"use strict";
/*global: require Buffer*/
/**
* @module opcua.server
*/
const assert = require("node-opcua-assert").assert;
const async = require("async");
const util = require("util");
const fs = require("fs");
const _ = require("underscore");
const ApplicationType = require("node-opcua-service-endpoints").ApplicationType;
const StatusCodes = require("node-opcua-status-code").StatusCodes;
const SessionContext = require("node-opcua-address-space").SessionContext;
const fromURI = require("node-opcua-secure-channel").fromURI;
const SecurityPolicy = require("node-opcua-secure-channel").SecurityPolicy;
const MessageSecurityMode = require("node-opcua-service-secure-channel").MessageSecurityMode;
const utils = require("node-opcua-utils");
const debugLog = require("node-opcua-debug").make_debugLog(__filename);
const forceGarbageCollectionOnSessionClose = false;
const ServerEngine = require("./server_engine").ServerEngine;
const browse_service = require("node-opcua-service-browse");
const read_service = require("node-opcua-service-read");
const write_service = require("node-opcua-service-write");
const historizing_service = require("node-opcua-service-history");
const subscription_service = require("node-opcua-service-subscription");
const translate_service = require("node-opcua-service-translate-browse-path");
const session_service = require("node-opcua-service-session");
const register_node_service = require("node-opcua-service-register-node");
const call_service = require("node-opcua-service-call");
const endpoints_service = require("node-opcua-service-endpoints");
const query_service = require("node-opcua-service-query");
const ServerState = require("node-opcua-common").ServerState;
const EndpointDescription = endpoints_service.EndpointDescription;
const TimestampsToReturn = read_service.TimestampsToReturn;
const ActivateSessionRequest = session_service.ActivateSessionRequest;
const ActivateSessionResponse = session_service.ActivateSessionResponse;
const CreateSessionRequest = session_service.CreateSessionRequest;
const CreateSessionResponse = session_service.CreateSessionResponse;
const CloseSessionRequest = session_service.CloseSessionRequest;
const CloseSessionResponse = session_service.CloseSessionResponse;
const DeleteMonitoredItemsRequest = subscription_service.DeleteMonitoredItemsRequest;
const DeleteMonitoredItemsResponse = subscription_service.DeleteMonitoredItemsResponse;
const RepublishRequest = subscription_service.RepublishRequest;
const RepublishResponse = subscription_service.RepublishResponse;
const PublishRequest = subscription_service.PublishRequest;
const PublishResponse = subscription_service.PublishResponse;
const CreateSubscriptionRequest = subscription_service.CreateSubscriptionRequest;
const CreateSubscriptionResponse = subscription_service.CreateSubscriptionResponse;
const DeleteSubscriptionsRequest = subscription_service.DeleteSubscriptionsRequest;
const DeleteSubscriptionsResponse = subscription_service.DeleteSubscriptionsResponse;
const TransferSubscriptionsRequest = subscription_service.TransferSubscriptionsRequest;
const TransferSubscriptionsResponse = subscription_service.TransferSubscriptionsResponse;
const CreateMonitoredItemsRequest = subscription_service.CreateMonitoredItemsRequest;
const CreateMonitoredItemsResponse = subscription_service.CreateMonitoredItemsResponse;
const ModifyMonitoredItemsRequest = subscription_service.ModifyMonitoredItemsRequest;
const ModifyMonitoredItemsResponse = subscription_service.ModifyMonitoredItemsResponse;
const MonitoredItemModifyResult = subscription_service.MonitoredItemModifyResult;
const MonitoredItemCreateResult = subscription_service.MonitoredItemCreateResult;
const SetPublishingModeRequest = subscription_service.SetPublishingModeRequest;
const SetPublishingModeResponse = subscription_service.SetPublishingModeResponse;
const CallRequest = call_service.CallRequest;
const CallResponse = call_service.CallResponse;
const ReadRequest = read_service.ReadRequest;
const ReadResponse = read_service.ReadResponse;
const WriteRequest = write_service.WriteRequest;
const WriteResponse = write_service.WriteResponse;
const ReadValueId = read_service.ReadValueId;
const HistoryReadRequest = historizing_service.HistoryReadRequest;
const HistoryReadResponse = historizing_service.HistoryReadResponse;
