Search in sources :

Example 1 with ActivateSessionResponse

use of org.eclipse.milo.opcua.stack.core.types.structured.ActivateSessionResponse in project milo by eclipse.

the class SessionManager method activateSession.

private ActivateSessionResponse activateSession(ServiceRequest serviceRequest) throws UaException {
    ActivateSessionRequest request = (ActivateSessionRequest) serviceRequest.getRequest();
    long secureChannelId = serviceRequest.getSecureChannelId();
    NodeId authToken = request.getRequestHeader().getAuthenticationToken();
    List<SignedSoftwareCertificate> clientSoftwareCertificates = l(request.getClientSoftwareCertificates());
    Session session = createdSessions.get(authToken);
    if (session == null) {
        session = activeSessions.get(authToken);
        if (session == null) {
            throw new UaException(StatusCodes.Bad_SessionIdInvalid);
        } else {
            verifyClientSignature(session, request);
            SecurityConfiguration securityConfiguration = session.getSecurityConfiguration();
            if (session.getSecureChannelId() == secureChannelId) {
                /*
                     * Identity change
                     */
                UserIdentityToken identityToken = decodeIdentityToken(request.getUserIdentityToken(), session.getEndpoint().getUserIdentityTokens());
                Object identityObject = validateIdentityToken(session, identityToken, request.getUserTokenSignature());
                StatusCode[] results = new StatusCode[clientSoftwareCertificates.size()];
                Arrays.fill(results, StatusCode.GOOD);
                ByteString serverNonce = NonceUtil.generateNonce(32);
                session.setClientAddress(serviceRequest.getClientAddress());
                session.setIdentityObject(identityObject, identityToken);
                session.setLastNonce(serverNonce);
                session.setLocaleIds(request.getLocaleIds());
                return new ActivateSessionResponse(serviceRequest.createResponseHeader(), serverNonce, results, new DiagnosticInfo[0]);
            } else {
                /*
                     * Associate session with new secure channel if client certificate and identity token match.
                     */
                ByteString clientCertificateBytes = serviceRequest.getClientCertificateBytes();
                UserIdentityToken identityToken = decodeIdentityToken(request.getUserIdentityToken(), session.getEndpoint().getUserIdentityTokens());
                Object identityObject = validateIdentityToken(session, identityToken, request.getUserTokenSignature());
                boolean sameIdentity = Objects.equal(identityObject, session.getIdentityObject());
                boolean sameCertificate = Objects.equal(clientCertificateBytes, securityConfiguration.getClientCertificateBytes());
                if (sameIdentity && sameCertificate) {
                    SecurityConfiguration newSecurityConfiguration = createSecurityConfiguration(serviceRequest.getEndpoint(), clientCertificateBytes);
                    session.setEndpoint(serviceRequest.getEndpoint());
                    session.setSecureChannelId(secureChannelId);
                    session.setSecurityConfiguration(newSecurityConfiguration);
                    logger.debug("Session id={} is now associated with secureChannelId={}", session.getSessionId(), secureChannelId);
                    StatusCode[] results = new StatusCode[clientSoftwareCertificates.size()];
                    Arrays.fill(results, StatusCode.GOOD);
                    ByteString serverNonce = NonceUtil.generateNonce(32);
                    session.setClientAddress(serviceRequest.getClientAddress());
                    session.setLastNonce(serverNonce);
                    session.setLocaleIds(request.getLocaleIds());
                    return new ActivateSessionResponse(serviceRequest.createResponseHeader(), serverNonce, results, new DiagnosticInfo[0]);
                } else {
                    throw new UaException(StatusCodes.Bad_SecurityChecksFailed);
                }
            }
        }
    } else {
        if (secureChannelId != session.getSecureChannelId()) {
            throw new UaException(StatusCodes.Bad_SecurityChecksFailed);
        }
        verifyClientSignature(session, request);
        UserIdentityToken identityToken = decodeIdentityToken(request.getUserIdentityToken(), session.getEndpoint().getUserIdentityTokens());
        Object identityObject = validateIdentityToken(session, identityToken, request.getUserTokenSignature());
        createdSessions.remove(authToken);
        activeSessions.put(authToken, session);
        StatusCode[] results = new StatusCode[clientSoftwareCertificates.size()];
        Arrays.fill(results, StatusCode.GOOD);
        ByteString serverNonce = NonceUtil.generateNonce(32);
        session.setClientAddress(serviceRequest.getClientAddress());
        session.setIdentityObject(identityObject, identityToken);
        session.setLocaleIds(request.getLocaleIds());
        session.setLastNonce(serverNonce);
        return new ActivateSessionResponse(serviceRequest.createResponseHeader(), serverNonce, results, new DiagnosticInfo[0]);
    }
}
Also used : ActivateSessionRequest(org.eclipse.milo.opcua.stack.core.types.structured.ActivateSessionRequest) UaException(org.eclipse.milo.opcua.stack.core.UaException) ByteString(org.eclipse.milo.opcua.stack.core.types.builtin.ByteString) StatusCode(org.eclipse.milo.opcua.stack.core.types.builtin.StatusCode) NodeId(org.eclipse.milo.opcua.stack.core.types.builtin.NodeId) SignedSoftwareCertificate(org.eclipse.milo.opcua.stack.core.types.structured.SignedSoftwareCertificate) ExtensionObject(org.eclipse.milo.opcua.stack.core.types.builtin.ExtensionObject) UserIdentityToken(org.eclipse.milo.opcua.stack.core.types.structured.UserIdentityToken) ActivateSessionResponse(org.eclipse.milo.opcua.stack.core.types.structured.ActivateSessionResponse)

