = await myvar.get_value() count = current_val + 0.1 await myvar.write_value(count)
async def server_with_certificates(server_url, server_certificate_path, server_private_key_path, certificates=None, test=False): """ :param server_url: :type server_url: str :param server_certificate_path: :type server_certificate_path: str :param server_private_key_path: :type server_private_key_path: str :param certificates: :type certificates: list :return: """ # setup our serverclone_and_subscribe(client_node, server_node, sub_handler) certificate_handler = CertificateUserManager() if certificates is not None and test is not True: for role_add in certificates: certificate_path = role_add['certificate_path'] name = role_add['name'] role = role_add['role'] if role == 'admin': await certificate_handler.add_admin( certificate_path=certificate_path, name=name) elif role == 'user': await certificate_handler.add_user( certificate_path=certificate_path, name=name) else: raise NotImplementedError server = Server(user_manager=certificate_handler) else: server = Server() await server.init() server.set_endpoint(server_url) security_policies = [] permission_ruleset = SimpleRoleRuleset() if certificates is not None: security_policies.append( ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt) if certificates is None or test: security_policies.append(ua.SecurityPolicyType.NoSecurity) server.set_security_policy(security_policies, permission_ruleset=permission_ruleset) if server_certificate_path: await server.load_certificate(server_certificate_path) await server.load_private_key(server_private_key_path) return server, certificate_handler