const BrowseRequest = browse_service.BrowseRequest;
const BrowseResponse = browse_service.BrowseResponse;
const BrowseNextRequest = browse_service.BrowseNextRequest;
const BrowseNextResponse = browse_service.BrowseNextResponse;
const RegisterNodesRequest = register_node_service.RegisterNodesRequest;
const RegisterNodesResponse = register_node_service.RegisterNodesResponse;
const UnregisterNodesRequest = register_node_service.UnregisterNodesRequest;
const UnregisterNodesResponse = register_node_service.UnregisterNodesResponse;
const TranslateBrowsePathsToNodeIdsRequest = translate_service.TranslateBrowsePathsToNodeIdsRequest;
const TranslateBrowsePathsToNodeIdsResponse = translate_service.TranslateBrowsePathsToNodeIdsResponse;
const NodeId = require("node-opcua-nodeid").NodeId;
const DataValue = require("node-opcua-data-value").DataValue;
const DataType = require("node-opcua-variant").DataType;
const AttributeIds = require("node-opcua-data-model").AttributeIds;
const MonitoredItem = require("./monitored_item").MonitoredItem;
const View = require("node-opcua-address-space").View;
const crypto = require("crypto");
const dump = require("node-opcua-debug").dump;
const OPCUAServerEndPoint = require("./server_end_point").OPCUAServerEndPoint;
const OPCUABaseServer = require("./base_server").OPCUABaseServer;
const exploreCertificate = require("node-opcua-crypto").crypto_explore_certificate.exploreCertificate;
const Factory = function Factory(engine) {
assert(_.isObject(engine));
this.engine = engine;
};
const factories = require("node-opcua-factory");
Factory.prototype.constructObject = function (id) {
return factories.constructObject(id);
};
const default_maxAllowedSessionNumber = 10;
const default_maxConnectionsPerEndpoint = 10;
function g_sendError(channel, message, ResponseClass, statusCode) {
const response = new ResponseClass({
responseHeader: {serviceResult: statusCode}
});
return channel.send_response("MSG", response, message);
}
const package_info = require("../package.json");
const default_build_info = {
productName: "NODEOPCUA-SERVER",
productUri: null, // << should be same as default_server_info.productUri?
manufacturerName: "Node-OPCUA : MIT Licence ( see http://node-opcua.github.io/)",
softwareVersion: package_info.version,
//xx buildDate: fs.statSync(package_json_file).mtime
};
const RegisterServerManager = require("./register_server_manager").RegisterServerManager;
const EventEmitter = require("events").EventEmitter;
function RegisterServerManagerHidden(options) {
}
util.inherits(RegisterServerManagerHidden,EventEmitter);
RegisterServerManagerHidden.prototype.stop = function(callback)
{
setImmediate(callback);
};
RegisterServerManagerHidden.prototype.start = function(callback)
{
setImmediate(callback);
};
RegisterServerManagerHidden.prototype.dispose = function(){
};
const _announcedOnMulticastSubnet = require("node-opcua-service-discovery")._announcedOnMulticastSubnet;
const _stop_announcedOnMulticastSubnet = require("node-opcua-service-discovery")._stop_announcedOnMulticastSubnet;
/**
*
* @param options
* @constructor
*/
function RegisterServerManagerMDNSONLY(options) {
const self = this;
self.server = options.server;
assert(self.server);
assert(self.server instanceof OPCUABaseServer);
self.bonjour = null;
}
util.inherits(RegisterServerManagerMDNSONLY,EventEmitter);
RegisterServerManagerMDNSONLY.prototype.stop = function(callback)
{
const self = this;
_stop_announcedOnMulticastSubnet.call(self);
setImmediate(function() {
self.emit("serverUnregistered");
setImmediate(callback);
});
};
RegisterServerManagerMDNSONLY.prototype.start = function(callback)
{
const self = this;
assert(self.server);
assert(self.server instanceof OPCUABaseServer);
_announcedOnMulticastSubnet.call(self,{
applicationUri: self.server.serverInfo.applicationUri,
port: self.server.endpoints[0].port,
path: "/", //<- to do
capabilities: self.server.capabilitiesForMDNS
});
setImmediate(function() {
self.emit("serverRegistered");
setImmediate(callback);
});
};
RegisterServerManagerMDNSONLY.prototype.dispose = function(){
this.server = null;
};
function _installRegisterServerManager(self)
{
assert(self instanceof OPCUAServer);
assert(!self.registerServerManager);
assert(self.registerServerMethod);
switch(self.registerServerMethod) {
