Search in sources :

Example 1 with ChannelSecurity

use of org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity in project milo by eclipse.

the class UascServerAsymmetricHandler method openSecureChannel.

private OpenSecureChannelResponse openSecureChannel(ChannelHandlerContext ctx, OpenSecureChannelRequest request) throws UaException {
    SecurityTokenRequestType requestType = request.getRequestType();
    if (requestType == SecurityTokenRequestType.Issue) {
        secureChannel.setMessageSecurityMode(request.getSecurityMode());
        String endpointUrl = ctx.channel().attr(UascServerHelloHandler.ENDPOINT_URL_KEY).get();
        EndpointDescription endpoint = stackServer.getEndpointDescriptions().stream().filter(e -> {
            boolean transportMatch = Objects.equals(e.getTransportProfileUri(), transportProfile.getUri());
            boolean pathMatch = Objects.equals(EndpointUtil.getPath(e.getEndpointUrl()), EndpointUtil.getPath(endpointUrl));
            boolean securityPolicyMatch = Objects.equals(e.getSecurityPolicyUri(), secureChannel.getSecurityPolicy().getUri());
            boolean securityModeMatch = Objects.equals(e.getSecurityMode(), request.getSecurityMode());
            return transportMatch && pathMatch && securityPolicyMatch && securityModeMatch;
        }).findFirst().orElseThrow(() -> {
            String message = String.format("no matching endpoint found: transportProfile=%s, " + "endpointUrl=%s, securityPolicy=%s, securityMode=%s", transportProfile, endpointUrl, secureChannel.getSecurityPolicy(), request.getSecurityMode());
            return new UaException(StatusCodes.Bad_SecurityChecksFailed, message);
        });
        ctx.channel().attr(ENDPOINT_KEY).set(endpoint);
    }
    if (requestType == SecurityTokenRequestType.Renew && secureChannel.getMessageSecurityMode() != request.getSecurityMode()) {
        throw new UaException(StatusCodes.Bad_SecurityChecksFailed, "secure channel renewal requested a different MessageSecurityMode.");
    }
    long channelLifetime = request.getRequestedLifetime().longValue();
    channelLifetime = Math.min(channelLifetime, stackServer.getConfig().getMaximumSecureChannelLifetime().longValue());
    channelLifetime = Math.max(channelLifetime, stackServer.getConfig().getMinimumSecureChannelLifetime().longValue());
    ChannelSecurityToken newToken = new ChannelSecurityToken(uint(secureChannel.getChannelId()), uint(stackServer.getNextTokenId()), DateTime.now(), uint(channelLifetime));
    SecurityKeys newKeys = null;
    if (secureChannel.isSymmetricSigningEnabled()) {
        // Validate the remote nonce; it must be non-null and the correct length for the security algorithm.
        ByteString remoteNonce = request.getClientNonce();
        NonceUtil.validateNonce(remoteNonce, secureChannel.getSecurityPolicy());
        ByteString localNonce = generateNonce(secureChannel.getSecurityPolicy());
        secureChannel.setLocalNonce(localNonce);
        secureChannel.setRemoteNonce(remoteNonce);
        newKeys = ChannelSecurity.generateKeyPair(secureChannel, secureChannel.getRemoteNonce(), secureChannel.getLocalNonce());
    }
    ChannelSecurity oldSecrets = secureChannel.getChannelSecurity();
    SecurityKeys oldKeys = oldSecrets != null ? oldSecrets.getCurrentKeys() : null;
    ChannelSecurityToken oldToken = oldSecrets != null ? oldSecrets.getCurrentToken() : null;
    ChannelSecurity newSecrets = new ChannelSecurity(newKeys, newToken, oldKeys, oldToken);
    secureChannel.setChannelSecurity(newSecrets);
    /*
         * Cancel the previous timeout, if it exists, and start a new one.
         */
    if (secureChannelTimeout == null || secureChannelTimeout.cancel()) {
        final long lifetime = channelLifetime;
        secureChannelTimeout = Stack.sharedWheelTimer().newTimeout(timeout -> {
            logger.debug("SecureChannel renewal timed out after {}ms. id={}, channel={}", lifetime, secureChannel.getChannelId(), ctx.channel());
            ctx.close();
        }, channelLifetime, TimeUnit.MILLISECONDS);
    }
    ResponseHeader responseHeader = new ResponseHeader(DateTime.now(), request.getRequestHeader().getRequestHandle(), StatusCode.GOOD, null, null, null);
    return new OpenSecureChannelResponse(responseHeader, uint(PROTOCOL_VERSION), newToken, secureChannel.getLocalNonce());
}
