void
Service_OpenSecureChannel(UA_Server *server, UA_SecureChannel *channel,
const UA_OpenSecureChannelRequest *request,
UA_OpenSecureChannelResponse *response) {
if(request->requestType == UA_SECURITYTOKENREQUESTTYPE_RENEW) {
/* Renew the channel */
response->responseHeader.serviceResult =
UA_SecureChannelManager_renew(&server->secureChannelManager,
channel, request, response);
/* Logging */
if(response->responseHeader.serviceResult == UA_STATUSCODE_GOOD) {
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel,
"SecureChannel renewed");
} else {
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel,
"Renewing SecureChannel failed");
}
return;
}
/* Must be ISSUE or RENEW */
if(request->requestType != UA_SECURITYTOKENREQUESTTYPE_ISSUE) {
response->responseHeader.serviceResult = UA_STATUSCODE_BADINTERNALERROR;
return;
}
/* Open the channel */
response->responseHeader.serviceResult =
UA_SecureChannelManager_open(&server->secureChannelManager, channel,
request, response);
/* Logging */
if(response->responseHeader.serviceResult == UA_STATUSCODE_GOOD) {
UA_LOG_INFO_CHANNEL(server->config.logger, channel,
"Opened SecureChannel");
} else {
UA_LOG_INFO_CHANNEL(server->config.logger, channel,
"Opening a SecureChannel failed");
}
}
void Service_CreateSession(UA_Server *server, UA_SecureChannel *channel,
const UA_CreateSessionRequest *request, UA_CreateSessionResponse *response) {
if(channel->securityToken.channelId == 0) {
response->responseHeader.serviceResult = UA_STATUSCODE_BADSECURECHANNELIDINVALID;
return;
}
response->responseHeader.serviceResult =
UA_Array_copy(server->endpointDescriptions, server->endpointDescriptionsSize,
(void**)&response->serverEndpoints, &UA_TYPES[UA_TYPES_ENDPOINTDESCRIPTION]);
if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD)
return;
response->serverEndpointsSize = server->endpointDescriptionsSize;
UA_Session *newSession;
response->responseHeader.serviceResult =
UA_SessionManager_createSession(&server->sessionManager, channel, request, &newSession);
if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel, "Processing CreateSessionRequest failed");
return;
}
newSession->maxResponseMessageSize = request->maxResponseMessageSize;
newSession->maxRequestMessageSize = channel->connection->localConf.maxMessageSize;
response->sessionId = newSession->sessionId;
response->revisedSessionTimeout = (UA_Double)newSession->timeout;
response->authenticationToken = newSession->authenticationToken;
response->responseHeader.serviceResult = UA_String_copy(&request->sessionName, &newSession->sessionName);
if(server->endpointDescriptionsSize > 0)
response->responseHeader.serviceResult |= UA_ByteString_copy(&server->endpointDescriptions->serverCertificate,
&response->serverCertificate);
if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
UA_SessionManager_removeSession(&server->sessionManager, &newSession->authenticationToken);
return;
}
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel, "Session " PRINTF_GUID_FORMAT " created",
PRINTF_GUID_DATA(newSession->sessionId));
}
void Service_CreateSession(UA_Server *server, UA_SecureChannel *channel,
const UA_CreateSessionRequest *request,
UA_CreateSessionResponse *response) {
if(channel->securityToken.channelId == 0) {
response->responseHeader.serviceResult =
UA_STATUSCODE_BADSECURECHANNELIDINVALID;
return;
}
/* Allocate the response */
response->serverEndpoints = (UA_EndpointDescription*)
UA_Array_new(server->config.endpoints.count,
&UA_TYPES[UA_TYPES_ENDPOINTDESCRIPTION]);
if(!response->serverEndpoints) {
response->responseHeader.serviceResult = UA_STATUSCODE_BADOUTOFMEMORY;
return;
}
response->serverEndpointsSize = server->config.endpoints.count;
