Startsida Utforska Hjälp
Logga in
opc-ua
/
open62541
Bevaka 2
Stjärnmärk 0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: f144f0eabc
Grenar Taggar
open62541
/
src
/
client
/
ua_client_connect.c

ua_client_connect.c 31 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751 
  1. /* This Source Code Form is subject to the terms of the Mozilla Public
    2. 

  2.  * License, v. 2.0. If a copy of the MPL was not distributed with this
    3. 

  3.  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
    4. 

  4.  *
    5. 

  5.  *    Copyright 2017 (c) Mark Giraud, Fraunhofer IOSB
    6. 

  6.  *    Copyright 2017-2018 (c) Thomas Stalder, Blue Time Concept SA
    7. 

  7.  *    Copyright 2017 (c) Fraunhofer IOSB (Author: Julius Pfrommer)
    8. 

  8.  *    Copyright 2017 (c) Stefan Profanter, fortiss GmbH
    9. 

  9.  *    Copyright 2018 (c) Kalycito Infotech Private Limited
    10. 

  10.  */
    11. 

  11. 

  12. #include "ua_client.h"
    13. 

  13. #include "ua_client_internal.h"
    14. 

  14. #include "ua_transport_generated.h"
    15. 

  15. #include "ua_transport_generated_handling.h"
    16. 

  16. #include "ua_transport_generated_encoding_binary.h"
    17. 

  17. #include "ua_types_encoding_binary.h"
    18. 

  18. #include "ua_types_generated_encoding_binary.h"
    19. 

  19. 

  20. /* Size are refered in bytes */
    21. 

  21. #define UA_MINMESSAGESIZE                8192
    22. 

  22. #define UA_SESSION_LOCALNONCELENGTH      32
    23. 

  23. #define MAX_DATA_SIZE                    4096
    24. 

  24. 

  25.  /********************/
    26. 

  26.  /* Set client state */
    27. 

  27.  /********************/
    28. 

  28. void
    29. 

  29. setClientState(UA_Client *client, UA_ClientState state) {
    30. 

  30.     if(client->state != state) {
    31. 

  31.         client->state = state;
    32. 

  32.         if(client->config.stateCallback)
    33. 

  33.             client->config.stateCallback(client, client->state);
    34. 

  34.     }
    35. 

  35. }
    36. 

  36. 

  37. /***********************/
    38. 

  38. /* Open the Connection */
    39. 

  39. /***********************/
    40. 

  40. 

  41. static UA_StatusCode
    42. 

  42. processACKResponse(void *application, UA_Connection *connection, UA_ByteString *chunk) {
    43. 

  43.     UA_Client *client = (UA_Client*)application;
    44. 

  44. 

  45.     /* Decode the message */
    46. 

  46.     size_t offset = 0;
    47. 

  47.     UA_StatusCode retval;
    48. 

  48.     UA_TcpMessageHeader messageHeader;
    49. 

  49.     UA_TcpAcknowledgeMessage ackMessage;
    50. 

  50.     retval = UA_TcpMessageHeader_decodeBinary(chunk, &offset, &messageHeader);
    51. 

  51.     retval |= UA_TcpAcknowledgeMessage_decodeBinary(chunk, &offset, &ackMessage);
    52. 

  52.     if(retval != UA_STATUSCODE_GOOD) {
    53. 

  53.         UA_LOG_INFO(client->config.logger, UA_LOGCATEGORY_NETWORK,
    54. 

  54.                     "Decoding ACK message failed");
    55. 

  55.         return retval;
    56. 

  56.     }
    57. 

  57. 

  58.     /* Store remote connection settings and adjust local configuration to not
    59. 

  59.      * exceed the limits */
    60. 

  60.     UA_LOG_DEBUG(client->config.logger, UA_LOGCATEGORY_NETWORK, "Received ACK message");
    61. 

  61.     connection->remoteConf.maxChunkCount = ackMessage.maxChunkCount; /* may be zero -> unlimited */
    62. 

  62.     connection->remoteConf.maxMessageSize = ackMessage.maxMessageSize; /* may be zero -> unlimited */
    63. 

  63.     connection->remoteConf.protocolVersion = ackMessage.protocolVersion;
    64. 

  64.     connection->remoteConf.sendBufferSize = ackMessage.sendBufferSize;
    65. 

  65.     connection->remoteConf.recvBufferSize = ackMessage.receiveBufferSize;
    66. 

  66.     if(connection->remoteConf.recvBufferSize < connection->localConf.sendBufferSize)
    67. 

  67.         connection->localConf.sendBufferSize = connection->remoteConf.recvBufferSize;
    68. 

  68.     if(connection->remoteConf.sendBufferSize < connection->localConf.recvBufferSize)
    69. 

  69.         connection->localConf.recvBufferSize = connection->remoteConf.sendBufferSize;
    70. 

  70.     connection->state = UA_CONNECTION_ESTABLISHED;
    71. 

  71.     return UA_STATUSCODE_GOOD;
    72. 

  72. }
    73. 

  73. 

  74. static UA_StatusCode
    75. 

  75. HelAckHandshake(UA_Client *client) {
    76. 

  76.     /* Get a buffer */
    77. 

  77.     UA_ByteString message;
    78. 

  78.     UA_Connection *conn = &client->connection;
    79. 

  79.     UA_StatusCode retval = conn->getSendBuffer(conn, UA_MINMESSAGESIZE, &message);
    80. 

  80.     if(retval != UA_STATUSCODE_GOOD)
    81. 

  81.         return retval;
    82. 

  82. 

  83.     /* Prepare the HEL message and encode at offset 8 */
    84. 

  84.     UA_TcpHelloMessage hello;
    85. 

  85.     UA_String_copy(&client->endpointUrl, &hello.endpointUrl); /* must be less than 4096 bytes */
    86. 

  86.     hello.maxChunkCount = conn->localConf.maxChunkCount;
    87. 

  87.     hello.maxMessageSize = conn->localConf.maxMessageSize;
    88. 

  88.     hello.protocolVersion = conn->localConf.protocolVersion;
    89. 

  89.     hello.receiveBufferSize = conn->localConf.recvBufferSize;
    90. 

  90.     hello.sendBufferSize = conn->localConf.sendBufferSize;
    91. 

  91. 

  92.     UA_Byte *bufPos = &message.data[8]; /* skip the header */
    93. 

  93.     const UA_Byte *bufEnd = &message.data[message.length];
    94. 

  94.     retval = UA_TcpHelloMessage_encodeBinary(&hello, &bufPos, bufEnd);
    95. 

  95.     UA_TcpHelloMessage_deleteMembers(&hello);
    96. 

  96. 

  97.     /* Encode the message header at offset 0 */
    98. 

  98.     UA_TcpMessageHeader messageHeader;
    99. 

  99.     messageHeader.messageTypeAndChunkType = UA_CHUNKTYPE_FINAL + UA_MESSAGETYPE_HEL;
    100. 

  100.     messageHeader.messageSize = (UA_UInt32)((uintptr_t)bufPos - (uintptr_t)message.data);
    101. 

  101.     bufPos = message.data;
    102. 

  102.     retval |= UA_TcpMessageHeader_encodeBinary(&messageHeader, &bufPos, bufEnd);
    103. 

  103.     if(retval != UA_STATUSCODE_GOOD) {
    104. 

  104.         conn->releaseSendBuffer(conn, &message);
    105. 

  105.         return retval;
    106. 

  106.     }
    107. 

  107. 

  108.     /* Send the HEL message */
    109. 

  109.     message.length = messageHeader.messageSize;
    110. 

  110.     retval = conn->send(conn, &message);
    111. 

  111.     if(retval != UA_STATUSCODE_GOOD) {
    112. 

  112.         UA_LOG_INFO(client->config.logger, UA_LOGCATEGORY_NETWORK,
    113. 

  113.                     "Sending HEL failed");
    114. 

  114.         return retval;
    115. 

  115.     }
    116. 

  116.     UA_LOG_DEBUG(client->config.logger, UA_LOGCATEGORY_NETWORK,
    117. 

  117.                  "Sent HEL message");
    118. 

  118. 

  119.     /* Loop until we have a complete chunk */
    120. 

  120.     retval = UA_Connection_receiveChunksBlocking(conn, client, processACKResponse,
    121. 

  121.                                                  client->config.timeout);
    122. 

  122.     if(retval != UA_STATUSCODE_GOOD) {
    123. 

  123.         UA_LOG_INFO(client->config.logger, UA_LOGCATEGORY_NETWORK,
    124. 

  124.                     "Receiving ACK message failed");
    125. 

  125.         if(retval == UA_STATUSCODE_BADCONNECTIONCLOSED)
    126. 

  126.             client->state = UA_CLIENTSTATE_DISCONNECTED;
    127. 

  127.         UA_Client_close(client);
    128. 

  128.     }
    129. 

  129.     return retval;
    130. 

  130. }
    131. 

  131. 

  132. static void
    133. 

  133. processDecodedOPNResponse(UA_Client *client, UA_OpenSecureChannelResponse *response) {
    134. 

  134.     /* Replace the token */
    135. 

  135.     UA_ChannelSecurityToken_deleteMembers(&client->channel.securityToken);
    136. 

  136.     client->channel.securityToken = response->securityToken;
    137. 

  137.     UA_ChannelSecurityToken_init(&response->securityToken);
    138. 

  138. 

  139.     /* Replace the nonce */
    140. 

  140.     UA_ByteString_deleteMembers(&client->channel.remoteNonce);
    141. 

  141.     client->channel.remoteNonce = response->serverNonce;
    142. 

  142.     UA_ByteString_init(&response->serverNonce);
    143. 

  143. 

  144.     if(client->channel.state == UA_SECURECHANNELSTATE_OPEN)
    145. 

  145.         UA_LOG_DEBUG(client->config.logger, UA_LOGCATEGORY_SECURECHANNEL,
    146. 

  146.                      "SecureChannel in the server renewed");
    147. 

  147.     else
    148. 

  148.         UA_LOG_DEBUG(client->config.logger, UA_LOGCATEGORY_SECURECHANNEL,
    149. 

  149.                      "Opened SecureChannel acknowledged by the server");
    150. 

  150. 

  151.     /* Response.securityToken.revisedLifetime is UInt32 we need to cast it to
    152. 

  152.      * DateTime=Int64 we take 75% of lifetime to start renewing as described in
    153. 

  153.      * standard */
    154. 

  154.     client->channel.state = UA_SECURECHANNELSTATE_OPEN;
    155. 

  155.     client->nextChannelRenewal = UA_DateTime_nowMonotonic() + (UA_DateTime)
    156. 

  156.         (client->channel.securityToken.revisedLifetime * (UA_Double)UA_DATETIME_MSEC * 0.75);
    157. 

  157. }
    158. 

  158. 

  159. static UA_StatusCode
    160. 

  160. openSecureChannel(UA_Client *client, UA_Boolean renew) {
    161. 

  161.     /* Check if sc is still valid */
    162. 

  162.     if(renew && client->nextChannelRenewal > UA_DateTime_nowMonotonic())
    163. 

  163.         return UA_STATUSCODE_GOOD;
    164. 

  164. 

  165.     UA_Connection *conn = &client->connection;
    166. 

  166.     if(conn->state != UA_CONNECTION_ESTABLISHED)
    167. 

  167.         return UA_STATUSCODE_BADSERVERNOTCONNECTED;
    168. 

  168. 

  169.     /* Prepare the OpenSecureChannelRequest */
    170. 

  170.     UA_OpenSecureChannelRequest opnSecRq;
    171. 

  171.     UA_OpenSecureChannelRequest_init(&opnSecRq);
    172. 

  172.     opnSecRq.requestHeader.timestamp = UA_DateTime_now();
    173. 

  173.     opnSecRq.requestHeader.authenticationToken = client->authenticationToken;
    174. 

  174.     if(renew) {
    175. 

  175.         opnSecRq.requestType = UA_SECURITYTOKENREQUESTTYPE_RENEW;
    176. 

  176.         UA_LOG_DEBUG(client->config.logger, UA_LOGCATEGORY_SECURECHANNEL,
    177. 

  177.                      "Requesting to renew the SecureChannel");
    178. 

  178.     } else {
    179. 

  179.         opnSecRq.requestType = UA_SECURITYTOKENREQUESTTYPE_ISSUE;
    180. 

  180.         UA_LOG_DEBUG(client->config.logger, UA_LOGCATEGORY_SECURECHANNEL,
    181. 

  181.                      "Requesting to open a SecureChannel");
    182. 

  182.     }
    183. 

  183. 

  184.     /* Set the securityMode to input securityMode from client data */
    185. 

  185.     opnSecRq.securityMode = client->channel.securityMode;
    186. 

  186. 

  187.     opnSecRq.clientNonce = client->channel.localNonce;
    188. 

  188.     opnSecRq.requestedLifetime = client->config.secureChannelLifeTime;
    189. 

  189. 

  190.     /* Send the OPN message */
    191. 

  191.     UA_UInt32 requestId = ++client->requestId;
    192. 

  192.     UA_StatusCode retval =
    193. 

  193.         UA_SecureChannel_sendAsymmetricOPNMessage(&client->channel, requestId, &opnSecRq,
    194. 

  194.                                                   &UA_TYPES[UA_TYPES_OPENSECURECHANNELREQUEST]);
    195. 

  195.     if(retval != UA_STATUSCODE_GOOD) {
    196. 

  196.         UA_LOG_ERROR(client->config.logger, UA_LOGCATEGORY_SECURECHANNEL,
    197. 

  197.                      "Sending OPN message failed with error %s", UA_StatusCode_name(retval));
    198. 

  198.         UA_Client_close(client);
    199. 

  199.         return retval;
    200. 

  200.     }
    201. 

  201. 

  202.     UA_LOG_DEBUG(client->config.logger, UA_LOGCATEGORY_SECURECHANNEL, "OPN message sent");
    203. 

  203. 

  204.     /* Receive / decrypt / decode the OPN response. Process async services in
    205. 

  205.      * the background until the OPN response arrives. */
    206. 

  206.     UA_OpenSecureChannelResponse response;
    207. 

  207.     retval = receiveServiceResponse(client, &response,
    208. 

  208.                                     &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE],
    209. 

  209.                                     UA_DateTime_nowMonotonic() +
    210. 

  210.                                     ((UA_DateTime)client->config.timeout * UA_DATETIME_MSEC),
    211. 

  211.                                     &requestId);
    212. 

  212. 

  213.     if(retval != UA_STATUSCODE_GOOD) {
    214. 

  214.         UA_Client_close(client);
    215. 

  215.         return retval;
    216. 

  216.     }
    217. 

  217. 

  218.     processDecodedOPNResponse(client, &response);
    219. 

  219.     UA_OpenSecureChannelResponse_deleteMembers(&response);
    220. 

  220.     return retval;
    221. 

  221. }
    222. 

  222. 

  223. /* Function to verify the signature corresponds to ClientNonce
    224. 

  224.  * using the local certificate.
    225. 

  225.  *
    226. 

  226.  * @param  channel      current channel in which the client runs
    227. 

  227.  * @param  response     create session response from the server
    228. 

  228.  * @return Returns an error code or UA_STATUSCODE_GOOD. */
    229. 

  229. static UA_StatusCode
    230. 

  230. checkClientSignature(const UA_SecureChannel *channel, const UA_CreateSessionResponse *response) {
    231. 

  231.     if(channel == NULL || response == NULL)
    232. 

  232.         return UA_STATUSCODE_BADINTERNALERROR;
    233. 

  233. 

  234.     if(channel->securityMode != UA_MESSAGESECURITYMODE_SIGN &&
    235. 

  235.        channel->securityMode != UA_MESSAGESECURITYMODE_SIGNANDENCRYPT)
    236. 

  236.         return UA_STATUSCODE_GOOD;
    237. 

  237. 

  238.     if(!channel->securityPolicy)
    239. 

  239.         return UA_STATUSCODE_BADINTERNALERROR;
    240. 

  240. 

  241.     const UA_SecurityPolicy* securityPolicy   = channel->securityPolicy;
    242. 

  242.     const UA_ByteString*     localCertificate = &securityPolicy->localCertificate;
    243. 

  243. 

  244.     size_t dataToVerifySize = localCertificate->length + channel->localNonce.length;
    245. 

  245.     UA_ByteString dataToVerify = UA_BYTESTRING_NULL;
    246. 

  246.     UA_StatusCode retval = UA_ByteString_allocBuffer(&dataToVerify, dataToVerifySize);
    247. 

  247.     if(retval != UA_STATUSCODE_GOOD)
    248. 

  248.         return retval;
    249. 

  249. 

  250.     memcpy(dataToVerify.data, localCertificate->data, localCertificate->length);
    251. 

  251.     memcpy(dataToVerify.data + localCertificate->length,
    252. 

  252.            channel->localNonce.data, channel->localNonce.length);
    253. 

  253. 

  254.     retval = securityPolicy->
    255. 

  255.              certificateSigningAlgorithm.verify(securityPolicy,
    256. 

  256.                                                 channel->channelContext,
    257. 

  257.                                                 &dataToVerify,
    258. 

  258.                                                 &response->serverSignature.signature);
    259. 

  259.     UA_ByteString_deleteMembers(&dataToVerify);
    260. 

  260.     return retval;
    261. 

  261. }
    262. 

  262. 

  263. /* Function to create a signature using remote certificate and nonce
    264. 

  264.  *
    265. 

  265.  * @param  channel      current channel in which the client runs
    266. 

  266.  * @param  request      activate session request message to server
    267. 

  267.  * @return Returns an error or UA_STATUSCODE_GOOD */
    268. 

  268. static UA_StatusCode
    269. 

  269. signActivateSessionRequest(UA_SecureChannel *channel,
    270. 

  270.                            UA_ActivateSessionRequest *request) {
    271. 

  271.     if(channel == NULL || request == NULL)
    272. 

