Examples with SecurityTokenRequestType org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType used on opensource projects

Search in sources :

Example 1 with SecurityTokenRequestType

use of org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType in project milo by eclipse.

the class UascClientMessageHandler method handlerAdded.

@Override
public void handlerAdded(ChannelHandlerContext ctx) {
    SecurityTokenRequestType requestType = secureChannel.getChannelId() == 0 ? SecurityTokenRequestType.Issue : SecurityTokenRequestType.Renew;
    secureChannelTimeout = config.getWheelTimer().newTimeout(timeout -> {
        if (!timeout.isCancelled()) {
            handshakeFuture.completeExceptionally(new UaException(StatusCodes.Bad_Timeout, "timed out waiting for secure channel"));
            ctx.close();
        }
    }, config.getRequestTimeout().longValue(), TimeUnit.MILLISECONDS);
    logger.debug("OpenSecureChannel timeout scheduled for +{}ms", config.getRequestTimeout());
    sendOpenSecureChannelRequest(ctx, requestType);
}
Also used : X509Certificate(java.security.cert.X509Certificate) ErrorMessage(org.eclipse.milo.opcua.stack.core.channel.messages.ErrorMessage) ScheduledFuture(java.util.concurrent.ScheduledFuture) ChannelSecurityToken(org.eclipse.milo.opcua.stack.core.types.structured.ChannelSecurityToken) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) LoggerFactory(org.slf4j.LoggerFactory) DateTime(org.eclipse.milo.opcua.stack.core.types.builtin.DateTime) UaTransportRequest(org.eclipse.milo.opcua.stack.client.transport.UaTransportRequest) MessageEncodeException(org.eclipse.milo.opcua.stack.core.channel.MessageEncodeException) UaStackClientConfig(org.eclipse.milo.opcua.stack.client.UaStackClientConfig) Unsigned.uint(org.eclipse.milo.opcua.stack.core.types.builtin.unsigned.Unsigned.uint) Map(java.util.Map) CertificateUtil(org.eclipse.milo.opcua.stack.core.util.CertificateUtil) TcpMessageDecoder(org.eclipse.milo.opcua.stack.core.channel.messages.TcpMessageDecoder) ByteToMessageCodec(io.netty.handler.codec.ByteToMessageCodec) UaResponseMessage(org.eclipse.milo.opcua.stack.core.serialization.UaResponseMessage) SerializationQueue(org.eclipse.milo.opcua.stack.core.channel.SerializationQueue) ServiceFault(org.eclipse.milo.opcua.stack.core.types.structured.ServiceFault) CompositeByteBuf(io.netty.buffer.CompositeByteBuf) List(java.util.List) StatusCode(org.eclipse.milo.opcua.stack.core.types.builtin.StatusCode) ReferenceCountUtil(io.netty.util.ReferenceCountUtil) CertificateValidator(org.eclipse.milo.opcua.stack.core.security.CertificateValidator) EncodedMessage(org.eclipse.milo.opcua.stack.core.channel.ChunkEncoder.EncodedMessage) MessageType(org.eclipse.milo.opcua.stack.core.channel.messages.MessageType) BufferUtil(org.eclipse.milo.opcua.stack.core.util.BufferUtil) ChunkDecoder(org.eclipse.milo.opcua.stack.core.channel.ChunkDecoder) UaRuntimeException(org.eclipse.milo.opcua.stack.core.UaRuntimeException) CompletableFuture(java.util.concurrent.CompletableFuture) HeaderDecoder(org.eclipse.milo.opcua.stack.core.channel.headers.HeaderDecoder) AtomicReference(java.util.concurrent.atomic.AtomicReference) ArrayList(java.util.ArrayList) RequestHeader(org.eclipse.milo.opcua.stack.core.types.structured.RequestHeader) MessageDecodeException(org.eclipse.milo.opcua.stack.core.channel.MessageDecodeException) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) ByteBuf(io.netty.buffer.ByteBuf) SecurityPolicy(org.eclipse.milo.opcua.stack.core.security.SecurityPolicy) StatusCodes(org.eclipse.milo.opcua.stack.core.StatusCodes) Timeout(io.netty.util.Timeout) AsymmetricSecurityHeader(org.eclipse.milo.opcua.stack.core.channel.headers.AsymmetricSecurityHeader) Logger(org.slf4j.Logger) UInteger(org.eclipse.milo.opcua.stack.core.types.builtin.unsigned.UInteger) LongSequence(org.eclipse.milo.opcua.stack.core.util.LongSequence) UaSerializationException(org.eclipse.milo.opcua.stack.core.UaSerializationException) OpenSecureChannelRequest(org.eclipse.milo.opcua.stack.core.types.structured.OpenSecureChannelRequest) CloseSecureChannelRequest(org.eclipse.milo.opcua.stack.core.types.structured.CloseSecureChannelRequest) UaServiceFaultException(org.eclipse.milo.opcua.stack.core.UaServiceFaultException) MessageAbortException(org.eclipse.milo.opcua.stack.core.channel.MessageAbortException) Maps(com.google.common.collect.Maps) OpenSecureChannelResponse(org.eclipse.milo.opcua.stack.core.types.structured.OpenSecureChannelResponse) TimeUnit(java.util.concurrent.TimeUnit) Channel(io.netty.channel.Channel) NonceUtil(org.eclipse.milo.opcua.stack.core.util.NonceUtil) ChannelSecurity(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity) UaException(org.eclipse.milo.opcua.stack.core.UaException) SecurityTokenRequestType(org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType) UaException(org.eclipse.milo.opcua.stack.core.UaException) SecurityTokenRequestType(org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType)