Example 2 with ActivateSessionResponse

use of org.eclipse.milo.opcua.stack.core.types.structured.ActivateSessionResponse in project milo by eclipse.

the class SessionManager method onActivateSession.

@Override
public void onActivateSession(ServiceRequest serviceRequest) {
    try {
        ActivateSessionResponse response = activateSession(serviceRequest);
        serviceRequest.setResponse(response);
    } catch (UaException e) {
        ServerDiagnosticsSummary serverDiagnosticsSummary = server.getDiagnosticsSummary();
        serverDiagnosticsSummary.getRejectedSessionCount().increment();
        if (e.getStatusCode().isSecurityError()) {
            serverDiagnosticsSummary.getSecurityRejectedSessionCount().increment();
        }
        serviceRequest.setServiceFault(e);
    }
}
Also used : UaException(org.eclipse.milo.opcua.stack.core.UaException) ServerDiagnosticsSummary(org.eclipse.milo.opcua.sdk.server.diagnostics.ServerDiagnosticsSummary) ActivateSessionResponse(org.eclipse.milo.opcua.stack.core.types.structured.ActivateSessionResponse)

Aggregations

UaException (org.eclipse.milo.opcua.stack.core.UaException)2 ActivateSessionResponse (org.eclipse.milo.opcua.stack.core.types.structured.ActivateSessionResponse)2 ServerDiagnosticsSummary (org.eclipse.milo.opcua.sdk.server.diagnostics.ServerDiagnosticsSummary)1 ByteString (org.eclipse.milo.opcua.stack.core.types.builtin.ByteString)1 ExtensionObject (org.eclipse.milo.opcua.stack.core.types.builtin.ExtensionObject)1 NodeId (org.eclipse.milo.opcua.stack.core.types.builtin.NodeId)1 StatusCode (org.eclipse.milo.opcua.stack.core.types.builtin.StatusCode)1 ActivateSessionRequest (org.eclipse.milo.opcua.stack.core.types.structured.ActivateSessionRequest)1 SignedSoftwareCertificate (org.eclipse.milo.opcua.stack.core.types.structured.SignedSoftwareCertificate)1 UserIdentityToken (org.eclipse.milo.opcua.stack.core.types.structured.UserIdentityToken)1