  272.         return UA_STATUSCODE_BADINTERNALERROR;
    273. 

  273. 

  274.     if(channel->securityMode != UA_MESSAGESECURITYMODE_SIGN &&
    275. 

  275.        channel->securityMode != UA_MESSAGESECURITYMODE_SIGNANDENCRYPT)
    276. 

  276.         return UA_STATUSCODE_GOOD;
    277. 

  277. 

  278.     const UA_SecurityPolicy *const securityPolicy = channel->securityPolicy;
    279. 

  279.     UA_SignatureData *signatureData = &request->clientSignature;
    280. 

  280. 

  281.     /* Prepare the signature */
    282. 

  282.     size_t signatureSize = securityPolicy->certificateSigningAlgorithm.
    283. 

  283.                            getLocalSignatureSize(securityPolicy, channel->channelContext);
    284. 

  284.     UA_StatusCode retval = UA_String_copy(&securityPolicy->certificateSigningAlgorithm.uri,
    285. 

  285.                                           &signatureData->algorithm);
    286. 

  286.     if(retval != UA_STATUSCODE_GOOD)
    287. 

  287.         return retval;
    288. 

  288. 

  289.     retval = UA_ByteString_allocBuffer(&signatureData->signature, signatureSize);
    290. 

  290.     if(retval != UA_STATUSCODE_GOOD)
    291. 

  291.         return retval;
    292. 

  292. 

  293.     /* Allocate a temporary buffer */
    294. 

  294.     size_t dataToSignSize = channel->remoteCertificate.length + channel->remoteNonce.length;
    295. 

  295.     /* Prevent stack-smashing. TODO: Compute MaxSenderCertificateSize */
    296. 

  296.     if(dataToSignSize > MAX_DATA_SIZE)
    297. 

  297.         return UA_STATUSCODE_BADINTERNALERROR;
    298. 

  298. 

  299.     UA_ByteString dataToSign;
    300. 

  300.     retval = UA_ByteString_allocBuffer(&dataToSign, dataToSignSize);
    301. 

  301.     if(retval != UA_STATUSCODE_GOOD)
    302. 

  302.         return retval; /* signatureData->signature is cleaned up with the response */
    303. 

  303. 

  304.     /* Sign the signature */
    305. 

  305.     memcpy(dataToSign.data, channel->remoteCertificate.data, channel->remoteCertificate.length);
    306. 

  306.     memcpy(dataToSign.data + channel->remoteCertificate.length,
    307. 

  307.            channel->remoteNonce.data, channel->remoteNonce.length);
    308. 

  308.     retval = securityPolicy->certificateSigningAlgorithm.
    309. 

  309.              sign(securityPolicy, channel->channelContext, &dataToSign,
    310. 

  310.                   &signatureData->signature);
    311. 

  311. 

  312.     /* Clean up */
    313. 

  313.     UA_ByteString_deleteMembers(&dataToSign);
    314. 

  314.     return retval;
    315. 

  315. }
    316. 

  316. 

  317. static UA_StatusCode
    318. 

  318. activateSession(UA_Client *client) {
    319. 

  319.     UA_ActivateSessionRequest request;
    320. 

  320.     UA_ActivateSessionRequest_init(&request);
    321. 

  321.     request.requestHeader.requestHandle = ++client->requestHandle;
    322. 

  322.     request.requestHeader.timestamp = UA_DateTime_now();
    323. 

  323.     request.requestHeader.timeoutHint = 600000;
    324. 

  324. 

  325.     //manual ExtensionObject encoding of the identityToken
    326. 

  326.     if(client->authenticationMethod == UA_CLIENTAUTHENTICATION_NONE) {
    327. 

  327.         UA_AnonymousIdentityToken* identityToken = UA_AnonymousIdentityToken_new();
    328. 

  328.         UA_AnonymousIdentityToken_init(identityToken);
    329. 

  329.         UA_String_copy(&client->token.policyId, &identityToken->policyId);
    330. 

  330.         request.userIdentityToken.encoding = UA_EXTENSIONOBJECT_DECODED;
    331. 

  331.         request.userIdentityToken.content.decoded.type = &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN];
    332. 

  332.         request.userIdentityToken.content.decoded.data = identityToken;
    333. 

  333.     } else {
    334. 

  334.         UA_UserNameIdentityToken* identityToken = UA_UserNameIdentityToken_new();
    335. 

  335.         UA_UserNameIdentityToken_init(identityToken);
    336. 

  336.         UA_String_copy(&client->token.policyId, &identityToken->policyId);
    337. 

  337.         UA_String_copy(&client->username, &identityToken->userName);
    338. 

  338.         UA_String_copy(&client->password, &identityToken->password);
    339. 

  339.         request.userIdentityToken.encoding = UA_EXTENSIONOBJECT_DECODED;
    340. 

  340.         request.userIdentityToken.content.decoded.type = &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN];
    341. 

  341.         request.userIdentityToken.content.decoded.data = identityToken;
    342. 

  342.     }
    343. 

  343. 

  344.     /* This function call is to prepare a client signature */
    345. 

  345.     if(client->channel.securityMode == UA_MESSAGESECURITYMODE_SIGN ||
    346. 

  346.        client->channel.securityMode == UA_MESSAGESECURITYMODE_SIGNANDENCRYPT) {
    347. 

  347.         signActivateSessionRequest(&client->channel, &request);
    348. 

  348.     }
    349. 

  349. 

  350.     UA_ActivateSessionResponse response;
    351. 

  351.     __UA_Client_Service(client, &request, &UA_TYPES[UA_TYPES_ACTIVATESESSIONREQUEST],
    352. 

  352.                         &response, &UA_TYPES[UA_TYPES_ACTIVATESESSIONRESPONSE]);
    353. 

  353. 

  354.     if(response.responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
    355. 

  355.         UA_LOG_ERROR(client->config.logger, UA_LOGCATEGORY_CLIENT,
    356. 

  356.                      "ActivateSession failed with error code %s",
    357. 

  357.                      UA_StatusCode_name(response.responseHeader.serviceResult));
    358. 

  358.     }
    359. 

  359. 

  360.     UA_StatusCode retval = response.responseHeader.serviceResult;
    361. 

  361.     UA_ActivateSessionRequest_deleteMembers(&request);
    362. 

  362.     UA_ActivateSessionResponse_deleteMembers(&response);
    363. 

  363.     return retval;
    364. 

  364. }
    365. 

  365. 

  366. /* Gets a list of endpoints. Memory is allocated for endpointDescription array */
    367. 

  367. UA_StatusCode
    368. 

  368. UA_Client_getEndpointsInternal(UA_Client *client, size_t* endpointDescriptionsSize,
    369. 

  369.                                UA_EndpointDescription** endpointDescriptions) {
    370. 

  370.     UA_GetEndpointsRequest request;
    371. 

  371.     UA_GetEndpointsRequest_init(&request);
    372. 

  372.     request.requestHeader.timestamp = UA_DateTime_now();
    373. 

  373.     request.requestHeader.timeoutHint = 10000;
    374. 

  374.     // assume the endpointurl outlives the service call
    375. 

  375.     request.endpointUrl = client->endpointUrl;
    376. 

  376. 

  377.     UA_GetEndpointsResponse response;
    378. 

  378.     __UA_Client_Service(client, &request, &UA_TYPES[UA_TYPES_GETENDPOINTSREQUEST],
    379. 

  379.                         &response, &UA_TYPES[UA_TYPES_GETENDPOINTSRESPONSE]);
    380. 

  380. 

  381.     if(response.responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
    382. 

  382.         UA_StatusCode retval = response.responseHeader.serviceResult;
    383. 

  383.         UA_LOG_ERROR(client->config.logger, UA_LOGCATEGORY_CLIENT,
    384. 

  384.                      "GetEndpointRequest failed with error code %s",
    385. 

  385.                      UA_StatusCode_name(retval));
    386. 

  386.         UA_GetEndpointsResponse_deleteMembers(&response);
    387. 

  387.         return retval;
    388. 

  388.     }
    389. 

  389.     *endpointDescriptions = response.endpoints;
    390. 

  390.     *endpointDescriptionsSize = response.endpointsSize;
    391. 

  391.     response.endpoints = NULL;
    392. 

  392.     response.endpointsSize = 0;
    393. 

  393.     UA_GetEndpointsResponse_deleteMembers(&response);
    394. 

  394.     return UA_STATUSCODE_GOOD;
    395. 

  395. }
    396. 

  396. 

  397. static UA_StatusCode
    398. 

  398. getEndpoints(UA_Client *client) {
    399. 

  399.     UA_EndpointDescription* endpointArray = NULL;
    400. 

  400.     size_t endpointArraySize = 0;
    401. 

  401.     UA_StatusCode retval =
    402. 

  402.         UA_Client_getEndpointsInternal(client, &endpointArraySize, &endpointArray);
    403. 

  403.     if(retval != UA_STATUSCODE_GOOD)
    404. 

  404.         return retval;
    405. 

  405. 

  406.     UA_Boolean endpointFound = false;
    407. 

  407.     UA_Boolean tokenFound = false;
    408. 

  408.     UA_String securityNone = UA_STRING("http://opcfoundation.org/UA/SecurityPolicy#None");
    409. 

  409.     UA_String binaryTransport = UA_STRING("http://opcfoundation.org/UA-Profile/"
    410. 

  410.                                           "Transport/uatcp-uasc-uabinary");
    411. 

  411. 

  412.     // TODO: compare endpoint information with client->endpointUri
    413. 

  413.     for(size_t i = 0; i < endpointArraySize; ++i) {
    414. 

  414.         UA_EndpointDescription* endpoint = &endpointArray[i];
    415. 

  415.         /* look out for binary transport endpoints */
    416. 

  416.         /* Note: Siemens returns empty ProfileUrl, we will accept it as binary */
    417. 

  417.         if(endpoint->transportProfileUri.length != 0 &&
    418. 

  418.            !UA_String_equal(&endpoint->transportProfileUri, &binaryTransport))
    419. 

  419.             continue;
    420. 

  420. 

  421.         /* look for an endpoint corresponding to the client security policy */
    422. 

  422.         if(!UA_String_equal(&endpoint->securityPolicyUri, &client->securityPolicy.policyUri))
    423. 

  423.             continue;
    424. 

  424. 

  425.         endpointFound = true;
    426. 

  426. 

  427.         /* look for a user token policy with an anonymous token */
    428. 

  428.         for(size_t j = 0; j < endpoint->userIdentityTokensSize; ++j) {
    429. 

  429.             UA_UserTokenPolicy* userToken = &endpoint->userIdentityTokens[j];
    430. 

  430. 

  431.             /* Usertokens also have a security policy... */
    432. 

  432.             if(userToken->securityPolicyUri.length > 0 &&
    433. 

  433.                !UA_String_equal(&userToken->securityPolicyUri, &securityNone))
    434. 

  434.                 continue;
    435. 

  435. 

  436.             /* UA_CLIENTAUTHENTICATION_NONE == UA_USERTOKENTYPE_ANONYMOUS
    437. 

  437.              * UA_CLIENTAUTHENTICATION_USERNAME == UA_USERTOKENTYPE_USERNAME
    438. 

  438.              * TODO: Check equivalence for other types when adding the support */
    439. 

  439.             if((int)client->authenticationMethod != (int)userToken->tokenType)
    440. 

  440.                 continue;
    441. 

  441. 

  442.             /* Endpoint with matching usertokenpolicy found */
    443. 

  443.             tokenFound = true;
    444. 

  444.             UA_UserTokenPolicy_deleteMembers(&client->token);
    445. 

  445.             UA_UserTokenPolicy_copy(userToken, &client->token);
    446. 

  446.             break;
    447. 

  447.         }
    448. 

  448.     }
    449. 

  449. 

  450.     UA_Array_delete(endpointArray, endpointArraySize,
    451. 

  451.                     &UA_TYPES[UA_TYPES_ENDPOINTDESCRIPTION]);
    452. 

  452. 

  453.     if(!endpointFound) {
    454. 

  454.         UA_LOG_ERROR(client->config.logger, UA_LOGCATEGORY_CLIENT,
    455. 

  455.                      "No suitable endpoint found");
    456. 

  456.         retval = UA_STATUSCODE_BADINTERNALERROR;
    457. 

  457.     } else if(!tokenFound) {
    458. 

  458.         UA_LOG_ERROR(client->config.logger, UA_LOGCATEGORY_CLIENT,
    459. 

  459.                      "No suitable UserTokenPolicy found for the possible endpoints");
    460. 

  460.         retval = UA_STATUSCODE_BADINTERNALERROR;
    461. 

  461.     }
    462. 

  462.     return retval;
    463. 

  463. }
    464. 

  464. 

  465. static UA_StatusCode
    466. 

  466. createSession(UA_Client *client) {
    467. 

  467.     UA_CreateSessionRequest request;
    468. 

  468.     UA_CreateSessionRequest_init(&request);
    469. 

  469.     UA_StatusCode retval = UA_STATUSCODE_GOOD;
    470. 

  470. 

  471.     if(client->channel.securityMode == UA_MESSAGESECURITYMODE_SIGN ||
    472. 

  472.        client->channel.securityMode == UA_MESSAGESECURITYMODE_SIGNANDENCRYPT) {
    473. 

  473.         if(client->channel.localNonce.length != UA_SESSION_LOCALNONCELENGTH) {
    474. 

  474.            UA_ByteString_deleteMembers(&client->channel.localNonce);
    475. 

  475.             retval = UA_ByteString_allocBuffer(&client->channel.localNonce,
    476. 

  476.                                                UA_SESSION_LOCALNONCELENGTH);
    477. 

  477.             if(retval != UA_STATUSCODE_GOOD)
    478. 

  478.                return retval;
    479. 

  479.         }
    480. 

  480. 

  481.         retval = client->channel.securityPolicy->symmetricModule.
    482. 

  482.                  generateNonce(client->channel.securityPolicy, &client->channel.localNonce);
    483. 

  483.         if(retval != UA_STATUSCODE_GOOD)
    484. 

  484.             return retval;
    485. 

  485.     }
    486. 

  486. 

  487.     request.requestHeader.timestamp = UA_DateTime_now();
    488. 

  488.     request.requestHeader.timeoutHint = 10000;
    489. 

  489.     UA_ByteString_copy(&client->channel.localNonce, &request.clientNonce);
    490. 

  490.     request.requestedSessionTimeout = 1200000;
    491. 

  491.     request.maxResponseMessageSize = UA_INT32_MAX;
    492. 

  492.     UA_String_copy(&client->endpointUrl, &request.endpointUrl);
    493. 

  493. 

  494.     if(client->channel.securityMode == UA_MESSAGESECURITYMODE_SIGN ||
    495. 

  495.        client->channel.securityMode == UA_MESSAGESECURITYMODE_SIGNANDENCRYPT) {
    496. 

  496.         UA_ByteString_copy(&client->channel.securityPolicy->localCertificate,
    497. 

  497.                            &request.clientCertificate);
    498. 

  498.     }
    499. 

  499. 

  500.     UA_CreateSessionResponse response;
    501. 

  501.     __UA_Client_Service(client, &request, &UA_TYPES[UA_TYPES_CREATESESSIONREQUEST],
    502. 

  502.                         &response, &UA_TYPES[UA_TYPES_CREATESESSIONRESPONSE]);
    503. 

  503. 

  504.     if(response.responseHeader.serviceResult == UA_STATUSCODE_GOOD &&
    505. 

  505.         (client->channel.securityMode == UA_MESSAGESECURITYMODE_SIGN ||
    506. 

  506.          client->channel.securityMode == UA_MESSAGESECURITYMODE_SIGNANDENCRYPT)) {
    507. 

  507.         UA_ByteString_deleteMembers(&client->channel.remoteNonce);
    508. 

  508.         UA_ByteString_copy(&response.serverNonce, &client->channel.remoteNonce);
    509. 

  509. 

  510.         if(!UA_ByteString_equal(&response.serverCertificate,
    511. 

  511.                                 &client->channel.remoteCertificate)) {
    512. 

  512.             return UA_STATUSCODE_BADCERTIFICATEINVALID;
    513. 

  513.         }
    514. 

  514. 

  515.         /* Verify the client signature */
    516. 

  516.         retval = checkClientSignature(&client->channel, &response);
    517. 

  517.         if(retval != UA_STATUSCODE_GOOD)
    518. 

  518.             return retval;
    519. 

  519.     }
    520. 

  520. 

  521.     UA_NodeId_copy(&response.authenticationToken, &client->authenticationToken);
    522. 

  522. 

  523.     retval = response.responseHeader.serviceResult;
    524. 

  524.     UA_CreateSessionRequest_deleteMembers(&request);
    525. 

  525.     UA_CreateSessionResponse_deleteMembers(&response);
    526. 

  526.     return retval;
    527. 

  527. }
    528. 

  528. 

  529. UA_StatusCode
    530. 

  530. UA_Client_connectInternal(UA_Client *client, const char *endpointUrl,
    531. 

  531.                           UA_Boolean endpointsHandshake, UA_Boolean createNewSession) {
    532. 

  532.     if(client->state >= UA_CLIENTSTATE_CONNECTED)
    533. 

  533.         return UA_STATUSCODE_GOOD;
    534. 

  534.     UA_ChannelSecurityToken_init(&client->channel.securityToken);
    535. 

  535.     client->channel.state = UA_SECURECHANNELSTATE_FRESH;
    536. 

  536. 

  537.     UA_StatusCode retval = UA_STATUSCODE_GOOD;
    538. 

  538.     client->connection =
    539. 

  539.         client->config.connectionFunc(client->config.localConnectionConfig,
    540. 

  540.                                       endpointUrl, client->config.timeout,
    541. 

  541.                                       client->config.logger);
    542. 

  542.     if(client->connection.state != UA_CONNECTION_OPENING) {
    543. 

  543.         retval = UA_STATUSCODE_BADCONNECTIONCLOSED;
    544. 

  544.         goto cleanup;
    545. 

  545.     }
    546. 

  546. 

  547.     UA_String_deleteMembers(&client->endpointUrl);
    548. 

  548.     client->endpointUrl = UA_STRING_ALLOC(endpointUrl);
    549. 

  549.     if(!client->endpointUrl.data) {
    550. 

  550.         retval = UA_STATUSCODE_BADOUTOFMEMORY;
    551. 

  551.         goto cleanup;
    552. 

  552.     }
    553. 

  553. 

  554.     /* Local nonce set and generate sym keys */
    555. 

  555.     retval |= UA_SecureChannel_generateLocalNonce(&client->channel);
    556. 

  556. 

  557.     if(retval != UA_STATUSCODE_GOOD)
    558. 

  558.         return retval;
    559. 

  559. 

  560.     /* Open a TCP connection */
    561. 

  561.     client->connection.localConf = client->config.localConnectionConfig;
    562. 

  562.     retval = HelAckHandshake(client);
    563. 

  563.     if(retval != UA_STATUSCODE_GOOD)
    564. 

  564.         goto cleanup;
    565. 

  565.     setClientState(client, UA_CLIENTSTATE_CONNECTED);
    566. 

  566. 

  567.     /* Open a SecureChannel. TODO: Select with endpoint  */
    568. 

  568.     client->channel.connection = &client->connection;
    569. 

  569.     retval = openSecureChannel(client, false);
    570. 

  570.     if(retval != UA_STATUSCODE_GOOD)
    571. 

  571.         goto cleanup;
    572. 

  572.     setClientState(client, UA_CLIENTSTATE_SECURECHANNEL);
    573. 

  573. 

  574.     /* Delete async service. TODO: Move this from connect to the disconnect/cleanup phase */
    575. 

  575.     UA_Client_AsyncService_removeAll(client, UA_STATUSCODE_BADSHUTDOWN);
    576. 

  576. 

  577. #ifdef UA_ENABLE_SUBSCRIPTIONS
    578. 

  578.     client->currentlyOutStandingPublishRequests = 0;
    579. 

  579. #endif
    580. 

  580. 

  581. // TODO: actually, reactivate an existing session is working, but currently republish is not implemented
    582. 

  582. // This option is disabled until we have a good implementation of the subscription recovery.
    583. 

  583. 

  584. #ifdef UA_SESSION_RECOVERY
    585. 

  585.     /* Try to activate an existing Session for this SecureChannel */
    586. 

  586.     if((!UA_NodeId_equal(&client->authenticationToken, &UA_NODEID_NULL)) && (createNewSession)) {
    587. 

  587.         retval = activateSession(client);
    588. 

  588.         if(retval == UA_STATUSCODE_BADSESSIONIDINVALID) {
    589. 

  589.             /* Could not recover an old session. Remove authenticationToken */
    590. 

  590.             UA_NodeId_deleteMembers(&client->authenticationToken);
    591. 

  591.         } else {
    592. 

  592.             if(retval != UA_STATUSCODE_GOOD)
    593. 

  593.                 goto cleanup;
    594. 

  594.             setClientState(client, UA_CLIENTSTATE_SESSION_RENEWED);
    595. 

  595.             return retval;
    596. 

  596.         }
    597. 

  597.     } else {
    598. 

  598.         UA_NodeId_deleteMembers(&client->authenticationToken);
    599. 

  599.     }
    600. 

  600. #else
    601. 

  601.     UA_NodeId_deleteMembers(&client->authenticationToken);
    602. 

  602. #endif /* UA_SESSION_RECOVERY */
    603. 

  603. 

  604.     /* Generate new local and remote key */
    605. 

  605.     retval |= UA_SecureChannel_generateNewKeys(&client->channel);
    606. 

  606.     if(retval != UA_STATUSCODE_GOOD)
    607. 

  607.         return retval;
    608. 

  608. 

  609.     /* Get Endpoints */
    610. 

  610.     if(endpointsHandshake) {
    611. 

  611.         retval = getEndpoints(client);
    612. 

  612.         if(retval != UA_STATUSCODE_GOOD)
    613. 

  613.             goto cleanup;
    614. 

  614.     }
    615. 

  615. 

  616.     /* Create the Session for this SecureChannel */
    617. 

  617.     if(createNewSession) {
    618. 

  618.         retval = createSession(client);
    619. 

  619.         if(retval != UA_STATUSCODE_GOOD)
    620. 

  620.             goto cleanup;
    621. 

  621. #ifdef UA_ENABLE_SUBSCRIPTIONS
    622. 

  622.         /* A new session has been created. We need to clean up the subscriptions */
    623. 

  623.         UA_Client_Subscriptions_clean(client);
    624. 

  624. #endif
    625. 

  625.         retval = activateSession(client);
    626. 

  626.         if(retval != UA_STATUSCODE_GOOD)
    627. 

  627.             goto cleanup;
    628. 

  628.         setClientState(client, UA_CLIENTSTATE_SESSION);
    629. 

  629.     }
    630. 

  630. 

  631.     return retval;
    632. 

  632. 

  633. cleanup:
    634. 

  634.     UA_Client_close(client);
    635. 

  635.     return retval;
    636. 

  636. }
    637. 

  637. 

  638. UA_StatusCode
    639. 

  639. UA_Client_connect(UA_Client *client, const char *endpointUrl) {
    640. 

  640.     return UA_Client_connectInternal(client, endpointUrl, UA_TRUE, UA_TRUE);
    641. 

  641. }
    642. 

  642. 

  643. UA_StatusCode
    644. 

  644. UA_Client_connect_noSession(UA_Client *client, const char *endpointUrl) {
    645. 

  645.     return UA_Client_connectInternal(client, endpointUrl, UA_TRUE, UA_FALSE);
    646. 

  646. }
    647. 

  647. 

  648. UA_StatusCode
    649. 

  649. UA_Client_connect_username(UA_Client *client, const char *endpointUrl,
    650. 

  650.                            const char *username, const char *password) {
    651. 

  651.     client->authenticationMethod = UA_CLIENTAUTHENTICATION_USERNAME;
    652. 

  652.     client->username = UA_STRING_ALLOC(username);
    653. 

  653.     client->password = UA_STRING_ALLOC(password);
    654. 

  654.     return UA_Client_connect(client, endpointUrl);
    655. 

  655. }
    656. 

  656. 

  657. UA_StatusCode
    658. 

  658. UA_Client_manuallyRenewSecureChannel(UA_Client *client) {
    659. 

  659.     UA_StatusCode retval = openSecureChannel(client, true);
    660. 

  660.     if(retval != UA_STATUSCODE_GOOD)
    661. 

  661.         UA_Client_close(client);
    662. 

  662. 

  663.     return retval;
    664. 

  664. }
    665. 

  665. 

  666. /************************/
    667. 

  667. /* Close the Connection */
    668. 

  668. /************************/
    669. 

  669. 

  670. static void
    671. 

  671. sendCloseSession(UA_Client *client) {
    672. 

  672.     UA_CloseSessionRequest request;
    673. 

  673.     UA_CloseSessionRequest_init(&request);
    674. 

  674. 

  675.     request.requestHeader.timestamp = UA_DateTime_now();
    676. 

  676.     request.requestHeader.timeoutHint = 10000;
    677. 

  677.     request.deleteSubscriptions = true;
    678. 

  678.     UA_CloseSessionResponse response;
    679. 

  679.     __UA_Client_Service(client, &request, &UA_TYPES[UA_TYPES_CLOSESESSIONREQUEST],
    680. 

  680.                         &response, &UA_TYPES[UA_TYPES_CLOSESESSIONRESPONSE]);
    681. 

  681.     UA_CloseSessionRequest_deleteMembers(&request);
    682. 

  682.     UA_CloseSessionResponse_deleteMembers(&response);
    683. 

  683. }
    684. 

  684. 

  685. static void
    686. 

  686. sendCloseSecureChannel(UA_Client *client) {
    687. 

  687.     UA_SecureChannel *channel = &client->channel;
    688. 

  688.     UA_CloseSecureChannelRequest request;
    689. 

  689.     UA_CloseSecureChannelRequest_init(&request);
    690. 

  690.     request.requestHeader.requestHandle = ++client->requestHandle;
    691. 

  691.     request.requestHeader.timestamp = UA_DateTime_now();
    692. 

  692.     request.requestHeader.timeoutHint = 10000;
    693. 

  693.     request.requestHeader.authenticationToken = client->authenticationToken;
    694. 

  694.     UA_SecureChannel_sendSymmetricMessage(channel, ++client->requestId,
    695. 

  695.                                           UA_MESSAGETYPE_CLO, &request,
    696. 

  696.                                           &UA_TYPES[UA_TYPES_CLOSESECURECHANNELREQUEST]);
    697. 

  697.     UA_CloseSecureChannelRequest_deleteMembers(&request);
    698. 

  698.     UA_SecureChannel_deleteMembersCleanup(&client->channel);
    699. 

  699. }
    700. 

  700. 

  701. UA_StatusCode
    702. 

  702. UA_Client_disconnect(UA_Client *client) {
    703. 

  703.     /* Is a session established? */
    704. 

  704.     if(client->state >= UA_CLIENTSTATE_SESSION) {
    705. 

  705.         client->state = UA_CLIENTSTATE_SECURECHANNEL;
    706. 

  706.         sendCloseSession(client);
    707. 

  707.     }
    708. 

  708.     UA_NodeId_deleteMembers(&client->authenticationToken);
    709. 

  709.     client->requestHandle = 0;
    710. 

  710. 

  711.     /* Is a secure channel established? */
    712. 

  712.     if(client->state >= UA_CLIENTSTATE_SECURECHANNEL) {
    713. 

  713.         client->state = UA_CLIENTSTATE_CONNECTED;
    714. 

  714.         sendCloseSecureChannel(client);
    715. 

  715.     }
    716. 

  716. 

  717.     /* Close the TCP connection */
    718. 

  718.     if(client->connection.state != UA_CONNECTION_CLOSED)
    719. 

  719.         client->connection.close(&client->connection);
    720. 

  720. 

  721. #ifdef UA_ENABLE_SUBSCRIPTIONS
    722. 

  722. // TODO REMOVE WHEN UA_SESSION_RECOVERY IS READY
    723. 

  723.         /* We need to clean up the subscriptions */
    724. 

  724.         UA_Client_Subscriptions_clean(client);
    725. 

  725. #endif
    726. 

  726. 

  727.     setClientState(client, UA_CLIENTSTATE_DISCONNECTED);
    728. 

  728.     return UA_STATUSCODE_GOOD;
    729. 

  729. }
    730. 

  730. 

  731. UA_StatusCode
    732. 

  732. UA_Client_close(UA_Client *client) {
    733. 

  733.     client->requestHandle = 0;
    734. 

  734. 

  735.     if(client->state >= UA_CLIENTSTATE_SECURECHANNEL)
    736. 

  736.         UA_SecureChannel_deleteMembersCleanup(&client->channel);
    737. 

  737. 

  738.     /* Close the TCP connection */
    739. 

  739.     if(client->connection.state != UA_CONNECTION_CLOSED)
    740. 

  740.         client->connection.close(&client->connection);
    741. 

  741. 

  742. #ifdef UA_ENABLE_SUBSCRIPTIONS
    743. 

  743. // TODO REMOVE WHEN UA_SESSION_RECOVERY IS READY
    744. 

  744.         /* We need to clean up the subscriptions */
    745. 

  745.         UA_Client_Subscriptions_clean(client);
    746. 

  746. #endif
    747. 

  747. 

  748.     setClientState(client, UA_CLIENTSTATE_DISCONNECTED);
    749. 

  749.     return UA_STATUSCODE_GOOD;
    750. 

  750. }
    751. 

  751.