Example 2 with SecurityTokenRequestType

use of org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType in project milo by eclipse.

the class UascServerAsymmetricHandler method openSecureChannel.

private OpenSecureChannelResponse openSecureChannel(ChannelHandlerContext ctx, OpenSecureChannelRequest request) throws UaException {
    SecurityTokenRequestType requestType = request.getRequestType();
    if (requestType == SecurityTokenRequestType.Issue) {
        secureChannel.setMessageSecurityMode(request.getSecurityMode());
        String endpointUrl = ctx.channel().attr(UascServerHelloHandler.ENDPOINT_URL_KEY).get();
        EndpointDescription endpoint = stackServer.getEndpointDescriptions().stream().filter(e -> {
            boolean transportMatch = Objects.equals(e.getTransportProfileUri(), transportProfile.getUri());
            boolean pathMatch = Objects.equals(EndpointUtil.getPath(e.getEndpointUrl()), EndpointUtil.getPath(endpointUrl));
            boolean securityPolicyMatch = Objects.equals(e.getSecurityPolicyUri(), secureChannel.getSecurityPolicy().getUri());
            boolean securityModeMatch = Objects.equals(e.getSecurityMode(), request.getSecurityMode());
            return transportMatch && pathMatch && securityPolicyMatch && securityModeMatch;
        }).findFirst().orElseThrow(() -> {
            String message = String.format("no matching endpoint found: transportProfile=%s, " + "endpointUrl=%s, securityPolicy=%s, securityMode=%s", transportProfile, endpointUrl, secureChannel.getSecurityPolicy(), request.getSecurityMode());
            return new UaException(StatusCodes.Bad_SecurityChecksFailed, message);
        });
        ctx.channel().attr(ENDPOINT_KEY).set(endpoint);
    }
    if (requestType == SecurityTokenRequestType.Renew && secureChannel.getMessageSecurityMode() != request.getSecurityMode()) {
        throw new UaException(StatusCodes.Bad_SecurityChecksFailed, "secure channel renewal requested a different MessageSecurityMode.");
    }
    long channelLifetime = request.getRequestedLifetime().longValue();
    channelLifetime = Math.min(channelLifetime, stackServer.getConfig().getMaximumSecureChannelLifetime().longValue());
    channelLifetime = Math.max(channelLifetime, stackServer.getConfig().getMinimumSecureChannelLifetime().longValue());
    ChannelSecurityToken newToken = new ChannelSecurityToken(uint(secureChannel.getChannelId()), uint(stackServer.getNextTokenId()), DateTime.now(), uint(channelLifetime));
    SecurityKeys newKeys = null;
    if (secureChannel.isSymmetricSigningEnabled()) {
        // Validate the remote nonce; it must be non-null and the correct length for the security algorithm.
        ByteString remoteNonce = request.getClientNonce();
        NonceUtil.validateNonce(remoteNonce, secureChannel.getSecurityPolicy());
        ByteString localNonce = generateNonce(secureChannel.getSecurityPolicy());
        secureChannel.setLocalNonce(localNonce);
        secureChannel.setRemoteNonce(remoteNonce);
        newKeys = ChannelSecurity.generateKeyPair(secureChannel, secureChannel.getRemoteNonce(), secureChannel.getLocalNonce());
    }
    ChannelSecurity oldSecrets = secureChannel.getChannelSecurity();
    SecurityKeys oldKeys = oldSecrets != null ? oldSecrets.getCurrentKeys() : null;
    ChannelSecurityToken oldToken = oldSecrets != null ? oldSecrets.getCurrentToken() : null;
    ChannelSecurity newSecrets = new ChannelSecurity(newKeys, newToken, oldKeys, oldToken);
    secureChannel.setChannelSecurity(newSecrets);
    /*
         * Cancel the previous timeout, if it exists, and start a new one.
         */
    if (secureChannelTimeout == null || secureChannelTimeout.cancel()) {
        final long lifetime = channelLifetime;
        secureChannelTimeout = Stack.sharedWheelTimer().newTimeout(timeout -> {
            logger.debug("SecureChannel renewal timed out after {}ms. id={}, channel={}", lifetime, secureChannel.getChannelId(), ctx.channel());
            ctx.close();
        }, channelLifetime, TimeUnit.MILLISECONDS);
    }
    ResponseHeader responseHeader = new ResponseHeader(DateTime.now(), request.getRequestHeader().getRequestHandle(), StatusCode.GOOD, null, null, null);
    return new OpenSecureChannelResponse(responseHeader, uint(PROTOCOL_VERSION), newToken, secureChannel.getLocalNonce());
}