Also used : X509Certificate(java.security.cert.X509Certificate) AttributeKey(io.netty.util.AttributeKey) ErrorMessage(org.eclipse.milo.opcua.stack.core.channel.messages.ErrorMessage) KeyPair(java.security.KeyPair) ChannelSecurityToken(org.eclipse.milo.opcua.stack.core.types.structured.ChannelSecurityToken) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) LoggerFactory(org.slf4j.LoggerFactory) SecurityKeys(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity.SecurityKeys) DateTime(org.eclipse.milo.opcua.stack.core.types.builtin.DateTime) MessageEncodeException(org.eclipse.milo.opcua.stack.core.channel.MessageEncodeException) Unsigned.uint(org.eclipse.milo.opcua.stack.core.types.builtin.unsigned.Unsigned.uint) CertificateManager(org.eclipse.milo.opcua.stack.core.security.CertificateManager) TransportProfile(org.eclipse.milo.opcua.stack.core.transport.TransportProfile) SerializationQueue(org.eclipse.milo.opcua.stack.core.channel.SerializationQueue) Objects(java.util.Objects) CompositeByteBuf(io.netty.buffer.CompositeByteBuf) List(java.util.List) StatusCode(org.eclipse.milo.opcua.stack.core.types.builtin.StatusCode) ReferenceCountUtil(io.netty.util.ReferenceCountUtil) CertificateValidator(org.eclipse.milo.opcua.stack.core.security.CertificateValidator) EncodedMessage(org.eclipse.milo.opcua.stack.core.channel.ChunkEncoder.EncodedMessage) Optional(java.util.Optional) MessageType(org.eclipse.milo.opcua.stack.core.channel.messages.MessageType) BufferUtil(org.eclipse.milo.opcua.stack.core.util.BufferUtil) EndpointUtil(org.eclipse.milo.opcua.stack.core.util.EndpointUtil) ChunkDecoder(org.eclipse.milo.opcua.stack.core.channel.ChunkDecoder) ExceptionHandler(org.eclipse.milo.opcua.stack.core.channel.ExceptionHandler) HeaderDecoder(org.eclipse.milo.opcua.stack.core.channel.headers.HeaderDecoder) AtomicReference(java.util.concurrent.atomic.AtomicReference) ArrayList(java.util.ArrayList) MessageDecodeException(org.eclipse.milo.opcua.stack.core.channel.MessageDecodeException) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) ByteBuf(io.netty.buffer.ByteBuf) Stack(org.eclipse.milo.opcua.stack.core.Stack) EndpointDescription(org.eclipse.milo.opcua.stack.core.types.structured.EndpointDescription) ByteToMessageDecoder(io.netty.handler.codec.ByteToMessageDecoder) SecurityPolicy(org.eclipse.milo.opcua.stack.core.security.SecurityPolicy) UaStackServer(org.eclipse.milo.opcua.stack.server.UaStackServer) StatusCodes(org.eclipse.milo.opcua.stack.core.StatusCodes) Timeout(io.netty.util.Timeout) AsymmetricSecurityHeader(org.eclipse.milo.opcua.stack.core.channel.headers.AsymmetricSecurityHeader) Logger(org.slf4j.Logger) NonceUtil.generateNonce(org.eclipse.milo.opcua.stack.core.util.NonceUtil.generateNonce) IOException(java.io.IOException) UaSerializationException(org.eclipse.milo.opcua.stack.core.UaSerializationException) OpenSecureChannelRequest(org.eclipse.milo.opcua.stack.core.types.structured.OpenSecureChannelRequest) MessageAbortException(org.eclipse.milo.opcua.stack.core.channel.MessageAbortException) ServerSecureChannel(org.eclipse.milo.opcua.stack.core.channel.ServerSecureChannel) OpenSecureChannelResponse(org.eclipse.milo.opcua.stack.core.types.structured.OpenSecureChannelResponse) TimeUnit(java.util.concurrent.TimeUnit) NonceUtil(org.eclipse.milo.opcua.stack.core.util.NonceUtil) ChannelSecurity(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity) UaException(org.eclipse.milo.opcua.stack.core.UaException) SecurityTokenRequestType(org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType) ResponseHeader(org.eclipse.milo.opcua.stack.core.types.structured.ResponseHeader) ResponseHeader(org.eclipse.milo.opcua.stack.core.types.structured.ResponseHeader) OpenSecureChannelResponse(org.eclipse.milo.opcua.stack.core.types.structured.OpenSecureChannelResponse) UaException(org.eclipse.milo.opcua.stack.core.UaException) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) SecurityKeys(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity.SecurityKeys) ChannelSecurity(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity) SecurityTokenRequestType(org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) EndpointDescription(org.eclipse.milo.opcua.stack.core.types.structured.EndpointDescription) ChannelSecurityToken(org.eclipse.milo.opcua.stack.core.types.structured.ChannelSecurityToken)