/* Copy the server's endpointdescriptions into the response */
for(size_t i = 0; i < server->config.endpoints.count; ++i)
response->responseHeader.serviceResult |=
UA_EndpointDescription_copy(&server->config.endpoints.endpoints[0].endpointDescription,
&response->serverEndpoints[i]);
/* Mirror back the endpointUrl */
for(size_t i = 0; i < response->serverEndpointsSize; ++i) {
UA_String_deleteMembers(&response->serverEndpoints[i].endpointUrl);
UA_String_copy(&request->endpointUrl,
&response->serverEndpoints[i].endpointUrl);
}
UA_Session *newSession;
response->responseHeader.serviceResult =
UA_SessionManager_createSession(&server->sessionManager,
channel, request, &newSession);
if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel,
"Processing CreateSessionRequest failed");
return;
}
/* Fill the session with more information */
newSession->maxResponseMessageSize = request->maxResponseMessageSize;
newSession->maxRequestMessageSize =
channel->connection->localConf.maxMessageSize;
response->responseHeader.serviceResult |=
UA_ApplicationDescription_copy(&request->clientDescription,
&newSession->clientDescription);
/* Prepare the response */
response->sessionId = newSession->sessionId;
response->revisedSessionTimeout = (UA_Double)newSession->timeout;
response->authenticationToken = newSession->authenticationToken;
response->responseHeader.serviceResult =
UA_String_copy(&request->sessionName, &newSession->sessionName);
if(server->config.endpoints.count > 0)
response->responseHeader.serviceResult |=
UA_ByteString_copy(&server->config.endpoints.endpoints[0].endpointDescription.serverCertificate,
&response->serverCertificate);
/* Failure -> remove the session */
if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
UA_SessionManager_removeSession(&server->sessionManager,
&newSession->authenticationToken);
return;
}
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel,
"Session " UA_PRINTF_GUID_FORMAT " created",
UA_PRINTF_GUID_DATA(newSession->sessionId.identifier.guid));
}
static void
processMSG(UA_Server *server, UA_SecureChannel *channel,
UA_UInt32 requestId, const UA_ByteString *msg) {
/* At 0, the nodeid starts... */
size_t ppos = 0;
size_t *offset = &ppos;
/* Decode the nodeid */
UA_NodeId requestTypeId;
UA_StatusCode retval = UA_NodeId_decodeBinary(msg, offset, &requestTypeId);
if(retval != UA_STATUSCODE_GOOD)
return;
if(requestTypeId.identifierType != UA_NODEIDTYPE_NUMERIC)
UA_NodeId_deleteMembers(&requestTypeId); /* leads to badserviceunsupported */
/* Store the start-position of the request */
size_t requestPos = *offset;
/* Get the service pointers */
UA_Service service = NULL;
const UA_DataType *requestType = NULL;
const UA_DataType *responseType = NULL;
UA_Boolean sessionRequired = true;
getServicePointers(requestTypeId.identifier.numeric, &requestType,
&responseType, &service, &sessionRequired);
if(!requestType) {
if(requestTypeId.identifier.numeric == 787) {
UA_LOG_INFO_CHANNEL(server->config.logger, channel,
"Client requested a subscription, " \
"but those are not enabled in the build");
} else {
UA_LOG_INFO_CHANNEL(server->config.logger, channel, "Unknown request %i",
requestTypeId.identifier.numeric);
}
sendError(channel, msg, requestPos, &UA_TYPES[UA_TYPES_SERVICEFAULT],
requestId, UA_STATUSCODE_BADSERVICEUNSUPPORTED);
return;
}
UA_assert(responseType);
#ifdef UA_ENABLE_NONSTANDARD_STATELESS
/* Stateless extension: Sessions are optional */
sessionRequired = false;
#endif
/* Decode the request */
void *request = UA_alloca(requestType->memSize);
UA_RequestHeader *requestHeader = (UA_RequestHeader*)request;
retval = UA_decodeBinary(msg, offset, request, requestType);
if(retval != UA_STATUSCODE_GOOD) {