Also used : X509Certificate(java.security.cert.X509Certificate) AttributeKey(io.netty.util.AttributeKey) ErrorMessage(org.eclipse.milo.opcua.stack.core.channel.messages.ErrorMessage) KeyPair(java.security.KeyPair) ChannelSecurityToken(org.eclipse.milo.opcua.stack.core.types.structured.ChannelSecurityToken) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) LoggerFactory(org.slf4j.LoggerFactory) SecurityKeys(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity.SecurityKeys) DateTime(org.eclipse.milo.opcua.stack.core.types.builtin.DateTime) MessageEncodeException(org.eclipse.milo.opcua.stack.core.channel.MessageEncodeException) Unsigned.uint(org.eclipse.milo.opcua.stack.core.types.builtin.unsigned.Unsigned.uint) CertificateManager(org.eclipse.milo.opcua.stack.core.security.CertificateManager) TransportProfile(org.eclipse.milo.opcua.stack.core.transport.TransportProfile) SerializationQueue(org.eclipse.milo.opcua.stack.core.channel.SerializationQueue) Objects(java.util.Objects) CompositeByteBuf(io.netty.buffer.CompositeByteBuf) List(java.util.List) StatusCode(org.eclipse.milo.opcua.stack.core.types.builtin.StatusCode) ReferenceCountUtil(io.netty.util.ReferenceCountUtil) CertificateValidator(org.eclipse.milo.opcua.stack.core.security.CertificateValidator) EncodedMessage(org.eclipse.milo.opcua.stack.core.channel.ChunkEncoder.EncodedMessage) Optional(java.util.Optional) MessageType(org.eclipse.milo.opcua.stack.core.channel.messages.MessageType) BufferUtil(org.eclipse.milo.opcua.stack.core.util.BufferUtil) EndpointUtil(org.eclipse.milo.opcua.stack.core.util.EndpointUtil) ChunkDecoder(org.eclipse.milo.opcua.stack.core.channel.ChunkDecoder) ExceptionHandler(org.eclipse.milo.opcua.stack.core.channel.ExceptionHandler) HeaderDecoder(org.eclipse.milo.opcua.stack.core.channel.headers.HeaderDecoder) AtomicReference(java.util.concurrent.atomic.AtomicReference) ArrayList(java.util.ArrayList) MessageDecodeException(org.eclipse.milo.opcua.stack.core.channel.MessageDecodeException) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) ByteBuf(io.netty.buffer.ByteBuf) Stack(org.eclipse.milo.opcua.stack.core.Stack) EndpointDescription(org.eclipse.milo.opcua.stack.core.types.structured.EndpointDescription) ByteToMessageDecoder(io.netty.handler.codec.ByteToMessageDecoder) SecurityPolicy(org.eclipse.milo.opcua.stack.core.security.SecurityPolicy) UaStackServer(org.eclipse.milo.opcua.stack.server.UaStackServer) StatusCodes(org.eclipse.milo.opcua.stack.core.StatusCodes) Timeout(io.netty.util.Timeout) AsymmetricSecurityHeader(org.eclipse.milo.opcua.stack.core.channel.headers.AsymmetricSecurityHeader) Logger(org.slf4j.Logger) NonceUtil.generateNonce(org.eclipse.milo.opcua.stack.core.util.NonceUtil.generateNonce) IOException(java.io.IOException) UaSerializationException(org.eclipse.milo.opcua.stack.core.UaSerializationException) OpenSecureChannelRequest(org.eclipse.milo.opcua.stack.core.types.structured.OpenSecureChannelRequest) MessageAbortException(org.eclipse.milo.opcua.stack.core.channel.MessageAbortException) ServerSecureChannel(org.eclipse.milo.opcua.stack.core.channel.ServerSecureChannel) OpenSecureChannelResponse(org.eclipse.milo.opcua.stack.core.types.structured.OpenSecureChannelResponse) TimeUnit(java.util.concurrent.TimeUnit) NonceUtil(org.eclipse.milo.opcua.stack.core.util.NonceUtil) ChannelSecurity(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity) UaException(org.eclipse.milo.opcua.stack.core.UaException) SecurityTokenRequestType(org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType) ResponseHeader(org.eclipse.milo.opcua.stack.core.types.structured.ResponseHeader) ResponseHeader(org.eclipse.milo.opcua.stack.core.types.structured.ResponseHeader) OpenSecureChannelResponse(org.eclipse.milo.opcua.stack.core.types.structured.OpenSecureChannelResponse) UaException(org.eclipse.milo.opcua.stack.core.UaException) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) SecurityKeys(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity.SecurityKeys) ChannelSecurity(org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity) SecurityTokenRequestType(org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) EndpointDescription(org.eclipse.milo.opcua.stack.core.types.structured.EndpointDescription) ChannelSecurityToken(org.eclipse.milo.opcua.stack.core.types.structured.ChannelSecurityToken)

