def register_server(self, server, conf=None):
appdesc = ua.ApplicationDescription()
appdesc.ApplicationUri = server.ServerUri
appdesc.ProductUri = server.ProductUri
# FIXME: select name from client locale
appdesc.ApplicationName = server.ServerNames[0]
appdesc.ApplicationType = server.ServerType
appdesc.DiscoveryUrls = server.DiscoveryUrls
# FIXME: select discovery uri using reachability from client network
appdesc.GatewayServerUri = server.GatewayServerUri
self._known_servers[server.ServerUri] = ServerDesc(appdesc, conf)
async def create_session(self):
"""
send a CreateSessionRequest to server with reasonable parameters.
If you want o modify settings look at code of this methods
and make your own
"""
desc = ua.ApplicationDescription()
desc.ApplicationUri = self.application_uri
desc.ProductUri = self.product_uri
desc.ApplicationName = ua.LocalizedText(self.name)
desc.ApplicationType = ua.ApplicationType.Client
params = ua.CreateSessionParameters()
# at least 32 random bytes for server to prove possession of private key (specs part 4, 5.6.2.2)
nonce = create_nonce(32)
params.ClientNonce = nonce
params.ClientCertificate = self.security_policy.host_certificate
params.ClientDescription = desc
params.EndpointUrl = self.server_url.geturl()
params.SessionName = f"{self.description} Session{self._session_counter}"
# Requested maximum number of milliseconds that a Session should remain open without activity
params.RequestedSessionTimeout = self.session_timeout
params.MaxResponseMessageSize = 0 # means no max size
response = await self.uaclient.create_session(params)
if self.security_policy.host_certificate is None:
data = nonce
else:
data = self.security_policy.host_certificate + nonce
self.security_policy.asymmetric_cryptography.verify(
data, response.ServerSignature.Signature)
self._server_nonce = response.ServerNonce
if not self.security_policy.peer_certificate:
self.security_policy.peer_certificate = response.ServerCertificate
elif self.security_policy.peer_certificate != response.ServerCertificate:
raise ua.UaError("Server certificate mismatch")
# remember PolicyId's: we will use them in activate_session()
ep = Client.find_endpoint(response.ServerEndpoints,
self.security_policy.Mode,
self.security_policy.URI)
self._policy_ids = ep.UserIdentityTokens
# Actual maximum number of milliseconds that a Session shall remain open without activity
if self.session_timeout != response.RevisedSessionTimeout:
_logger.warning(
"Requested session timeout to be %dms, got %dms instead",
self.secure_channel_timeout, response.RevisedSessionTimeout)
self.session_timeout = response.RevisedSessionTimeout
self._renew_channel_task = self.loop.create_task(
self._renew_channel_loop())
return response
def _set_endpoints(self,
policy=ua.SecurityPolicy,
mode=ua.MessageSecurityMode.None_):
idtokens = []
if "Anonymous" in self._policyIDs:
idtoken = ua.UserTokenPolicy()
idtoken.PolicyId = "anonymous"
idtoken.TokenType = ua.UserTokenType.Anonymous
idtokens.append(idtoken)
if "Basic256Sha256" in self._policyIDs:
idtoken = ua.UserTokenPolicy()
idtoken.PolicyId = 'certificate_basic256sha256'
idtoken.TokenType = ua.UserTokenType.Certificate
idtokens.append(idtoken)
if "Username" in self._policyIDs:
idtoken = ua.UserTokenPolicy()
idtoken.PolicyId = "username"
idtoken.TokenType = ua.UserTokenType.UserName
idtokens.append(idtoken)
appdesc = ua.ApplicationDescription()
appdesc.ApplicationName = ua.LocalizedText(self.name)
appdesc.ApplicationUri = self._application_uri
appdesc.ApplicationType = self.application_type
appdesc.ProductUri = self.product_uri
appdesc.DiscoveryUrls.append(self.endpoint.geturl())
edp = ua.EndpointDescription()
edp.EndpointUrl = self.endpoint.geturl()
edp.Server = appdesc
if self.certificate:
edp.ServerCertificate = uacrypto.der_from_x509(self.certificate)
edp.SecurityMode = mode
edp.SecurityPolicyUri = policy.URI
edp.UserIdentityTokens = idtokens
edp.TransportProfileUri = "http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary"
edp.SecurityLevel = 0
self.iserver.add_endpoint(edp)
