uasc

package
Version: v0.0.0-...-7e7b345 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 28, 2018 License: MIT Imports: 14 Imported by: 0

Documentation

Overview

Package uasc provides encoding/decoding and automated secure channel and session handling for OPC UA Secure Conversation.

To establish Secure Channel as a client, use OpenSecureChannel().

To establish Secure Channel as a server, use ListenAndAccept().

Both returns *SecureChannel, which implements net.Conn interface,

Index

Constants

View Source
const (
	MessageTypeMessage            = "MSG"
	MessageTypeOpenSecureChannel  = "OPN"
	MessageTypeCloseSecureChannel = "CLO"
)

MessageType definitions.

View Source
const (
	ChunkTypeIntermediate = "C"
	ChunkTypeFinal        = "F"
	ChunkTypeError        = "A"
)

ChunkType definitions.

Variables

View Source
var (
	ErrInvalidState = errors.New("invalid state")
	ErrTimeout      = errors.New("timed out")
)

Errors used across UASC. XXX - to be integrated in errors package.

View Source
var (
	ErrUnexpectedMessage       = errors.New("got unexpected message")
	ErrSecureChannelNotOpened  = errors.New("secure channel not opened")
	ErrSecurityModeUnsupported = errors.New("got request with unsupported SecurityMode")
	ErrRejected                = errors.New("rejected by server")
)

Errors for SecureChannel handling. XXX - to be integrated in errors package.

View Source
var (
	ErrInvalidAuthenticationToken = errors.New("invalid AuthenticationToken")
	ErrSessionNotActivated        = errors.New("session is not activated")
	ErrInvalidSignatureAlgorithm  = errors.New("algorithm in signature doesn't match")
	ErrInvalidSignatureData       = errors.New("signature is invalid")
)

Errors for Session handling. XXX - to be integrated in errors package.

Functions

This section is empty.

Types

type AsymmetricSecurityHeader

type AsymmetricSecurityHeader struct {
	SecurityPolicyURI             *datatypes.String
	SenderCertificate             *datatypes.ByteString
	ReceiverCertificateThumbprint *datatypes.ByteString
	Payload                       []byte
}

AsymmetricSecurityHeader represents a Asymmetric Algorithm Security Header in OPC UA Secure Conversation.

func DecodeAsymmetricSecurityHeader

func DecodeAsymmetricSecurityHeader(b []byte) (*AsymmetricSecurityHeader, error)

DecodeAsymmetricSecurityHeader decodes given bytes into OPC UA Secure Conversation Asymmetric Algorithm Security Header.

func NewAsymmetricSecurityHeader

func NewAsymmetricSecurityHeader(uri string, cert, thumbprint []byte, payload []byte) *AsymmetricSecurityHeader

NewAsymmetricSecurityHeader creates a new OPC UA Secure Conversation Asymmetric Algorithm Security Header.

func (*AsymmetricSecurityHeader) DecodeFromBytes

func (a *AsymmetricSecurityHeader) DecodeFromBytes(b []byte) error

DecodeFromBytes decodes given bytes into OPC UA Secure Conversation Asymmetric Algorithm Security Header. XXX - May be crashed when the length value and actual size is inconsistent.

func (*AsymmetricSecurityHeader) Len

func (a *AsymmetricSecurityHeader) Len() int

Len returns the actual length of AsymmetricSecurityHeader in int.

func (*AsymmetricSecurityHeader) Serialize

func (a *AsymmetricSecurityHeader) Serialize() ([]byte, error)

Serialize serializes OPC UA Secure Conversation Asymmetric Algorithm Security Header into bytes.

func (*AsymmetricSecurityHeader) SerializeTo

func (a *AsymmetricSecurityHeader) SerializeTo(b []byte) error

SerializeTo serializes OPC UA Secure Conversation AsymmetricSecurityHeader into given bytes. TODO: add error handling.

func (*AsymmetricSecurityHeader) String

func (a *AsymmetricSecurityHeader) String() string

String returns Header in string.

