|
|
@@ -2,9 +2,10 @@
|
|
|
#include "ua_session.h"
|
|
|
#include "ua_statuscodes.h"
|
|
|
|
|
|
-UA_StatusCode UA_SecureChannelManager_init(UA_SecureChannelManager *cm, UA_UInt32 maxChannelCount,
|
|
|
- UA_UInt32 tokenLifetime, UA_UInt32 startChannelId,
|
|
|
- UA_UInt32 startTokenId) {
|
|
|
+UA_StatusCode
|
|
|
+UA_SecureChannelManager_init(UA_SecureChannelManager *cm, UA_UInt32 maxChannelCount,
|
|
|
+ UA_UInt32 tokenLifetime, UA_UInt32 startChannelId,
|
|
|
+ UA_UInt32 startTokenId) {
|
|
|
LIST_INIT(&cm->channels);
|
|
|
cm->lastChannelId = startChannelId;
|
|
|
cm->lastTokenId = startTokenId;
|
|
|
@@ -14,42 +15,34 @@ UA_StatusCode UA_SecureChannelManager_init(UA_SecureChannelManager *cm, UA_UInt3
|
|
|
}
|
|
|
|
|
|
void UA_SecureChannelManager_deleteMembers(UA_SecureChannelManager *cm) {
|
|
|
- channel_list_entry *current = LIST_FIRST(&cm->channels);
|
|
|
- while(current) {
|
|
|
- LIST_REMOVE(current, pointers);
|
|
|
- UA_SecureChannel_deleteMembersCleanup(¤t->channel);
|
|
|
- UA_free(current);
|
|
|
- current = LIST_FIRST(&cm->channels);
|
|
|
+ channel_list_entry *entry, *temp;
|
|
|
+ LIST_FOREACH_SAFE(entry, &cm->channels, pointers, temp) {
|
|
|
+ LIST_REMOVE(entry, pointers);
|
|
|
+ UA_SecureChannel_deleteMembersCleanup(&entry->channel);
|
|
|
+ UA_free(entry);
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+/* remove channels that were not renewed or who have no connection attached */
|
|
|
void UA_SecureChannelManager_cleanupTimedOut(UA_SecureChannelManager *cm, UA_DateTime now) {
|
|
|
- channel_list_entry *entry = LIST_FIRST(&cm->channels);
|
|
|
- /* remove channels that were not renewed or who have no connection attached */
|
|
|
- while(entry) {
|
|
|
- if(entry->channel.securityToken.createdAt +
|
|
|
- (UA_DateTime)entry->channel.securityToken.revisedLifetime*10000 > now &&
|
|
|
- entry->channel.connection) {
|
|
|
- entry = LIST_NEXT(entry, pointers);
|
|
|
- }else if(entry->channel.nextSecurityToken.tokenId > 0 &&
|
|
|
- entry->channel.nextSecurityToken.createdAt +
|
|
|
- (UA_DateTime)entry->channel.nextSecurityToken.revisedLifetime*10000 > now &&
|
|
|
- entry->channel.connection){
|
|
|
- UA_SecureChannel_revolveTokens(&entry->channel);
|
|
|
- entry = LIST_NEXT(entry, pointers);
|
|
|
- } else {
|
|
|
- channel_list_entry *next = LIST_NEXT(entry, pointers);
|
|
|
+ channel_list_entry *entry, *temp;
|
|
|
+ LIST_FOREACH_SAFE(entry, &cm->channels, pointers, temp) {
|
|
|
+ UA_DateTime timeout = entry->channel.securityToken.createdAt +
|
|
|
+ ((UA_DateTime)entry->channel.securityToken.revisedLifetime * 10000);
|
|
|
+ if(timeout < now || !entry->channel.connection) {
|
|
|
LIST_REMOVE(entry, pointers);
|
|
|
UA_SecureChannel_deleteMembersCleanup(&entry->channel);
|
|
|
UA_free(entry);
|
|
|
- entry = next;
|
|
|
+ } else if(entry->channel.nextSecurityToken.tokenId > 0) {
|
|
|
+ UA_SecureChannel_revolveTokens(&entry->channel);
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-UA_StatusCode UA_SecureChannelManager_open(UA_SecureChannelManager *cm, UA_Connection *conn,
|
|
|
- const UA_OpenSecureChannelRequest *request,
|
|
|
- UA_OpenSecureChannelResponse *response) {
|
|
|
+UA_StatusCode
|
|
|
+UA_SecureChannelManager_open(UA_SecureChannelManager *cm, UA_Connection *conn,
|
|
|
+ const UA_OpenSecureChannelRequest *request,
|
|
|
+ UA_OpenSecureChannelResponse *response) {
|
|
|
switch(request->securityMode) {
|
|
|
case UA_MESSAGESECURITYMODE_NONE:
|
|
|
break;
|
|
|
@@ -67,7 +60,7 @@ UA_StatusCode UA_SecureChannelManager_open(UA_SecureChannelManager *cm, UA_Conne
|
|
|
|
|
|
UA_SecureChannel_init(&entry->channel);
|
|
|
response->responseHeader.stringTableSize = 0;
|
|
|
- response->responseHeader.timestamp = UA_DateTime_now();
|
|
|
+ response->responseHeader.timestamp = UA_DateTime_now();
|
|
|
response->serverProtocolVersion = 0;
|
|
|
|
|
|
entry->channel.securityToken.channelId = cm->lastChannelId++;
|
|
|
@@ -75,12 +68,9 @@ UA_StatusCode UA_SecureChannelManager_open(UA_SecureChannelManager *cm, UA_Conne
|
|
|
entry->channel.securityToken.createdAt = UA_DateTime_now();
|
|
|
entry->channel.securityToken.revisedLifetime = (request->requestedLifetime > cm->maxChannelLifetime) ?
|
|
|
cm->maxChannelLifetime : request->requestedLifetime;
|
|
|
- //FIXME: pragmatic workaround to get clients requesting lifetime of 0 working
|
|
|
- if(entry->channel.securityToken.revisedLifetime == 0) {
|
|
|
+ /* pragmatic workaround to get clients requesting lifetime of 0 working */
|
|
|
+ if(entry->channel.securityToken.revisedLifetime == 0)
|
|
|
entry->channel.securityToken.revisedLifetime = cm->maxChannelLifetime;
|
|
|
- //FIXME: I'd log it, but there is no pointer to the logger
|
|
|
- // printf("Warning: client requests token lifetime of 0 in OpenSecureChannelRequest setting it to %llu\n", cm->maxChannelLifetime);
|
|
|
- }
|
|
|
|
|
|
UA_ByteString_copy(&request->clientNonce, &entry->channel.clientNonce);
|
|
|
entry->channel.serverAsymAlgSettings.securityPolicyUri =
|
|
|
@@ -96,41 +86,38 @@ UA_StatusCode UA_SecureChannelManager_open(UA_SecureChannelManager *cm, UA_Conne
|
|
|
return UA_STATUSCODE_GOOD;
|
|
|
}
|
|
|
|
|
|
-UA_StatusCode UA_SecureChannelManager_renew(UA_SecureChannelManager *cm, UA_Connection *conn,
|
|
|
- const UA_OpenSecureChannelRequest *request,
|
|
|
- UA_OpenSecureChannelResponse *response) {
|
|
|
+UA_StatusCode
|
|
|
+UA_SecureChannelManager_renew(UA_SecureChannelManager *cm, UA_Connection *conn,
|
|
|
+ const UA_OpenSecureChannelRequest *request,
|
|
|
+ UA_OpenSecureChannelResponse *response) {
|
|
|
UA_SecureChannel *channel = conn->channel;
|
|
|
if(channel == UA_NULL)
|
|
|
return UA_STATUSCODE_BADINTERNALERROR;
|
|
|
|
|
|
- //if no new security token is already issued
|
|
|
- if(channel->nextSecurityToken.tokenId == 0){
|
|
|
- channel->nextSecurityToken.channelId = channel->securityToken.channelId;
|
|
|
- //FIXME: UaExpert seems not to use new the new tokenid
|
|
|
- channel->nextSecurityToken.tokenId = cm->lastTokenId++;
|
|
|
- //channel->nextSecurityToken.tokenId = channel->securityToken.tokenId;
|
|
|
- channel->nextSecurityToken.createdAt = UA_DateTime_now();
|
|
|
+ /* if no security token is already issued */
|
|
|
+ if(channel->nextSecurityToken.tokenId == 0) {
|
|
|
+ channel->nextSecurityToken.channelId = channel->securityToken.channelId;
|
|
|
+ //FIXME: UaExpert seems not to use the new tokenid
|
|
|
+ channel->nextSecurityToken.tokenId = cm->lastTokenId++;
|
|
|
+ //channel->nextSecurityToken.tokenId = channel->securityToken.tokenId;
|
|
|
+ channel->nextSecurityToken.createdAt = UA_DateTime_now();
|
|
|
channel->nextSecurityToken.revisedLifetime = (request->requestedLifetime > cm->maxChannelLifetime) ?
|
|
|
cm->maxChannelLifetime : request->requestedLifetime;
|
|
|
|
|
|
- //FIXME: pragmatic workaround to get clients requesting lifetime of 0 working
|
|
|
- if(channel->nextSecurityToken.revisedLifetime == 0){
|
|
|
+ /* pragmatic workaround to get clients requesting lifetime of 0 working */
|
|
|
+ if(channel->nextSecurityToken.revisedLifetime == 0)
|
|
|
channel->nextSecurityToken.revisedLifetime = cm->maxChannelLifetime;
|
|
|
- //FIXME: I'd log it, but there is no pointer to the logger
|
|
|
- // printf("Warning: client requests token lifetime of 0 in renewing SecureChannel setting it to %llu\n", cm->maxChannelLifetime);
|
|
|
- }
|
|
|
-
|
|
|
}
|
|
|
if(channel->clientNonce.data)
|
|
|
UA_ByteString_deleteMembers(&channel->clientNonce);
|
|
|
UA_ByteString_copy(&request->clientNonce, &channel->clientNonce);
|
|
|
-
|
|
|
UA_ByteString_copy(&channel->serverNonce, &response->serverNonce);
|
|
|
UA_ChannelSecurityToken_copy(&channel->nextSecurityToken, &response->securityToken);
|
|
|
return UA_STATUSCODE_GOOD;
|
|
|
}
|
|
|
|
|
|
-UA_SecureChannel * UA_SecureChannelManager_get(UA_SecureChannelManager *cm, UA_UInt32 channelId) {
|
|
|
+UA_SecureChannel *
|
|
|
+UA_SecureChannelManager_get(UA_SecureChannelManager *cm, UA_UInt32 channelId) {
|
|
|
channel_list_entry *entry;
|
|
|
LIST_FOREACH(entry, &cm->channels, pointers) {
|
|
|
if(entry->channel.securityToken.channelId == channelId)
|
|
|
@@ -139,16 +126,16 @@ UA_SecureChannel * UA_SecureChannelManager_get(UA_SecureChannelManager *cm, UA_U
|
|
|
return UA_NULL;
|
|
|
}
|
|
|
|
|
|
-UA_StatusCode UA_SecureChannelManager_close(UA_SecureChannelManager *cm, UA_UInt32 channelId) {
|
|
|
+UA_StatusCode
|
|
|
+UA_SecureChannelManager_close(UA_SecureChannelManager *cm, UA_UInt32 channelId) {
|
|
|
channel_list_entry *entry;
|
|
|
LIST_FOREACH(entry, &cm->channels, pointers) {
|
|
|
- if(entry->channel.securityToken.channelId == channelId)
|
|
|
- break;
|
|
|
+ if(entry->channel.securityToken.channelId == channelId) {
|
|
|
+ LIST_REMOVE(entry, pointers);
|
|
|
+ UA_SecureChannel_deleteMembersCleanup(&entry->channel);
|
|
|
+ UA_free(entry);
|
|
|
+ return UA_STATUSCODE_GOOD;
|
|
|
+ }
|
|
|
}
|
|
|
- if(!entry)
|
|
|
- return UA_STATUSCODE_BADINTERNALERROR;
|
|
|
- LIST_REMOVE(entry, pointers);
|
|
|
- UA_SecureChannel_deleteMembersCleanup(&entry->channel);
|
|
|
- UA_free(entry);
|
|
|
- return UA_STATUSCODE_GOOD;
|
|
|
+ return UA_STATUSCODE_BADINTERNALERROR;
|
|
|
}
|
Julius Pfrommer