case RegisterServerMethod.HIDDEN:
self.registerServerManager = new RegisterServerManagerHidden({
server: self,
});
break;
case RegisterServerMethod.MDNS:
self.registerServerManager = new RegisterServerManagerMDNSONLY({
server: self,
});
break;
case RegisterServerMethod.LDS:
self.registerServerManager = new RegisterServerManager({
server: self,
discoveryServerEndpointUrl: self.discoveryServerEndpointUrl
});
break;
default:
assert(false && "Invalid switch");
}
self.registerServerManager.on("serverRegistrationPending", function () {
/**
* emitted when the server is trying to registered the LDS
* but when the connection to the lds has failed
* serverRegistrationPending is sent when the backoff signal of the
* connection process is raised
* @event serverRegistrationPending
*/
debugLog("serverRegistrationPending");
self.emit("serverRegistrationPending");
});
self.registerServerManager.on("serverRegistered", function () {
/**
* emitted when the server is successfully registered to the LDS
* @event serverRegistered
*/
debugLog("serverRegistered");
self.emit("serverRegistered");
});
self.registerServerManager.on("serverRegistrationRenewed", function () {
/**
* emitted when the server has successfully renewed its registration to the LDS
* @event serverRegistrationRenewed
*/
debugLog("serverRegistrationRenewed");
self.emit("serverRegistrationRenewed");
});
self.registerServerManager.on("serverUnregistered", function () {
debugLog("serverUnregistered");
/**
* emitted when the server is successfully unregistered to the LDS
* ( for instance during shutdown)
* @event serverUnregistered
*/
self.emit("serverUnregistered");
});
}
const Enum = require("node-opcua-enum");
const RegisterServerMethod = new Enum({
"HIDDEN":1 , // the server doesn't expose itself to the external world
"MDNS" :2, // the server publish itself to the mDNS Multicast network directly
"LDS":3 // the server registers itself to the LDS or LDS-ME (Local Discovery Server)
});
/**
* @class OPCUAServer
* @extends OPCUABaseServer
* @uses ServerEngine
* @param options
* @param [options.defaultSecureTokenLifetime = 60000] {Number} the default secure token life time in ms.
* @param [options.timeout=10000] {Number} the HEL/ACK transaction timeout in ms. Use a large value
* ( i.e 15000 ms) for slow connections or embedded devices.
* @param [options.port= 26543] {Number} the TCP port to listen to.
* @param [options.maxAllowedSessionNumber = 10 ] the maximum number of concurrent sessions allowed.
*
* @param [options.nodeset_filename]{Array<String>|String} the nodeset.xml files to load
* @param [options.serverInfo = null] the information used in the end point description
* @param [options.serverInfo.applicationUri = "urn:NodeOPCUA-Server"] {String}
* @param [options.serverInfo.productUri = "NodeOPCUA-Server"]{String}
* @param [options.serverInfo.applicationName = {text: "applicationName"}]{LocalizedText}
* @param [options.serverInfo.gatewayServerUri = null]{String}
* @param [options.serverInfo.discoveryProfileUri= null]{String}
* @param [options.serverInfo.discoveryUrls = []]{Array<String>}
* @param [options.securityPolicies= [SecurityPolicy.None,SecurityPolicy.Basic128Rsa15,SecurityPolicy.Basic256]]
* @param [options.securityModes= [MessageSecurityMode.NONE,MessageSecurityMode.SIGN,MessageSecurityMode.SIGNANDENCRYPT]]
* @param [options.disableDiscovery = false] true if Discovery Service on unsecure channel shall be disabled
* @param [options.allowAnonymous = true] tells if the server default endpoints should allow anonymous connection.
* @param [options.userManager = null ] a object that implements user authentication methods
* @param [options.userManager.isValidUser ] synchronous function to check the credentials - can be overruled by isValidUserAsync
* @param [options.userManager.isValidUserAsync ] asynchronous function to check if the credentials - overrules isValidUser
* @param [options.userManager.getUserRole ] synchronous function to return the role of the given user
* @param [options.resourcePath=null] {String} resource Path is a string added at the end of the url such as "/UA/Server"
* @param [options.alternateHostname=null] {String} alternate hostname to use
* @param [options.maxConnectionsPerEndpoint=null]
* @param [options.serverCapabilities]
* UserNameIdentityToken is valid.