type Config

type Config struct {
	// SecureChannelID is a unique identifier for the SecureChannel assigned by the Server.
	// If a Server receives a SecureChannelId which it does not recognize it shall return an
	// appropriate transport layer error.
	//
	// When a Server starts the first SecureChannelId used should be a value that is likely to
	// be unique after each restart. This ensures that a Server restart does not cause
	// previously connected Clients to accidentally ‘reuse’ SecureChannels that did not belong
	// to them.
	SecureChannelID uint32
	// SecurityPolicyURI is the URI of the Security Policy used to secure the Message.
	// This field is encoded as a UTF-8 string without a null terminator.
	SecurityPolicyURI string
	// Certificate is the X.509 v3 Certificate assigned to the sending application Instance.
	// This is a DER encoded blob.
	// The structure of an X.509 v3 Certificate is defined in X.509 v3.
	// The DER format for a Certificate is defined in X690.
	// This indicates what Private Key was used to sign the MessageChunk.
	// The Stack shall close the channel and report an error to the application if
	// the Certificate is too large for the buffer size supported by the
	// transport layer.
	// This field shall be null if the Message is not signed.
	Certificate []byte
	// Thumbprint is the thumbprint of the X.509 v3 Certificate assigned to the receiving
	// application Instance.
	// The thumbprint is the CertificateDigest of the DER encoded form of the
	// Certificate.
	// This indicates what public key was used to encrypt the MessageChunk.
	// This field shall be null if the Message is not encrypted.
	Thumbprint []byte
	// SequenceNumber is a monotonically increasing sequence number assigned by the sender to each
	// MessageChunk sent over the SecureChannel.
	SequenceNumber uint32
	// RequestID is an identifier assigned by the Client to OPC UA request Message. All MessageChunks
	// for the request and the associated response use the same identifier
	RequestID uint32
	// SecurityMode is The type of security to apply to the messages. The type MessageSecurityMode
	// is defined in 7.15.
	// A SecureChannel may have to be created even if the securityMode is NONE. The exact behaviour
	// depends on the mapping used and is described in the Part 6.
	SecurityMode uint32
	// SecurityTokenID is a unique identifier for the SecureChannel SecurityToken used to secure the Message.
	// This identifier is returned by the Server in an OpenSecureChannel response Message.
	// If a Server receives a TokenId which it does not recognize it shall return an appropriate
	// transport layer error.
	SecurityTokenID uint32
	// Lifetime is the requested lifetime, in milliseconds, for the new SecurityToken when the
	// SecureChannel works as client. It specifies when the Client expects to renew the SecureChannel
	// by calling the OpenSecureChannel Service again. If a SecureChannel is not renewed, then all
	// Messages sent using the current SecurityTokens shall be rejected by the receiver.
	// Lifetime can also be the revised lifetime, the lifetime of the SecurityToken in milliseconds.
	// The UTC expiration time for the token may be calculated by adding the lifetime to the createdAt time.
	Lifetime uint32
}

Config represents a configuration which UASC client/server has in common.

func NewClientConfig

func NewClientConfig(policyURI string, cert, thumbprint []byte, reqID, secMode, lifetime uint32) *Config

NewClientConfig creates a new Config for Client.

With all the parameter given, it is sufficient for client to open SecureChannel. If the secMode is None, cert and thumbprint is not required(can be nil).

func NewClientConfigSecurityNone

func NewClientConfigSecurityNone(reqID, lifetime uint32) *Config

NewClientConfigSecurityNone creates a new Config for Client, with SecurityMode=None.

func NewConfig

func NewConfig(chanID uint32, policyURI string, cert, thumbprint []byte, seqNum, reqID, secMode, tokenID, lifetime uint32) *Config

NewConfig creates a new Config.

This contains all the parameter Config has, but the ones should be set depends on the application type. It is good idea to use NewClientConfig or NewServerConfig instead if you don't have specific purpose to create Config with full parameters.

func NewServerConfig

func NewServerConfig(policyURI string, cert, thumbprint []byte, chanID, secMode, tokenID, lifetime uint32) *Config

NewServerConfig creates a new Config for Server.

With all the parameter given, it is sufficient for server to accept SecureChannel. If the secMode is None, cert and thumbprint is not required(can be nil).

type Header struct {
	MessageType     uint32
	ChunkType       uint8
	MessageSize     uint32
	SecureChannelID uint32
	Payload         []byte
}

Header represents a OPC UA Secure Conversation Header.

func DecodeHeader

func DecodeHeader(b []byte) (*Header, error)

DecodeHeader decodes given bytes into OPC UA Secure Conversation Header.

func NewHeader

func NewHeader(msgType, chunkType string, chanID uint32, payload []byte) *Header

NewHeader creates a new OPC UA Secure Conversation Header.

func (*Header) ChunkTypeValue

func (h *Header) ChunkTypeValue() string

ChunkTypeValue returns ChunkType in string.

func (*Header) DecodeFromBytes

func (h *Header) DecodeFromBytes(b []byte) error

DecodeFromBytes decodes given bytes into OPC UA Secure Conversation Header.

func (*Header) Len

func (h *Header) Len() int

Len returns the actual length of Header in int.

func (*Header) MessageTypeValue

func (h *Header) MessageTypeValue() string

MessageTypeValue returns MessageType in string.

func (*Header) SecureChannelIDValue

func (h *Header) SecureChannelIDValue() int

SecureChannelIDValue returns ChunkType in int.

func (*Header) Serialize

func (h *Header) Serialize() ([]byte, error)

Serialize serializes OPC UA Secure Conversation Header into bytes.

func (*Header) SerializeTo

func (h *Header) SerializeTo(b []byte) error

SerializeTo serializes OPC UA Secure Conversation Header into given bytes. TODO: add error handling.

func (*Header) SetLength

func (h *Header) SetLength()

SetLength sets the length of Header.

func (*Header) String

func (h *Header) String() string

String returns Header in string.

type Message

Message represents a OPC UA Secure Conversation message.

func Decode

func Decode(b []byte) (*Message, error)

Decode decodes given bytes into OPC UA Secure Conversation message.

func New

func New(srv services.Service, cfg *Config) *Message

New creates a OPC UA Secure Conversation message.New MessageType of UASC is determined depending on the type of service given as below.

Service type: OpenSecureChannel => Message type: OPN.

Service type: CloseSecureChannel => Message type: CLO.

Service type: Others => Message type: MSG.

func (*Message) DecodeFromBytes

func (m *Message) DecodeFromBytes(b []byte) error

DecodeFromBytes decodes given bytes into OPC UA Secure Conversation message.

func (*Message) Len

func (m *Message) Len() int

Len returns the actual length of Message.

func (*Message) Serialize

func (m *Message) Serialize() ([]byte, error)

Serialize serializes Message into bytes.

func (*Message) SerializeTo

func (m *Message) SerializeTo(b []byte) error

SerializeTo serializes Message into bytes.

type SecureChannel

type SecureChannel struct {
	// contains filtered or unexported fields
}

SecureChannel is an implementation of the net.Conn interface for Secure Channel in OPC UA Secure Conversation.

In UASC, there are two types of net.Conn: SecureChannel and Session. Each Conn is handled in different manner.

func ListenAndAcceptSecureChannel

func ListenAndAcceptSecureChannel(ctx context.Context, transport net.Conn, cfg *Config) (*SecureChannel, error)

ListenAndAcceptSecureChannel starts UASC server on top of established transport connection.

func OpenSecureChannel

func OpenSecureChannel(ctx context.Context, transportConn net.Conn, cfg *Config, interval time.Duration, maxRetry int) (*SecureChannel, error)

OpenSecureChannel acts like net.Dial for OPC UA Secure Conversation network.

Currently security mode=None is only supported. If secMode is not set to

The first param ctx is to be passed to monitor(), which monitors and handles incoming messages automatically in another goroutine.

func (*SecureChannel) Close

func (s *SecureChannel) Close() error

Close closes the connection. Any blocked Read or Write operations will be unblocked and return errors.

Before closing, client sends CloseSecureChannelRequest. Even if it fails, closing procedure does not stop.

func (*SecureChannel) CloseSecureChannelRequest

func (s *SecureChannel) CloseSecureChannelRequest() error

CloseSecureChannelRequest sends CloseSecureChannelRequest on top of UASC to SecureChannel.

func (*SecureChannel) CloseSecureChannelResponse

func (s *SecureChannel) CloseSecureChannelResponse(code uint32) error

CloseSecureChannelResponse sends CloseSecureChannelResponse on top of UASC to SecureChannel.

func (*SecureChannel) FindServersRequest

func (s *SecureChannel) FindServersRequest(locales []string, servers ...string) error

FindServersRequest sends FindServersRequest on top of UASC to SecureChannel.

func (*SecureChannel) FindServersResponse

func (s *SecureChannel) FindServersResponse(code uint32, apps ...*services.ApplicationDescription) error

FindServersResponse sends FindServersResponse on top of UASC to SecureChannel.

XXX - This is to be improved with some external configuration to describe application infomation in the future release.

func (*SecureChannel) GetEndpointsRequest

func (s *SecureChannel) GetEndpointsRequest(locales, uris []string) error

GetEndpointsRequest sends GetEndpointsRequest on top of UASC to SecureChannel.

func (*SecureChannel) GetEndpointsResponse

func (s *SecureChannel) GetEndpointsResponse(code uint32, endpoints ...*services.EndpointDescription) error

GetEndpointsResponse sends GetEndpointsResponse on top of UASC to SecureChannel.

XXX - This is to be improved with some external configuration to describe endpoints infomation in the future release.

func (*SecureChannel) GetState

func (s *SecureChannel) GetState() string

GetState returns the current secChanState of SecureChannel.

func (*SecureChannel) LocalAddr

func (s *SecureChannel) LocalAddr() net.Addr

LocalAddr returns the local network address.

func (*SecureChannel) LocalEndpoint

func (s *SecureChannel) LocalEndpoint() string

LocalEndpoint returns the local EndpointURL.

This is expected to be called from server side of UACP Connection. If transport connection is not *uacp.Conn, LocalEndpoint() returns "".

func (*SecureChannel) OpenSecureChannelRequest

func (s *SecureChannel) OpenSecureChannelRequest() error

OpenSecureChannelRequest sends OpenSecureChannelRequest on top of UASC to SecureChannel.

func (*SecureChannel) OpenSecureChannelResponse

func (s *SecureChannel) OpenSecureChannelResponse(code uint32) error

OpenSecureChannelResponse sends OpenSecureChannelResponse on top of UASC to SecureChannel.

func (*SecureChannel) Read

func (s *SecureChannel) Read(b []byte) (n int, err error)

Read reads data from the connection. Read can be made to time out and return an Error with Timeout() == true after a fixed time limit; see SetDeadline and SetReadDeadline.

If the data is one of OpenSecureChannel or CloseSecureChannel, it will be handled automatically.

func (*SecureChannel) ReadService

func (s *SecureChannel) ReadService(b []byte) (n int, err error)

ReadService reads the payload(=Service) from the connection. Which means the UASC Headers are omitted.

func (*SecureChannel) RemoteAddr

func (s *SecureChannel) RemoteAddr() net.Addr

RemoteAddr returns the remote network address.

func (*SecureChannel) RemoteEndpoint

func (s *SecureChannel) RemoteEndpoint() string

RemoteEndpoint returns the remote EndpointURL.

This is expected to be called from client side of SecureChannel. If transport connection is not *uacp.Conn, RemoteEndpoint() returns "".

func (*SecureChannel) SetDeadline

func (s *SecureChannel) SetDeadline(t time.Time) error

SetDeadline sets the read and write deadlines associated with the connection. It is equivalent to calling both SetReadDeadline and SetWriteDeadline.

A deadline is an absolute time after which I/O operations fail with a timeout (see type Error) instead of blocking. The deadline applies to all future and pending I/O, not just the immediately following call to Read or Write. After a deadline has been exceeded, the connection can be refreshed by setting a deadline in the future.

An idle timeout can be implemented by repeatedly extending the deadline after successful Read or Write calls.

A zero value for t means I/O operations will not time out.

func (*SecureChannel) SetReadDeadline

func (s *SecureChannel) SetReadDeadline(t time.Time) error

SetReadDeadline sets the deadline for future Read calls and any currently-blocked Read call. A zero value for t means Read will not time out.

func (*SecureChannel) SetWriteDeadline

func (s *SecureChannel) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets the deadline for future Write calls and any currently-blocked Write call. Even if write times out, it may return n > 0, indicating that some of the data was successfully written. A zero value for t means Write will not time out.

func (*SecureChannel) Write

func (s *SecureChannel) Write(b []byte) (n int, err error)