Example 3 with SecurityTokenRequestType

use of org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType in project milo by eclipse.

the class AuditOpenSecureChannelEventTypeNode method getRequestType.

@Override
public SecurityTokenRequestType getRequestType() throws UaException {
    PropertyTypeNode node = getRequestTypeNode();
    Object value = node.getValue().getValue().getValue();
    if (value instanceof Integer) {
        return SecurityTokenRequestType.from((Integer) value);
    } else if (value instanceof SecurityTokenRequestType) {
        return (SecurityTokenRequestType) value;
    } else {
        return null;
    }
}
Also used : UInteger(org.eclipse.milo.opcua.stack.core.types.builtin.unsigned.UInteger) SecurityTokenRequestType(org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType) PropertyTypeNode(org.eclipse.milo.opcua.sdk.client.model.nodes.variables.PropertyTypeNode)

Aggregations

SecurityTokenRequestType (org.eclipse.milo.opcua.stack.core.types.enumerated.SecurityTokenRequestType)3 ByteBuf (io.netty.buffer.ByteBuf)2 CompositeByteBuf (io.netty.buffer.CompositeByteBuf)2 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)2 ReferenceCountUtil (io.netty.util.ReferenceCountUtil)2 Timeout (io.netty.util.Timeout)2 X509Certificate (java.security.cert.X509Certificate)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 TimeUnit (java.util.concurrent.TimeUnit)2 AtomicReference (java.util.concurrent.atomic.AtomicReference)2 StatusCodes (org.eclipse.milo.opcua.stack.core.StatusCodes)2 UaException (org.eclipse.milo.opcua.stack.core.UaException)2 UaSerializationException (org.eclipse.milo.opcua.stack.core.UaSerializationException)2 ChannelSecurity (org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity)2 ChunkDecoder (org.eclipse.milo.opcua.stack.core.channel.ChunkDecoder)2 EncodedMessage (org.eclipse.milo.opcua.stack.core.channel.ChunkEncoder.EncodedMessage)2 MessageAbortException (org.eclipse.milo.opcua.stack.core.channel.MessageAbortException)2 MessageDecodeException (org.eclipse.milo.opcua.stack.core.channel.MessageDecodeException)2 MessageEncodeException (org.eclipse.milo.opcua.stack.core.channel.MessageEncodeException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial