use of org.eclipse.milo.opcua.stack.core.types.structured.ActivateSessionResponse in project milo by eclipse.
the class SessionManager method activateSession.
private ActivateSessionResponse activateSession(ServiceRequest serviceRequest) throws UaException {
ActivateSessionRequest request = (ActivateSessionRequest) serviceRequest.getRequest();
long secureChannelId = serviceRequest.getSecureChannelId();
NodeId authToken = request.getRequestHeader().getAuthenticationToken();
List<SignedSoftwareCertificate> clientSoftwareCertificates = l(request.getClientSoftwareCertificates());
Session session = createdSessions.get(authToken);
if (session == null) {
session = activeSessions.get(authToken);
if (session == null) {
throw new UaException(StatusCodes.Bad_SessionIdInvalid);
} else {
verifyClientSignature(session, request);
SecurityConfiguration securityConfiguration = session.getSecurityConfiguration();
if (session.getSecureChannelId() == secureChannelId) {
/*
* Identity change
*/
UserIdentityToken identityToken = decodeIdentityToken(request.getUserIdentityToken(), session.getEndpoint().getUserIdentityTokens());
Object identityObject = validateIdentityToken(session, identityToken, request.getUserTokenSignature());
StatusCode[] results = new StatusCode[clientSoftwareCertificates.size()];
Arrays.fill(results, StatusCode.GOOD);
ByteString serverNonce = NonceUtil.generateNonce(32);
session.setClientAddress(serviceRequest.getClientAddress());
session.setIdentityObject(identityObject, identityToken);
session.setLastNonce(serverNonce);
session.setLocaleIds(request.getLocaleIds());
return new ActivateSessionResponse(serviceRequest.createResponseHeader(), serverNonce, results, new DiagnosticInfo[0]);
} else {
/*
* Associate session with new secure channel if client certificate and identity token match.
*/
ByteString clientCertificateBytes = serviceRequest.getClientCertificateBytes();
UserIdentityToken identityToken = decodeIdentityToken(request.getUserIdentityToken(), session.getEndpoint().getUserIdentityTokens());
Object identityObject = validateIdentityToken(session, identityToken, request.getUserTokenSignature());
boolean sameIdentity = Objects.equal(identityObject, session.getIdentityObject());
boolean sameCertificate = Objects.equal(clientCertificateBytes, securityConfiguration.getClientCertificateBytes());
if (sameIdentity && sameCertificate) {
SecurityConfiguration newSecurityConfiguration = createSecurityConfiguration(serviceRequest.getEndpoint(), clientCertificateBytes);
session.setEndpoint(serviceRequest.getEndpoint());
session.setSecureChannelId(secureChannelId);
session.setSecurityConfiguration(newSecurityConfiguration);
logger.debug("Session id={} is now associated with secureChannelId={}", session.getSessionId(), secureChannelId);
StatusCode[] results = new StatusCode[clientSoftwareCertificates.size()];
Arrays.fill(results, StatusCode.GOOD);
ByteString serverNonce = NonceUtil.generateNonce(32);
session.setClientAddress(serviceRequest.getClientAddress());
session.setLastNonce(serverNonce);
session.setLocaleIds(request.getLocaleIds());
return new ActivateSessionResponse(serviceRequest.createResponseHeader(), serverNonce, results, new DiagnosticInfo[0]);
} else {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed);
}
}
}
} else {
if (secureChannelId != session.getSecureChannelId()) {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed);
}
verifyClientSignature(session, request);
UserIdentityToken identityToken = decodeIdentityToken(request.getUserIdentityToken(), session.getEndpoint().getUserIdentityTokens());
Object identityObject = validateIdentityToken(session, identityToken, request.getUserTokenSignature());
createdSessions.remove(authToken);
activeSessions.put(authToken, session);
StatusCode[] results = new StatusCode[clientSoftwareCertificates.size()];
Arrays.fill(results, StatusCode.GOOD);
ByteString serverNonce = NonceUtil.generateNonce(32);
session.setClientAddress(serviceRequest.getClientAddress());
session.setIdentityObject(identityObject, identityToken);
session.setLocaleIds(request.getLocaleIds());
session.setLastNonce(serverNonce);
return new ActivateSessionResponse(serviceRequest.createResponseHeader(), serverNonce, results, new DiagnosticInfo[0]);
}
}
use of org.eclipse.milo.opcua.stack.core.types.structured.ActivateSessionResponse in project milo by eclipse.
the class SessionManager method onActivateSession.
@Override
public void onActivateSession(ServiceRequest serviceRequest) {
try {
ActivateSessionResponse response = activateSession(serviceRequest);
serviceRequest.setResponse(response);
} catch (UaException e) {
ServerDiagnosticsSummary serverDiagnosticsSummary = server.getDiagnosticsSummary();
serverDiagnosticsSummary.getRejectedSessionCount().increment();
if (e.getStatusCode().isSecurityError()) {
serverDiagnosticsSummary.getSecurityRejectedSessionCount().increment();
}
serviceRequest.setServiceFault(e);
}
}
Aggregations