Write writes data to the connection. Write can be made to time out and return an Error with Timeout() == true after a fixed time limit; see SetDeadline and SetWriteDeadline.

func (*SecureChannel) WriteService

func (s *SecureChannel) WriteService(b []byte) (n int, err error)

WriteService writes data to the connection. Unlike Write(), given b in WriteService() should only be serialized service.Service, while the UASC header is automatically set by the package. This enables writing arbitrary Service even if the service is not implemented in the package.

type SequenceHeader

type SequenceHeader struct {
	SequenceNumber uint32
	RequestID      uint32
	Payload        []byte
}

SequenceHeader represents a Sequence Header in OPC UA Secure Conversation.

func DecodeSequenceHeader

func DecodeSequenceHeader(b []byte) (*SequenceHeader, error)

DecodeSequenceHeader decodes given bytes into OPC UA Secure Conversation Sequence Header.

func NewSequenceHeader

func NewSequenceHeader(seq, req uint32, payload []byte) *SequenceHeader

NewSequenceHeader creates a new OPC UA Secure Conversation Sequence Header.

func (*SequenceHeader) DecodeFromBytes

func (s *SequenceHeader) DecodeFromBytes(b []byte) error

DecodeFromBytes decodes given bytes into OPC UA Secure Conversation Sequence Header. XXX - May be crashed when the length value and actual size is inconsistent.

func (*SequenceHeader) Len

func (s *SequenceHeader) Len() int

Len returns the actual length of SequenceHeader in int.

func (*SequenceHeader) Serialize

func (s *SequenceHeader) Serialize() ([]byte, error)

Serialize serializes OPC UA Secure Conversation Sequence Header into bytes.

func (*SequenceHeader) SerializeTo

func (s *SequenceHeader) SerializeTo(b []byte) error

SerializeTo serializes OPC UA Secure Conversation SequenceHeader into given bytes. TODO: add error handling.

func (*SequenceHeader) String

func (s *SequenceHeader) String() string

String returns Header in string.

type Session

type Session struct {
	// contains filtered or unexported fields
}

Session is an implementation of the net.Conn interface for Session in OPC UA Secure Conversation.

In UASC, there are two types of net.Conn: SecureChannel and Session. Each Conn is handled in different manner.

func CreateSession

func CreateSession(ctx context.Context, secChan *SecureChannel, cfg *SessionConfig, maxRetry int, interval time.Duration) (*Session, error)

CreateSession creates a session on top of SecureChannel.

func ListenAndAcceptSession

func ListenAndAcceptSession(ctx context.Context, secChan *SecureChannel, cfg *SessionConfig) (*Session, error)

ListenAndAcceptSession starts UASC server on top of established transport connection.

func (*Session) Activate

func (s *Session) Activate() error

Activate activates the session.

func (*Session) ActivateSessionRequest

func (s *Session) ActivateSessionRequest() error

ActivateSessionRequest sends a ActivateSessionRequest.

func (*Session) ActivateSessionResponse

func (s *Session) ActivateSessionResponse(results ...uint32) error

ActivateSessionResponse sends a ActivateSessionResponse.

func (*Session) Close

func (s *Session) Close() error

Close closes the connection. Any blocked Read or Write operations will be unblocked and return errors.

Before closing, client sends CloseSessionRequest. Even if it fails, closing procedure does not stop.

func (*Session) CloseSessionRequest

func (s *Session) CloseSessionRequest(delete bool) error

CloseSessionRequest sends a CloseSessionRequest.

func (*Session) CloseSessionResponse

func (s *Session) CloseSessionResponse() error

CloseSessionResponse sends a CloseSessionResponse.

func (*Session) CreateSessionRequest

func (s *Session) CreateSessionRequest() error

CreateSessionRequest sends a CreateSessionRequest.

func (*Session) CreateSessionResponse

func (s *Session) CreateSessionResponse() error

CreateSessionResponse sends a CreateSessionResponse.

func (*Session) LocalAddr

func (s *Session) LocalAddr() net.Addr

LocalAddr returns the local network address.

func (*Session) LocalEndpoint

func (s *Session) LocalEndpoint() string

LocalEndpoint returns the local EndpointURL.

This is expected to be called from server side of UACP Connection. If transport connection is not *uacp.Conn, LocalEndpoint() returns "".

func (*Session) Read

func (s *Session) Read(b []byte) (n int, err error)

Read reads data from the connection. Read can be made to time out and return an Error with Timeout() == true after a fixed time limit; see SetDeadline and SetReadDeadline.

If the data is one of OpenSecureChannel or CloseSecureChannel, it will be handled automatically.

func (*Session) ReadRequest

func (s *Session) ReadRequest(maxAge uint64, tsRet services.TimestampsToReturn, nodes ...*datatypes.ReadValueID) error

ReadRequest sends a ReadRequest.

func (*Session) ReadResponse

func (s *Session) ReadResponse(results ...*datatypes.DataValue) error

ReadResponse sends a ReadResponse.

func (*Session) ReadService

func (s *Session) ReadService(b []byte) (n int, err error)

ReadService reads the payload(=Service) from the connection. Which means the UASC Headers are omitted.

func (*Session) RemoteAddr

func (s *Session) RemoteAddr() net.Addr

RemoteAddr returns the remote network address.

func (*Session) RemoteEndpoint

func (s *Session) RemoteEndpoint() string

RemoteEndpoint returns the remote EndpointURL.

This is expected to be called from client side of SecureChannel. If transport connection is not *uacp.Conn, RemoteEndpoint() returns "".

func (*Session) SetDeadline

func (s *Session) SetDeadline(t time.Time) error

SetDeadline sets the read and write deadlines associated with the connection. It is equivalent to calling both SetReadDeadline and SetWriteDeadline.

A deadline is an absolute time after which I/O operations fail with a timeout (see type Error) instead of blocking. The deadline applies to all future and pending I/O, not just the immediately following call to Read or Write. After a deadline has been exceeded, the connection can be refreshed by setting a deadline in the future.

An idle timeout can be implemented by repeatedly extending the deadline after successful Read or Write calls.

A zero value for t means I/O operations will not time out.

func (*Session) SetReadDeadline

func (s *Session) SetReadDeadline(t time.Time) error

SetReadDeadline sets the deadline for future Read calls and any currently-blocked Read call. A zero value for t means Read will not time out.

func (*Session) SetWriteDeadline

func (s *Session) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets the deadline for future Write calls and any currently-blocked Write call. Even if write times out, it may return n > 0, indicating that some of the data was successfully written. A zero value for t means Write will not time out.

func (*Session) Write

func (s *Session) Write(b []byte) (n int, err error)

Write writes data to the connection. Write can be made to time out and return an Error with Timeout() == true after a fixed time limit; see SetDeadline and SetWriteDeadline.

func (*Session) WriteRequest

func (s *Session) WriteRequest(nodes ...*datatypes.WriteValue) error

WriteRequest sends a WriteRequest.

func (*Session) WriteResponse

func (s *Session) WriteResponse(results ...uint32) error

WriteResponse sends a WriteResponse.

func (*Session) WriteService

func (s *Session) WriteService(b []byte) (n int, err error)

WriteService writes data to the connection. Unlike Write(), given b in WriteService() should only be serialized service.Service, while the UASC header is automatically set by the package. This enables writing arbitrary Service even if the service is not implemented in the package.

type SessionConfig

type SessionConfig struct {
	// AuthenticationToken is the secret Session identifier used to verify that the request is
	// associated with the Session. The SessionAuthenticationToken type is defined in 7.31.
	AuthenticationToken *datatypes.NodeID
	// ClientDescription is the information that describes the Client application.
	// The type ApplicationDescription is defined in 7.1.
	ClientDescription *services.ApplicationDescription
	// ServerEndpoints is the list of Endpoints that the Server supports.
	// The Server shall return a set of EndpointDescriptions available for the serverUri
	// specified in the request. The EndpointDescription type is defined in 7.10. The Client
	// shall verify this list with the list from a DiscoveryEndpoint if it used a
	// DiscoveryEndpoint to fetch the EndpointDescriptions.
	// It is recommended that Servers only include the server.applicationUri, endpointUrl,
	// securityMode, securityPolicyUri, userIdentityTokens, transportProfileUri and
	// securityLevel with all other parameters set to null. Only the recommended
	// parameters shall be verified by the client.
	ServerEndpoints []*services.EndpointDescription
	// LocaleIDs is the list of locale ids in priority order for localized strings. The first
	// LocaleId in the list has the highest priority. If the Server returns a localized string
	// to the Client, the Server shall return the translation with the highest priority that
	// it can. If it does not have a translation for any of the locales identified in this list,
	// then it shall return the string value that it has and include the locale id with the
	// string. See Part 3 for more detail on locale ids. If the Client fails to specify at least
	// one locale id, the Server shall use any that it has.
	// This parameter only needs to be specified during the first call to ActivateSession during
	// a single application Session. If it is not specified the Server shall keep using the
	// current localeIds for the Session.
	LocaleIDs []string
	// UserIdentityToken is the credentials of the user associated with the Client application.
	// The Server uses these credentials to determine whether the Client should be allowed to
	// activate a Session and what resources the Client has access to during this Session.
	// The UserIdentityToken is an extensible parameter type defined in 7.36.
	// The EndpointDescription specifies what UserIdentityTokens the Server shall accept.
	// Null or empty user token shall always be interpreted as anonymous.
	UserIdentityToken datatypes.UserIdentityToken
	// If the Client specified a user identity token that supports digital signatures, then it
	// shall create a signature and pass it as this parameter. Otherwise the parameter is null.
	// The SignatureAlgorithm depends on the identity token type.
	// The SignatureData type is defined in 7.32.
	UserTokenSignature *services.SignatureData
	// If Session works as a client, SessionTimeout is the requested maximum number of milliseconds
	// that a Session should remain open without activity. If the Client fails to issue a Service
	// request within this interval, then the Server shall automatically terminate the Client Session.
	// If Session works as a server, SessionTimeout is an actual maximum number of milliseconds
	// that a Session shall remain open without activity. The Server should attempt to honour the
	// Client request for this parameter,but may negotiate this value up or down to meet its own constraints.
	SessionTimeout uint64
	// contains filtered or unexported fields
}

SessionConfig is a set of common configurations used in Session.

func NewClientSessionConfig

func NewClientSessionConfig(locales []string, userToken datatypes.UserIdentityToken) *SessionConfig

NewClientSessionConfig creates a SessionConfig for client.

func NewServerSessionConfig

func NewServerSessionConfig(secChan *SecureChannel) *SessionConfig

NewServerSessionConfig creates a new SessionConfigServer for server.

type SymmetricSecurityHeader

type SymmetricSecurityHeader struct {
	TokenID uint32
	Payload []byte
}

SymmetricSecurityHeader represents a Symmetric Algorithm Security Header in OPC UA Secure Conversation.

func DecodeSymmetricSecurityHeader

func DecodeSymmetricSecurityHeader(b []byte) (*SymmetricSecurityHeader, error)

DecodeSymmetricSecurityHeader decodes given bytes into OPC UA Secure Conversation Symmetric Algorithm Security Header.

func NewSymmetricSecurityHeader

func NewSymmetricSecurityHeader(token uint32, payload []byte) *SymmetricSecurityHeader

NewSymmetricSecurityHeader creates a new OPC UA Secure Conversation Symmetric Algorithm Security Header.

func (*SymmetricSecurityHeader) DecodeFromBytes

func (s *SymmetricSecurityHeader) DecodeFromBytes(b []byte) error

DecodeFromBytes decodes given bytes into OPC UA Secure Conversation Symmetric Algorithm Security Header. XXX - May be crashed when the length value and actual size is inconsistent.

func (*SymmetricSecurityHeader) Len

func (s *SymmetricSecurityHeader) Len() int

Len returns the actual length of SymmetricSecurityHeader in int.

func (*SymmetricSecurityHeader) Serialize

func (s *SymmetricSecurityHeader) Serialize() ([]byte, error)

Serialize serializes OPC UA Secure Conversation Symmetric Algorithm Security Header into bytes.

func (*SymmetricSecurityHeader) SerializeTo

func (s *SymmetricSecurityHeader) SerializeTo(b []byte) error

SerializeTo serializes OPC UA Secure Conversation SymmetricSecurityHeader into given bytes. TODO: add error handling.

func (*SymmetricSecurityHeader) String

func (s *SymmetricSecurityHeader) String() string

String returns Header in string.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL