Home Explore Help
Sign In
thomas
/
open62541
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 5b2b18b376
Branches Tags
open62541
/
src
/
server
/
ua_securechannel_manager.c

ua_securechannel_manager.c 8.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191 
  1. /* This Source Code Form is subject to the terms of the Mozilla Public
    2. 

  2.  * License, v. 2.0. If a copy of the MPL was not distributed with this
    3. 

  3.  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
    4. 

  4. 

  5. #include "ua_securechannel_manager.h"
    6. 

  6. #include "ua_session.h"
    7. 

  7. #include "ua_server_internal.h"
    8. 

  8. 

  9. #define STARTCHANNELID 1
    10. 

  10. #define STARTTOKENID 1
    11. 

  11. 

  12. UA_StatusCode
    13. 

  13. UA_SecureChannelManager_init(UA_SecureChannelManager *cm, UA_Server *server) {
    14. 

  14.     LIST_INIT(&cm->channels);
    15. 

  15.     cm->lastChannelId = STARTCHANNELID;
    16. 

  16.     cm->lastTokenId = STARTTOKENID;
    17. 

  17.     cm->currentChannelCount = 0;
    18. 

  18.     cm->server = server;
    19. 

  19.     return UA_STATUSCODE_GOOD;
    20. 

  20. }
    21. 

  21. 

  22. void UA_SecureChannelManager_deleteMembers(UA_SecureChannelManager *cm) {
    23. 

  23.     channel_list_entry *entry, *temp;
    24. 

  24.     LIST_FOREACH_SAFE(entry, &cm->channels, pointers, temp) {
    25. 

  25.         LIST_REMOVE(entry, pointers);
    26. 

  26.         UA_SecureChannel_deleteMembersCleanup(&entry->channel);
    27. 

  27.         UA_free(entry);
    28. 

  28.     }
    29. 

  29. }
    30. 

  30. 

  31. static void
    32. 

  32. removeSecureChannelCallback(UA_Server *server, void *entry) {
    33. 

  33.     channel_list_entry *centry = (channel_list_entry*)entry;
    34. 

  34.     UA_SecureChannel_deleteMembersCleanup(&centry->channel);
    35. 

  35.     UA_free(entry);
    36. 

  36. }
    37. 

  37. 

  38. static UA_StatusCode
    39. 

  39. removeSecureChannel(UA_SecureChannelManager *cm, channel_list_entry *entry){
    40. 

  40.     /* Add a delayed callback to remove the channel when the currently
    41. 

  41.      * scheduled jobs have completed */
    42. 

  42.     UA_StatusCode retval = UA_Server_delayedCallback(cm->server, removeSecureChannelCallback, entry);
    43. 

  43.     if(retval != UA_STATUSCODE_GOOD) {
    44. 

  44.         UA_LOG_WARNING(cm->server->config.logger, UA_LOGCATEGORY_SESSION,
    45. 

  45.                        "Could not remove the secure channel with error code %s",
    46. 

  46.                        UA_StatusCode_name(retval));
    47. 

  47.         return retval; /* Try again next time */
    48. 

  48.     }
    49. 

  49. 

  50.     /* Detach the channel and make the capacity available */
    51. 

  51.     LIST_REMOVE(entry, pointers);
    52. 

  52.     UA_atomic_add(&cm->currentChannelCount, (UA_UInt32)-1);
    53. 

  53.     return UA_STATUSCODE_GOOD;
    54. 

  54. }
    55. 

  55. 

  56. /* remove channels that were not renewed or who have no connection attached */
    57. 

  57. void
    58. 

  58. UA_SecureChannelManager_cleanupTimedOut(UA_SecureChannelManager *cm, UA_DateTime nowMonotonic) {
    59. 

  59.     channel_list_entry *entry, *temp;
    60. 

  60.     LIST_FOREACH_SAFE(entry, &cm->channels, pointers, temp) {
    61. 

  61.         UA_DateTime timeout = entry->channel.securityToken.createdAt +
    62. 

  62.             (UA_DateTime)(entry->channel.securityToken.revisedLifetime * UA_MSEC_TO_DATETIME);
    63. 

  63.         if(timeout < nowMonotonic || !entry->channel.connection) {
    64. 

  64.             UA_LOG_INFO_CHANNEL(cm->server->config.logger, &entry->channel,
    65. 

  65.                                 "SecureChannel has timed out");
    66. 

  66.             removeSecureChannel(cm, entry);
    67. 

  67.         } else if(entry->channel.nextSecurityToken.tokenId > 0) {
    68. 

  68.             UA_SecureChannel_revolveTokens(&entry->channel);
    69. 

  69.         }
    70. 

  70.     }
    71. 

  71. }
    72. 

  72. 

  73. /* remove the first channel that has no session attached */
    74. 

  74. static UA_Boolean purgeFirstChannelWithoutSession(UA_SecureChannelManager *cm) {
    75. 

  75.     channel_list_entry *entry;
    76. 

  76.     LIST_FOREACH(entry, &cm->channels, pointers) {
    77. 

  77.         if(LIST_EMPTY(&(entry->channel.sessions))){
    78. 

  78.             UA_LOG_DEBUG_CHANNEL(cm->server->config.logger, &entry->channel,
    79. 

  79.                                  "Channel was purged since maxSecureChannels was "
    80. 

  80.                                  "reached and channel had no session attached");
    81. 

  81.             removeSecureChannel(cm, entry);
    82. 

  82.             UA_assert(entry != LIST_FIRST(&cm->channels));
    83. 

  83.             return true;
    84. 

  84.         }
    85. 

  85.     }
    86. 

  86.     return false;
    87. 

  87. }
    88. 

  88. 

  89. UA_StatusCode
    90. 

  90. UA_SecureChannelManager_open(UA_SecureChannelManager *cm, UA_Connection *conn,
    91. 

  91.                              const UA_OpenSecureChannelRequest *request,
    92. 

  92.                              UA_OpenSecureChannelResponse *response) {
    93. 

  93.     if(request->securityMode != UA_MESSAGESECURITYMODE_NONE)
    94. 

  94.         return UA_STATUSCODE_BADSECURITYMODEREJECTED;
    95. 

  95. 

  96.     //check if there exists a free SC, otherwise try to purge one SC without a session
    97. 

  97.     //the purge has been introduced to pass CTT, it is not clear what strategy is expected here
    98. 

  98.     if(cm->currentChannelCount >= cm->server->config.maxSecureChannels && !purgeFirstChannelWithoutSession(cm)){
    99. 

  99.         return UA_STATUSCODE_BADOUTOFMEMORY;
    100. 

  100.     }
    101. 

  101. 

  102.     /* Set up the channel */
    103. 

  103.     channel_list_entry *entry = (channel_list_entry*)UA_malloc(sizeof(channel_list_entry));
    104. 

  104.     if(!entry)
    105. 

  105.         return UA_STATUSCODE_BADOUTOFMEMORY;
    106. 

  106.     UA_SecureChannel_init(&entry->channel);
    107. 

  107.     entry->channel.securityToken.channelId = cm->lastChannelId++;
    108. 

  108.     entry->channel.securityToken.tokenId = cm->lastTokenId++;
    109. 

  109.     entry->channel.securityToken.createdAt = UA_DateTime_now();
    110. 

  110.     entry->channel.securityToken.revisedLifetime =
    111. 

  111.         (request->requestedLifetime > cm->server->config.maxSecurityTokenLifetime) ?
    112. 

  112.         cm->server->config.maxSecurityTokenLifetime : request->requestedLifetime;
    113. 

  113.     if(entry->channel.securityToken.revisedLifetime == 0) /* lifetime 0 -> set the maximum possible */
    114. 

  114.         entry->channel.securityToken.revisedLifetime = cm->server->config.maxSecurityTokenLifetime;
    115. 

  115.     UA_ByteString_copy(&request->clientNonce, &entry->channel.clientNonce);
    116. 

  116.     entry->channel.serverAsymAlgSettings.securityPolicyUri =
    117. 

  117.         UA_STRING_ALLOC("http://opcfoundation.org/UA/SecurityPolicy#None");
    118. 

  118.     UA_SecureChannel_generateNonce(&entry->channel.serverNonce);
    119. 

  119. 

  120.     /* Set the response */
    121. 

  121.     UA_ByteString_copy(&entry->channel.serverNonce, &response->serverNonce);
    122. 

  122.     UA_ChannelSecurityToken_copy(&entry->channel.securityToken, &response->securityToken);
    123. 

  123.     response->responseHeader.timestamp = UA_DateTime_now();
    124. 

  124. 

  125.     /* Now overwrite the creation date with the internal monotonic clock */
    126. 

  126.     entry->channel.securityToken.createdAt = UA_DateTime_nowMonotonic();
    127. 

  127. 

  128.     /* Set all the pointers internally */
    129. 

  129.     UA_Connection_attachSecureChannel(conn, &entry->channel);
    130. 

  130.     LIST_INSERT_HEAD(&cm->channels, entry, pointers);
    131. 

  131.     UA_atomic_add(&cm->currentChannelCount, 1);
    132. 

  132.     return UA_STATUSCODE_GOOD;
    133. 

  133. }
    134. 

  134. 

  135. UA_StatusCode
    136. 

  136. UA_SecureChannelManager_renew(UA_SecureChannelManager *cm, UA_Connection *conn,
    137. 

  137.                               const UA_OpenSecureChannelRequest *request,
    138. 

  138.                               UA_OpenSecureChannelResponse *response) {
    139. 

  139.     UA_SecureChannel *channel = conn->channel;
    140. 

  140.     if(!channel)
    141. 

  141.         return UA_STATUSCODE_BADINTERNALERROR;
    142. 

  142. 

  143.     /* if no security token is already issued */
    144. 

  144.     if(channel->nextSecurityToken.tokenId == 0) {
    145. 

  145.         channel->nextSecurityToken.channelId = channel->securityToken.channelId;
    146. 

  146.         channel->nextSecurityToken.tokenId = cm->lastTokenId++;
    147. 

  147.         channel->nextSecurityToken.createdAt = UA_DateTime_now();
    148. 

  148.         channel->nextSecurityToken.revisedLifetime =
    149. 

  149.             (request->requestedLifetime > cm->server->config.maxSecurityTokenLifetime) ?
    150. 

  150.             cm->server->config.maxSecurityTokenLifetime : request->requestedLifetime;
    151. 

  151.         if(channel->nextSecurityToken.revisedLifetime == 0) /* lifetime 0 -> return the max lifetime */
    152. 

  152.             channel->nextSecurityToken.revisedLifetime = cm->server->config.maxSecurityTokenLifetime;
    153. 

  153.     }
    154. 

  154. 

  155.     /* invalidate the old nonce */
    156. 

  156.     if(channel->clientNonce.data)
    157. 

  157.         UA_ByteString_deleteMembers(&channel->clientNonce);
    158. 

  158. 

  159.     /* set the response */
    160. 

  160.     UA_ByteString_copy(&request->clientNonce, &channel->clientNonce);
    161. 

  161.     UA_ByteString_copy(&channel->serverNonce, &response->serverNonce);
    162. 

  162.     UA_ChannelSecurityToken_copy(&channel->nextSecurityToken, &response->securityToken);
    163. 

  163. 

  164.     /* reset the creation date to the monotonic clock */
    165. 

  165.     channel->nextSecurityToken.createdAt = UA_DateTime_nowMonotonic();
    166. 

  166. 

  167.     return UA_STATUSCODE_GOOD;
    168. 

  168. }
    169. 

  169. 

  170. UA_SecureChannel *
    171. 

  171. UA_SecureChannelManager_get(UA_SecureChannelManager *cm, UA_UInt32 channelId) {
    172. 

  172.     channel_list_entry *entry;
    173. 

  173.     LIST_FOREACH(entry, &cm->channels, pointers) {
    174. 

  174.         if(entry->channel.securityToken.channelId == channelId)
    175. 

  175.             return &entry->channel;
    176. 

  176.     }
    177. 

  177.     return NULL;
    178. 

  178. }
    179. 

  179. 

  180. UA_StatusCode
    181. 

  181. UA_SecureChannelManager_close(UA_SecureChannelManager *cm, UA_UInt32 channelId) {
    182. 

  182.     channel_list_entry *entry;
    183. 

  183.     LIST_FOREACH(entry, &cm->channels, pointers) {
    184. 

  184.         if(entry->channel.securityToken.channelId == channelId)
    185. 

  185.             break;
    186. 

  186.     }
    187. 

  187.     if(!entry)
    188. 

  188.         return UA_STATUSCODE_BADINTERNALERROR;
    189. 

  189.     return removeSecureChannel(cm, entry);
    190. 

  190. }
    191. 

  191.