Example 2 with ChannelSecurity

use of org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity in project milo by eclipse.

the class SecureChannelFixture method generateChannels.

protected SecureChannel[] generateChannels(SecurityPolicy securityPolicy, MessageSecurityMode messageSecurity) throws Exception {
    super.setUp();
    ByteString clientNonce = generateNonce(securityPolicy);
    ByteString serverNonce = generateNonce(securityPolicy);
    ClientSecureChannel clientChannel = new ClientSecureChannel(securityPolicy == SecurityPolicy.None ? null : clientKeyPair, securityPolicy == SecurityPolicy.None ? null : clientCertificate, securityPolicy == SecurityPolicy.None ? null : newArrayList(clientCertificate), securityPolicy == SecurityPolicy.None ? null : serverCertificate, securityPolicy == SecurityPolicy.None ? null : newArrayList(serverCertificate), securityPolicy, messageSecurity);
    clientChannel.setLocalNonce(clientNonce);
    clientChannel.setRemoteNonce(serverNonce);
    ServerSecureChannel serverChannel = new ServerSecureChannel();
    serverChannel.setSecurityPolicy(securityPolicy);
    serverChannel.setMessageSecurityMode(messageSecurity);
    serverChannel.setLocalNonce(serverNonce);
    serverChannel.setRemoteNonce(clientNonce);
    if (securityPolicy != SecurityPolicy.None) {
        serverChannel.setKeyPair(serverKeyPair);
        serverChannel.setLocalCertificate(serverCertificate);
        serverChannel.setLocalCertificateChain(new X509Certificate[] { serverCertificate });
        serverChannel.setRemoteCertificate(clientCertificateBytes);
    }
    // Configure the ChannelSecurityToken for clientChannel
    ChannelSecurityToken clientToken = new ChannelSecurityToken(uint(0), uint(1), DateTime.now(), uint(60000));
    if (messageSecurity == MessageSecurityMode.None) {
        clientChannel.setChannelSecurity(new ChannelSecurity(null, clientToken));
    } else {
        ChannelSecurity.SecurityKeys clientSecrets = ChannelSecurity.generateKeyPair(clientChannel, clientChannel.getLocalNonce(), clientChannel.getRemoteNonce());
        clientChannel.setChannelSecurity(new ChannelSecurity(clientSecrets, clientToken));
    }
    // Configure the ChannelSecurityToken for serverChannel
    ChannelSecurityToken serverToken = new ChannelSecurityToken(uint(0), uint(1), DateTime.now(), uint(60000));
    if (messageSecurity == MessageSecurityMode.None) {
        serverChannel.setChannelSecurity(new ChannelSecurity(null, serverToken));
    } else {
        ChannelSecurity.SecurityKeys serverSecrets = ChannelSecurity.generateKeyPair(serverChannel, serverChannel.getRemoteNonce(), serverChannel.getLocalNonce());
        serverChannel.setChannelSecurity(new ChannelSecurity(serverSecrets, serverToken));
    }
    return new SecureChannel[] { clientChannel, serverChannel };
}
Also used : ServerSecureChannel(org.eclipse.milo.opcua.stack.core.channel.ServerSecureChannel) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) ClientSecureChannel(org.eclipse.milo.opcua.stack.client.transport.uasc.ClientSecureChannel) ChannelSecurity(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity) ChannelSecurityToken(org.eclipse.milo.opcua.stack.core.types.structured.ChannelSecurityToken) ServerSecureChannel(org.eclipse.milo.opcua.stack.core.channel.ServerSecureChannel) SecureChannel(org.eclipse.milo.opcua.stack.core.channel.SecureChannel) ClientSecureChannel(org.eclipse.milo.opcua.stack.client.transport.uasc.ClientSecureChannel)

Example 3 with ChannelSecurity

use of org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity in project milo by eclipse.

the class UascClientMessageHandler method installSecurityToken.

private void installSecurityToken(ChannelHandlerContext ctx, OpenSecureChannelResponse response) {
    ChannelSecurity.SecurityKeys newKeys = null;
    if (response.getServerProtocolVersion().longValue() < PROTOCOL_VERSION) {
        throw new UaRuntimeException(StatusCodes.Bad_ProtocolVersionUnsupported, "server protocol version unsupported: " + response.getServerProtocolVersion());
    }
    ChannelSecurityToken newToken = response.getSecurityToken();
    if (secureChannel.isSymmetricSigningEnabled()) {
        secureChannel.setRemoteNonce(response.getServerNonce());
        newKeys = ChannelSecurity.generateKeyPair(secureChannel, secureChannel.getLocalNonce(), secureChannel.getRemoteNonce());
    }
    ChannelSecurity oldSecrets = secureChannel.getChannelSecurity();
    ChannelSecurity.SecurityKeys oldKeys = oldSecrets != null ? oldSecrets.getCurrentKeys() : null;
    ChannelSecurityToken oldToken = oldSecrets != null ? oldSecrets.getCurrentToken() : null;
    secureChannel.setChannelSecurity(new ChannelSecurity(newKeys, newToken, oldKeys, oldToken));
    DateTime createdAt = response.getSecurityToken().getCreatedAt();
    long revisedLifetime = response.getSecurityToken().getRevisedLifetime().longValue();
    if (revisedLifetime > 0) {
        long renewAt = (long) (revisedLifetime * 0.75);
        renewFuture = ctx.executor().schedule(() -> sendOpenSecureChannelRequest(ctx, SecurityTokenRequestType.Renew), renewAt, TimeUnit.MILLISECONDS);
    } else {
        logger.warn("Server revised secure channel lifetime to 0; renewal will not occur.");
    }
    ctx.executor().execute(() -> {
        // SecureChannel is ready; remove the acknowledge handler.
        if (ctx.pipeline().get(UascClientAcknowledgeHandler.class) != null) {
            ctx.pipeline().remove(UascClientAcknowledgeHandler.class);
        }
    });
    ChannelSecurity channelSecurity = secureChannel.getChannelSecurity();
    long currentTokenId = channelSecurity.getCurrentToken().getTokenId().longValue();
    long previousTokenId = channelSecurity.getPreviousToken().map(t -> t.getTokenId().longValue()).orElse(-1L);
    logger.debug("SecureChannel id={}, currentTokenId={}, previousTokenId={}, lifetime={}ms, createdAt={}", secureChannel.getChannelId(), currentTokenId, previousTokenId, revisedLifetime, createdAt);
}
Also used : X509Certificate(java.security.cert.X509Certificate) ErrorMessage(org.eclipse.milo.opcua.stack.core.channel.messages.ErrorMessage) ScheduledFuture(java.util.concurrent.ScheduledFuture) ChannelSecurityToken(org.eclipse.milo.opcua.stack.core.types.structured.ChannelSecurityToken) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) LoggerFactory(org.slf4j.LoggerFactory) DateTime(org.eclipse.milo.opcua.stack.core.types.builtin.DateTime) UaTransportRequest(org.eclipse.milo.opcua.stack.client.transport.UaTransportRequest) MessageEncodeException(org.eclipse.milo.opcua.stack.core.channel.MessageEncodeException) UaStackClientConfig(org.eclipse.milo.opcua.stack.client.UaStackClientConfig) Unsigned.uint(org.eclipse.milo.opcua.stack.core.types.builtin.unsigned.Unsigned.uint) Map(java.util.Map) CertificateUtil(org.eclipse.milo.opcua.stack.core.util.CertificateUtil) TcpMessageDecoder(org.eclipse.milo.opcua.stack.core.channel.messages.TcpMessageDecoder) ByteToMessageCodec(io.netty.handler.codec.ByteToMessageCodec) UaResponseMessage(org.eclipse.milo.opcua.stack.core.serialization.UaResponseMessage) SerializationQueue(org.eclipse.milo.opcua.stack.core.channel.SerializationQueue) ServiceFault(org.eclipse.milo.opcua.stack.core.types.structured.ServiceFault) CompositeByteBuf(io.netty.buffer.CompositeByteBuf) List(java.util.List) StatusCode(org.eclipse.milo.opcua.stack.core.types.builtin.StatusCode) ReferenceCountUtil(io.netty.util.ReferenceCountUtil) CertificateValidator(org.eclipse.milo.opcua.stack.core.security.CertificateValidator) EncodedMessage(org.eclipse.milo.opcua.stack.core.channel.ChunkEncoder.EncodedMessage) MessageType(org.eclipse.milo.opcua.stack.core.channel.messages.MessageType) BufferUtil(org.eclipse.milo.opcua.stack.core.util.BufferUtil) ChunkDecoder(org.eclipse.milo.opcua.stack.core.channel.ChunkDecoder) UaRuntimeException(org.eclipse.milo.opcua.stack.core.UaRuntimeException) CompletableFuture(java.util.concurrent.CompletableFuture) HeaderDecoder(org.eclipse.milo.opcua.stack.core.channel.headers.HeaderDecoder) AtomicReference(java.util.concurrent.atomic.AtomicReference) ArrayList(java.util.ArrayList) RequestHeader(org.eclipse.milo.opcua.stack.core.types.structured.RequestHeader) MessageDecodeException(org.eclipse.milo.opcua.stack.core.channel.MessageDecodeException) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) ByteBuf(io.netty.buffer.ByteBuf) SecurityPolicy(org.eclipse.milo.opcua.stack.core.security.SecurityPolicy) StatusCodes(org.eclipse.milo.opcua.stack.core.StatusCodes) Timeout(io.netty.util.Timeout) AsymmetricSecurityHeader(org.eclipse.milo.opcua.stack.core.channel.headers.AsymmetricSecurityHeader) Logger(org.slf4j.Logger) UInteger(org.eclipse.milo.opcua.stack.core.types.builtin.unsigned.UInteger) LongSequence(org.eclipse.milo.opcua.stack.core.util.LongSequence) UaSerializationException(org.eclipse.milo.opcua.stack.core.UaSerializationException) OpenSecureChannelRequest(org.eclipse.milo.opcua.stack.core.types.structured.OpenSecureChannelRequest) CloseSecureChannelRequest(org.eclipse.milo.opcua.stack.core.types.structured.CloseSecureChannelRequest) UaServiceFaultException(org.eclipse.milo.opcua.stack.core.UaServiceFaultException) MessageAbortException(org.eclipse.milo.opcua.stack.core.channel.MessageAbortException) Maps(com.google.common.collect.Maps) OpenSecureChannelResponse(org.eclipse.milo.opcua.stack.core.types.structured.OpenSecureChannelResponse) TimeUnit(java.util.concurrent.TimeUnit) Channel(io.netty.channel.Channel) NonceUtil(org.eclipse.milo.opcua.stack.core.util.NonceUtil) ChannelSecurity(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity) UaException(org.eclipse.milo.opcua.stack.core.UaException) SecurityTokenRequestType(org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType) UaRuntimeException(org.eclipse.milo.opcua.stack.core.UaRuntimeException) ChannelSecurity(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity) ChannelSecurityToken(org.eclipse.milo.opcua.stack.core.types.structured.ChannelSecurityToken) DateTime(org.eclipse.milo.opcua.stack.core.types.builtin.DateTime)

Example 4 with ChannelSecurity

use of org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity in project milo by eclipse.

the class UascClientMessageHandler method sendOpenSecureChannelRequest.

private void sendOpenSecureChannelRequest(ChannelHandlerContext ctx, SecurityTokenRequestType requestType) {
    ByteString clientNonce = secureChannel.isSymmetricSigningEnabled() ? NonceUtil.generateNonce(secureChannel.getSecurityPolicy()) : ByteString.NULL_VALUE;
    secureChannel.setLocalNonce(clientNonce);
    RequestHeader header = new RequestHeader(null, DateTime.now(), uint(0), uint(0), null, config.getRequestTimeout(), null);
    OpenSecureChannelRequest request = new OpenSecureChannelRequest(header, uint(PROTOCOL_VERSION), requestType, secureChannel.getMessageSecurityMode(), secureChannel.getLocalNonce(), config.getChannelLifetime());
    serializationQueue.encode((binaryEncoder, chunkEncoder) -> {
        ByteBuf messageBuffer = BufferUtil.pooledBuffer();
        try {
            binaryEncoder.setBuffer(messageBuffer);
            binaryEncoder.writeMessage(null, request);
            checkMessageSize(messageBuffer);
            EncodedMessage encodedMessage = chunkEncoder.encodeAsymmetric(secureChannel, requestIdSequence.getAndIncrement(), messageBuffer, MessageType.OpenSecureChannel);
            CompositeByteBuf chunkComposite = BufferUtil.compositeBuffer();
            for (ByteBuf chunk : encodedMessage.getMessageChunks()) {
                chunkComposite.addComponent(chunk);
                chunkComposite.writerIndex(chunkComposite.writerIndex() + chunk.readableBytes());
            }
            ctx.writeAndFlush(chunkComposite, ctx.voidPromise());
            ChannelSecurity channelSecurity = secureChannel.getChannelSecurity();
            long currentTokenId = -1L;
            if (channelSecurity != null) {
                currentTokenId = channelSecurity.getCurrentToken().getTokenId().longValue();
            }
            long previousTokenId = -1L;
            if (channelSecurity != null) {
                previousTokenId = channelSecurity.getPreviousToken().map(token -> token.getTokenId().longValue()).orElse(-1L);
            }
            logger.debug("Sent OpenSecureChannelRequest ({}, id={}, currentToken={}, previousToken={}).", request.getRequestType(), secureChannel.getChannelId(), currentTokenId, previousTokenId);
        } catch (MessageEncodeException e) {
            logger.error("Error encoding {}: {}", request, e.getMessage(), e);
            ctx.close();
        } finally {
            messageBuffer.release();
        }
    });
}
Also used : OpenSecureChannelRequest(org.eclipse.milo.opcua.stack.core.types.structured.OpenSecureChannelRequest) EncodedMessage(org.eclipse.milo.opcua.stack.core.channel.ChunkEncoder.EncodedMessage) CompositeByteBuf(io.netty.buffer.CompositeByteBuf) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) ChannelSecurity(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity) RequestHeader(org.eclipse.milo.opcua.stack.core.types.structured.RequestHeader) CompositeByteBuf(io.netty.buffer.CompositeByteBuf) ByteBuf(io.netty.buffer.ByteBuf) MessageEncodeException(org.eclipse.milo.opcua.stack.core.channel.MessageEncodeException)

Example 5 with ChannelSecurity

use of org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity in project milo by eclipse.

the class SecureChannelFixture method generateChannels4096.

protected SecureChannel[] generateChannels4096() throws Exception {
    super.setUp();
    SecurityPolicy securityPolicy = SecurityPolicy.Basic256Sha256;
    MessageSecurityMode messageSecurity = MessageSecurityMode.SignAndEncrypt;
    ByteString clientNonce = generateNonce(securityPolicy);
    ByteString serverNonce = generateNonce(securityPolicy);
    ClientSecureChannel clientChannel = new ClientSecureChannel(clientKeyPair4096, clientCertificate4096, newArrayList(clientCertificate4096), serverCertificate4096, newArrayList(serverCertificate4096), securityPolicy, messageSecurity);
    clientChannel.setLocalNonce(clientNonce);
    clientChannel.setRemoteNonce(serverNonce);
    ServerSecureChannel serverChannel = new ServerSecureChannel();
    serverChannel.setSecurityPolicy(securityPolicy);
    serverChannel.setMessageSecurityMode(messageSecurity);
    serverChannel.setLocalNonce(serverNonce);
    serverChannel.setRemoteNonce(clientNonce);
    serverChannel.setKeyPair(serverKeyPair4096);
    serverChannel.setLocalCertificate(serverCertificate4096);
    serverChannel.setLocalCertificateChain(new X509Certificate[] { serverCertificate4096 });
    serverChannel.setRemoteCertificate(clientCertificateBytes4096);
    // Configure the ChannelSecurityToken for clientChannel
    ChannelSecurityToken clientToken = new ChannelSecurityToken(uint(0), uint(1), DateTime.now(), uint(60000));
    ChannelSecurity.SecurityKeys clientSecrets = ChannelSecurity.generateKeyPair(clientChannel, clientChannel.getLocalNonce(), clientChannel.getRemoteNonce());
    clientChannel.setChannelSecurity(new ChannelSecurity(clientSecrets, clientToken));
    // Configure the ChannelSecurityToken for serverChannel
    ChannelSecurityToken serverToken = new ChannelSecurityToken(uint(0), uint(1), DateTime.now(), uint(60000));
    ChannelSecurity.SecurityKeys serverSecrets = ChannelSecurity.generateKeyPair(serverChannel, serverChannel.getRemoteNonce(), serverChannel.getLocalNonce());
    serverChannel.setChannelSecurity(new ChannelSecurity(serverSecrets, serverToken));
    return new SecureChannel[] { clientChannel, serverChannel };
}
Also used : ServerSecureChannel(org.eclipse.milo.opcua.stack.core.channel.ServerSecureChannel) MessageSecurityMode(org.eclipse.milo.opcua.stack.core.types.enumerated.MessageSecurityMode) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) SecurityPolicy(org.eclipse.milo.opcua.stack.core.security.SecurityPolicy) ClientSecureChannel(org.eclipse.milo.opcua.stack.client.transport.uasc.ClientSecureChannel) ChannelSecurity(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity) ChannelSecurityToken(org.eclipse.milo.opcua.stack.core.types.structured.ChannelSecurityToken) ServerSecureChannel(org.eclipse.milo.opcua.stack.core.channel.ServerSecureChannel) SecureChannel(org.eclipse.milo.opcua.stack.core.channel.SecureChannel) ClientSecureChannel(org.eclipse.milo.opcua.stack.client.transport.uasc.ClientSecureChannel)

Aggregations

ChannelSecurity (org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity)5 ByteString (org.eclipse.milo.opcua.stack.core.types.builtin.ByteString)5 ChannelSecurityToken (org.eclipse.milo.opcua.stack.core.types.structured.ChannelSecurityToken)4 ByteBuf (io.netty.buffer.ByteBuf)3 CompositeByteBuf (io.netty.buffer.CompositeByteBuf)3 EncodedMessage (org.eclipse.milo.opcua.stack.core.channel.ChunkEncoder.EncodedMessage)3 MessageEncodeException (org.eclipse.milo.opcua.stack.core.channel.MessageEncodeException)3 ServerSecureChannel (org.eclipse.milo.opcua.stack.core.channel.ServerSecureChannel)3 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)2 ReferenceCountUtil (io.netty.util.ReferenceCountUtil)2 Timeout (io.netty.util.Timeout)2 X509Certificate (java.security.cert.X509Certificate)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 TimeUnit (java.util.concurrent.TimeUnit)2 AtomicReference (java.util.concurrent.atomic.AtomicReference)2 ClientSecureChannel (org.eclipse.milo.opcua.stack.client.transport.uasc.ClientSecureChannel)2 StatusCodes (org.eclipse.milo.opcua.stack.core.StatusCodes)2 UaException (org.eclipse.milo.opcua.stack.core.UaException)2 UaSerializationException (org.eclipse.milo.opcua.stack.core.UaSerializationException)2