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel, "Could not decode the request");
sendError(channel, msg, requestPos, responseType, requestId, retval);
return;
}
/* Prepare the respone */
void *response = UA_alloca(responseType->memSize);
UA_init(response, responseType);
UA_Session *session = NULL; /* must be initialized before goto send_response */
/* CreateSession doesn't need a session */
if(requestType == &UA_TYPES[UA_TYPES_CREATESESSIONREQUEST]) {
Service_CreateSession(server, channel, request, response);
goto send_response;
}
/* Find the matching session */
session = UA_SecureChannel_getSession(channel, &requestHeader->authenticationToken);
if(!session)
session = UA_SessionManager_getSession(&server->sessionManager,
&requestHeader->authenticationToken);
if(requestType == &UA_TYPES[UA_TYPES_ACTIVATESESSIONREQUEST]) {
if(!session) {
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel,
"Trying to activate a session that is " \
"not known in the server");
sendError(channel, msg, requestPos, responseType,
requestId, UA_STATUSCODE_BADSESSIONIDINVALID);
UA_deleteMembers(request, requestType);
return;
}
Service_ActivateSession(server, channel, session, request, response);
goto send_response;
}
/* Set an anonymous, inactive session for services that need no session */
UA_Session anonymousSession;
if(!session) {
if(sessionRequired) {
UA_LOG_INFO_CHANNEL(server->config.logger, channel,
"Service request %i without a valid session",
requestType->binaryEncodingId);
sendError(channel, msg, requestPos, responseType,
requestId, UA_STATUSCODE_BADSESSIONIDINVALID);
UA_deleteMembers(request, requestType);
return;
}
UA_Session_init(&anonymousSession);
anonymousSession.sessionId = UA_NODEID_GUID(0, UA_GUID_NULL);
anonymousSession.channel = channel;
session = &anonymousSession;
}
/* Trying to use a non-activated session? */
if(sessionRequired && !session->activated) {
UA_LOG_INFO_SESSION(server->config.logger, session,
"Calling service %i on a non-activated session",
requestType->binaryEncodingId);
sendError(channel, msg, requestPos, responseType,
requestId, UA_STATUSCODE_BADSESSIONNOTACTIVATED);
UA_SessionManager_removeSession(&server->sessionManager,
&session->authenticationToken);
UA_deleteMembers(request, requestType);
return;
}
/* The session is bound to another channel */
if(session->channel != channel) {
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel,
"Client tries to use an obsolete securechannel");
sendError(channel, msg, requestPos, responseType,
requestId, UA_STATUSCODE_BADSECURECHANNELIDINVALID);
UA_deleteMembers(request, requestType);
return;
}
/* Update the session lifetime */
UA_Session_updateLifetime(session);
#ifdef UA_ENABLE_SUBSCRIPTIONS
/* The publish request is not answered immediately */
if(requestType == &UA_TYPES[UA_TYPES_PUBLISHREQUEST]) {
Service_Publish(server, session, request, requestId);
UA_deleteMembers(request, requestType);
return;
}
#endif
/* Call the service */
UA_assert(service); /* For all services besides publish, the service pointer is non-NULL*/
service(server, session, request, response);
send_response:
/* Send the response */
((UA_ResponseHeader*)response)->requestHandle = requestHeader->requestHandle;
((UA_ResponseHeader*)response)->timestamp = UA_DateTime_now();
retval = UA_SecureChannel_sendBinaryMessage(channel, requestId, response, responseType);
if(retval != UA_STATUSCODE_GOOD)
UA_LOG_INFO_CHANNEL(server->config.logger, channel, "Could not send the message over "
"the SecureChannel with error code 0x%08x", retval);
/* Clean up */
UA_deleteMembers(request, requestType);
UA_deleteMembers(response, responseType);
}
void Service_CreateSession(UA_Server *server, UA_SecureChannel *channel,
const UA_CreateSessionRequest *request,
UA_CreateSessionResponse *response) {
if(channel == NULL) {
response->responseHeader.serviceResult = UA_STATUSCODE_BADINTERNALERROR;
return;
}
if(channel->connection == NULL) {
response->responseHeader.serviceResult = UA_STATUSCODE_BADINTERNALERROR;
return;
}
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel, "Trying to create session");
if(channel->securityMode == UA_MESSAGESECURITYMODE_SIGN ||
channel->securityMode == UA_MESSAGESECURITYMODE_SIGNANDENCRYPT) {
if(!UA_ByteString_equal(&request->clientCertificate,
&channel->remoteCertificate)) {
response->responseHeader.serviceResult = UA_STATUSCODE_BADCERTIFICATEINVALID;
return;
}
}
if(channel->securityToken.channelId == 0) {
response->responseHeader.serviceResult =
UA_STATUSCODE_BADSECURECHANNELIDINVALID;
return;
}
if(!UA_ByteString_equal(&channel->securityPolicy->policyUri,
&UA_SECURITY_POLICY_NONE_URI) &&
request->clientNonce.length < 32) {
response->responseHeader.serviceResult = UA_STATUSCODE_BADNONCEINVALID;
return;
}
////////////////////// TODO: Compare application URI with certificate uri (decode certificate)
/* Allocate the response */
response->serverEndpoints = (UA_EndpointDescription*)
UA_Array_new(server->config.endpointsSize,
&UA_TYPES[UA_TYPES_ENDPOINTDESCRIPTION]);
if(!response->serverEndpoints) {
response->responseHeader.serviceResult = UA_STATUSCODE_BADOUTOFMEMORY;
return;
}
response->serverEndpointsSize = server->config.endpointsSize;
/* Copy the server's endpointdescriptions into the response */
for(size_t i = 0; i < server->config.endpointsSize; ++i)
response->responseHeader.serviceResult |=
UA_EndpointDescription_copy(&server->config.endpoints[0].endpointDescription,
&response->serverEndpoints[i]);
if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD)
return;
/* Mirror back the endpointUrl */
for(size_t i = 0; i < response->serverEndpointsSize; ++i) {
UA_String_deleteMembers(&response->serverEndpoints[i].endpointUrl);
UA_String_copy(&request->endpointUrl,
&response->serverEndpoints[i].endpointUrl);
}
UA_Session *newSession;
response->responseHeader.serviceResult =
UA_SessionManager_createSession(&server->sessionManager,
channel, request, &newSession);
if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel,
"Processing CreateSessionRequest failed");
return;
}
/* Fill the session with more information */
newSession->maxResponseMessageSize = request->maxResponseMessageSize;
newSession->maxRequestMessageSize =
channel->connection->localConf.maxMessageSize;
response->responseHeader.serviceResult |=
UA_ApplicationDescription_copy(&request->clientDescription,
&newSession->clientDescription);
/* Prepare the response */
response->sessionId = newSession->sessionId;
response->revisedSessionTimeout = (UA_Double)newSession->timeout;
response->authenticationToken = newSession->authenticationToken;
response->responseHeader.serviceResult =
UA_String_copy(&request->sessionName, &newSession->sessionName);
if(server->config.endpointsSize > 0)
response->responseHeader.serviceResult |=
UA_ByteString_copy(&channel->securityPolicy->localCertificate,
&response->serverCertificate);
/* Create a signed nonce */
response->responseHeader.serviceResult =
nonceAndSignCreateSessionResponse(server, channel, newSession, request, response);
/* Failure -> remove the session */
if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
UA_SessionManager_removeSession(&server->sessionManager, &newSession->authenticationToken);
return;
}
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel,
"Session " UA_PRINTF_GUID_FORMAT " created",
UA_PRINTF_GUID_DATA(newSession->sessionId.identifier.guid));
}