* @param [options.isAuditing = false] {Boolean} true if server shall raise AuditingEvent
*
* @param [options.registerServerMethod= RegisterServerMethod.HIDDEN] {RegisterServerMethod}
* @param [options.discoveryServerEndpointUrl = "opc.tcp://localhost:4840"]
* @param [options.capabilitiesForMDNS = ["NA"] ] {Array<String>} supported server capabilities for the Mutlicast (mDNS)
* (any of node-opcua-discovery.serverCapabilities)
*
* @constructor
*/
function OPCUAServer(options) {
options = options || {};
OPCUABaseServer.apply(this, arguments);
const self = this;
self.options = options;
/**
* @property maxAllowedSessionNumber
* @type {number}
*/
self.maxAllowedSessionNumber = options.maxAllowedSessionNumber || default_maxAllowedSessionNumber;
/**
* @property maxConnectionsPerEndpoint
* @type {number}
*/
self.maxConnectionsPerEndpoint = options.maxConnectionsPerEndpoint || default_maxConnectionsPerEndpoint;
// build Info
let buildInfo = _.clone(default_build_info);
buildInfo = _.extend(buildInfo, options.buildInfo);
// repair product name
buildInfo.productUri = buildInfo.productUri || self.serverInfo.productUri;
self.serverInfo.productUri = self.serverInfo.productUri || buildInfo.productUri;
self.serverInfo.productName = self.serverInfo.productName || buildInfo.productName;
self.engine = new ServerEngine({
buildInfo: buildInfo,
serverCapabilities: options.serverCapabilities,
applicationUri: self.serverInfo.applicationUri,
isAuditing: options.isAuditing
});
self.nonce = self.makeServerNonce();
self.protocolVersion = 0;
const port = options.port || 26543;
assert(_.isFinite(port));
self.objectFactory = new Factory(self.engine);
// todo should self.serverInfo.productUri match self.engine.buildInfo.productUri ?
/**
* @property allowAnonymous
* @type {boolean}
*/
options.allowAnonymous = (options.allowAnonymous === undefined) ? true : options.allowAnonymous;
//xx console.log(" maxConnectionsPerEndpoint = ",self.maxConnectionsPerEndpoint);
// add the tcp/ip endpoint with no security
const endPoint = new OPCUAServerEndPoint({
port: port,
defaultSecureTokenLifetime: options.defaultSecureTokenLifetime || 600000,
timeout: options.timeout || 10000,
certificateChain: self.getCertificateChain(),
privateKey: self.getPrivateKey(),
objectFactory: self.objectFactory,
serverInfo: self.serverInfo,
maxConnections: self.maxConnectionsPerEndpoint
});
endPoint.addStandardEndpointDescriptions({
securityPolicies: options.securityPolicies,
securityModes: options.securityModes,
allowAnonymous: !!options.allowAnonymous,
disableDiscovery: !!options.disableDiscovery,
resourcePath: options.resourcePath || "",
hostname: options.alternateHostname
});
self.endpoints.push(endPoint);
endPoint.on("message", function (message, channel) {
self.on_request(message, channel);
});
endPoint.on("error", function (err) {
console.log("OPCUAServer endpoint error", err);
// set serverState to ServerState.Failed;
self.engine.setServerState(ServerState.Failed);
self.shutdown(function () {
});
});
self.serverInfo.applicationType = ApplicationType.SERVER;
self.userManager = options.userManager || {};
if (!_.isFunction(self.userManager.isValidUser)) {
self.userManager.isValidUser = function (/*userName,password*/) {
return false;
};
}
self.discoveryServerEndpointUrl = options.discoveryServerEndpointUrl || "opc.tcp://localhost:4840";
assert(typeof self.discoveryServerEndpointUrl === "string");
self.capabilitiesForMDNS = options.capabilitiesForMDNS || [ "NA" ];
self.registerServerMethod = options.registerServerMethod || RegisterServerMethod.HIDDEN;
_installRegisterServerManager(self);
}
util.inherits(OPCUAServer, OPCUABaseServer);
const ObjectRegistry = require("node-opcua-object-registry").ObjectRegistry;
OPCUAServer.registry = new ObjectRegistry();
/**
* total number of bytes written by the server since startup
* @property bytesWritten
* @type {Number}
*/
OPCUAServer.prototype.__defineGetter__("bytesWritten", function () {
return this.endpoints.reduce(function (accumulated, endpoint) {
return accumulated + endpoint.bytesWritten;
}, 0);
});
/**
* total number of bytes read by the server since startup
* @property bytesRead
* @type {Number}
*/
OPCUAServer.prototype.__defineGetter__("bytesRead", function () {
return this.endpoints.reduce(function (accumulated, endpoint) {
return accumulated + endpoint.bytesRead;
}, 0);
});
/**
* Number of transactions processed by the server since startup
* @property transactionsCount
* @type {Number}
*/
OPCUAServer.prototype.__defineGetter__("transactionsCount", function () {
return this.endpoints.reduce(function (accumulated, endpoint) {
return accumulated + endpoint.transactionsCount;
}, 0);
});
/**
* The server build info
* @property buildInfo
* @type {BuildInfo}
*/
OPCUAServer.prototype.__defineGetter__("buildInfo", function () {
return this.engine.buildInfo;
});
/**
*
* the number of connected channel on all existing end points
* @property currentChannelCount
* @type {Number}
*/
OPCUAServer.prototype.__defineGetter__("currentChannelCount", function () {
// TODO : move to base
const self = this;
return self.endpoints.reduce(function (currentValue, endPoint) {
return currentValue + endPoint.currentChannelCount;
}, 0);
});
/**
* The number of active subscriptions from all sessions
* @property currentSubscriptionCount
* @type {Number}
*/
OPCUAServer.prototype.__defineGetter__("currentSubscriptionCount", function () {
const self = this;
return self.engine.currentSubscriptionCount;
});
/**
* @property rejectedSessionCount
* @type {number}
*/
OPCUAServer.prototype.__defineGetter__("rejectedSessionCount", function () {
return this.engine.rejectedSessionCount;
});
/**
* @property rejectedSessionCount
* @type {number}
*/
OPCUAServer.prototype.__defineGetter__("rejectedRequestsCount", function () {
return this.engine.rejectedRequestsCount;
});
/**
* @property sessionAbortCount
* @type {number}
*/
OPCUAServer.prototype.__defineGetter__("sessionAbortCount", function () {
return this.engine.sessionAbortCount;
});
/**
* @property publishingIntervalCount
* @type {number}
*/
OPCUAServer.prototype.__defineGetter__("publishingIntervalCount", function () {
return this.engine.publishingIntervalCount;
});
/**
* create and register a new session
* @method createSession
* @return {ServerSession}
*/
OPCUAServer.prototype.createSession = function (options) {
const self = this;
return self.engine.createSession(options);
};
/**
* the number of sessions currently active
* @property currentSessionCount
* @type {Number}
*/
OPCUAServer.prototype.__defineGetter__("currentSessionCount", function () {
return this.engine.currentSessionCount;
});
/**
* retrieve a session by authentication token
* @method getSession
*
* @param authenticationToken
* @param activeOnly search only within sessions that are not closed
*/
OPCUAServer.prototype.getSession = function (authenticationToken, activeOnly) {
const self = this;
return self.engine.getSession(authenticationToken, activeOnly);
};
/**
* true if the server has been initialized
* @property initialized
* @type {Boolean}
*
*/
OPCUAServer.prototype.__defineGetter__("initialized", function () {
const self = this;
return self.engine.addressSpace !== null;
});
/**
* Initialize the server by installing default node set.
*
* @method initialize
* @async
*
* This is a asynchronous function that requires a callback function.
* The callback function typically completes the creation of custom node
* and instruct the server to listen to its endpoints.
*
* @param {Function} done
*/
OPCUAServer.prototype.initialize = function (done) {
const self = this;
assert(!self.initialized);// already initialized ?
OPCUAServer.registry.register(self);
self.engine.initialize(self.options, function () {
self.emit("post_initialize");
done();
});
};
/**
* Initiate the server by starting all its endpoints
* @method start
* @async
* @param done {Function}
*/
OPCUAServer.prototype.start = function (done) {
const self = this;
const tasks = [];
if (!self.initialized) {
tasks.push(function (callback) {
self.initialize(callback);
});
}
tasks.push(function (callback) {
OPCUABaseServer.prototype.start.call(self, function (err) {
if (err) {
self.shutdown(function (/*err2*/) {
callback(err);
});
}
else {
// we start the registration process asynchronously
// as we want to make server immediately available
self.registerServerManager.start(function() {});
setImmediate(callback);
}
});
});
async.series(tasks, done);
};
OPCUAServer.fallbackSessionName = "Client didn't provide a meaningful sessionName ...";
/**
* shutdown all server endpoints
* @method shutdown
* @async
* @param [timeout=0] {Number} the timeout before the server is actually shutdown
* @param callback {Callback}
* @param callback.err {Error|null}
*
*
* @example
*
* // shutdown immediately
* server.shutdown(function(err) {
* });
*
* // shutdown within 10 seconds
* server.shutdown(10000,function(err) {
* });
*/
OPCUAServer.prototype.shutdown = function (timeout, callback) {
if (!callback) {
callback = timeout;
timeout = 10; // 1 second
}
assert(_.isFunction(callback));
const self = this;
debugLog("OPCUAServer#shutdown (timeout = ", timeout, ")");
assert(self.engine);
if (!self.engine.serverStatus) {
// server may have been shot down already , or may have fail to start !!
const err = new Error("OPCUAServer#shutdown failure ! server doesn't seems to be started yet");
return callback(err);
}
self.engine.setServerState(ServerState.Shutdown);
self.registerServerManager.stop(function (err) {
debugLog("OPCUServer unregistered from discovery server",err);
setTimeout(function () {
self.engine.shutdown();
debugLog("OPCUAServer#shutdown: started");
OPCUABaseServer.prototype.shutdown.call(self, function (err) {
debugLog("OPCUAServer#shutdown: completed");
self.dispose();
callback(err);
});
}, timeout);
});
};
OPCUAServer.prototype.dispose = function () {
const self = this;
self.endpoints.forEach(function (endpoint) {
endpoint.dispose();
});
self.endpoints = [];
self.removeAllListeners();
if (self.registerServerManager) {
self.registerServerManager.dispose();
self.registerServerManager = null;
}
OPCUAServer.registry.unregister(self);
};
const computeSignature = require("node-opcua-secure-channel").computeSignature;
const verifySignature = require("node-opcua-secure-channel").verifySignature;
OPCUAServer.prototype.computeServerSignature = function (channel, clientCertificate, clientNonce) {
const self = this;
return computeSignature(clientCertificate, clientNonce, self.getPrivateKey(), channel.messageBuilder.securityPolicy);
};
OPCUAServer.prototype.verifyClientSignature = function (session, channel, clientSignature) {
const self = this;
const clientCertificate = channel.receiverCertificate;
const securityPolicy = channel.messageBuilder.securityPolicy;
const serverCertificateChain = self.getCertificateChain();
const result = verifySignature(serverCertificateChain, session.nonce, clientSignature, clientCertificate, securityPolicy);
return result;
};
const minSessionTimeout = 100; // 100 milliseconds
const defaultSessionTimeout = 1000 * 30; // 30 seconds
const maxSessionTimeout = 1000 * 60 * 50; // 50 minutes
function _adjust_session_timeout(sessionTimeout) {
let revisedSessionTimeout = sessionTimeout || defaultSessionTimeout;
revisedSessionTimeout = Math.min(revisedSessionTimeout, maxSessionTimeout);
revisedSessionTimeout = Math.max(revisedSessionTimeout, minSessionTimeout);
return revisedSessionTimeout;
}
function channel_has_session(channel, session) {
if (session.channel === channel) {
assert(channel.sessionTokens.hasOwnProperty(session.authenticationToken.toString("hex")));
return true;
}
return false;
}
function moveSessionToChannel(session, channel) {
debugLog("moveSessionToChannel sessionId", session.sessionId, " channelId=", channel.secureChannelId);
if (session.publishEngine) {
session.publishEngine.cancelPendingPublishRequestBeforeChannelChange();
}
session._detach_channel();
session._attach_channel(channel);
assert(session.channel.secureChannelId === channel.secureChannelId);
}
function _attempt_to_close_some_old_unactivated_session(server) {
const session = server.engine.getOldestUnactivatedSession();
if (session) {
server.engine.closeSession(session.authenticationToken, false, "Forcing");
}
}
function onlyforUri(serverUri, endpoint) {
assert(_.isString(serverUri));
assert(endpoint instanceof EndpointDescription);
// to do ...
return serverUri === endpoint.endpointUri;
}
function getRequiredEndpointInfo(endpoint) {
assert(endpoint instanceof EndpointDescription);
// It is recommended that Servers only include the endpointUrl, securityMode,
// securityPolicyUri, userIdentityTokens, transportProfileUri and securityLevel with all
// other parameters set to null. Only the recommended parameters shall be verified by
// the client.
const e = new EndpointDescription({
endpointUrl: endpoint.endpointUrl,
securityMode: endpoint.securityMode,
securityPolicyUri: endpoint.securityPolicyUri,
userIdentityTokens: endpoint.userIdentityTokens,
transportProfileUri: endpoint.transportProfileUri,
securityLevel: endpoint.securityLevel,
});
// reduce even further by explicitly setting unwanted members to null
e.server = null;
e.serverCertificate = null;
return e;
}
// serverUri String This value is only specified if the EndpointDescription has a gatewayServerUri.
// This value is the applicationUri from the EndpointDescription which is the applicationUri for the
// underlying Server. The type EndpointDescription is defined in 7.10.
function _serverEndpointsForCreateSessionResponse(server, serverUri) {
serverUri; // unused then
// The Server shall return a set of EndpointDescriptions available for the serverUri specified in the request.
// It is recommended that Servers only include the endpointUrl, securityMode,
// securityPolicyUri, userIdentityTokens, transportProfileUri and securityLevel with all other parameters
// set to null. Only the recommended parameters shall be verified by the client.
return server._get_endpoints()
//xx .filter(onlyforUri.bind(null,serverUri)
.map(getRequiredEndpointInfo);
}
// session services
OPCUAServer.prototype._on_CreateSessionRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof CreateSessionRequest);
function rejectConnection(statusCode) {
server.engine._rejectedSessionCount += 1;
const response = new CreateSessionResponse({responseHeader: {serviceResult: statusCode}});
channel.send_response("MSG", response, message);
// and close !
}
// From OPCUA V1.03 Part 4 5.6.2 CreateSession
// A Server application should limit the number of Sessions. To protect against misbehaving Clients and denial
// of service attacks, the Server shall close the oldest Session that is not activated before reaching the
// maximum number of supported Sessions
if (server.currentSessionCount >= server.maxAllowedSessionNumber) {
_attempt_to_close_some_old_unactivated_session(server);
}
// check if session count hasn't reach the maximum allowed sessions
if (server.currentSessionCount >= server.maxAllowedSessionNumber) {
return rejectConnection(StatusCodes.BadTooManySessions);
}
// Release 1.03 OPC Unified Architecture, Part 4 page 24 - CreateSession Parameters
// client should prove a sessionName
// Session name is a Human readable string that identifies the Session. The Server makes this name and the sessionId
// visible in its AddressSpace for diagnostic purposes. The Client should provide a name that is unique for the
// instance of the Client.
// If this parameter is not specified the Server shall assign a value.
if (utils.isNullOrUndefined(request.sessionName)) {
// see also #198
// let's the server assign a sessionName for this lazy client.
debugLog("assigning OPCUAServer.fallbackSessionName because client's sessionName is null ", OPCUAServer.fallbackSessionName);
request.sessionName = OPCUAServer.fallbackSessionName;
}
// Duration Requested maximum number of milliseconds that a Session should remain open without activity.
// If the Client fails to issue a Service request within this interval, then the Server shall automatically
// terminate the Client Session.
const revisedSessionTimeout = _adjust_session_timeout(request.requestedSessionTimeout);
// Release 1.02 page 27 OPC Unified Architecture, Part 4: CreateSession.clientNonce
// A random number that should never be used in any other request. This number shall have a minimum length of 32
// bytes. Profiles may increase the required length. The Server shall use this value to prove possession of
// its application instance Certificate in the response.
if (!request.clientNonce || request.clientNonce.length < 32) {
if (channel.securityMode !== MessageSecurityMode.NONE) {
console.log("SERVER with secure connection: Missing or invalid client Nonce ".red, request.clientNonce && request.clientNonce.toString("hex"));
return rejectConnection(StatusCodes.BadNonceInvalid);
}
}
function validate_applicationUri(applicationUri, clientCertificate) {
// if session is insecure there is no need to check certificate information
if (channel.securityMode === MessageSecurityMode.NONE) {
return true; // assume correct
}
if (!clientCertificate || clientCertificate.length === 0) {
return true;// can't check
}
const e = exploreCertificate(clientCertificate);
const applicationUriFromCert = e.tbsCertificate.extensions.subjectAltName.uniformResourceIdentifier[0];
return applicationUriFromCert === applicationUri;
}
// check application spoofing
// check if applicationUri in createSessionRequest matches applicationUri in client Certificate
if (!validate_applicationUri(request.clientDescription.applicationUri, request.clientCertificate)) {
return rejectConnection(StatusCodes.BadCertificateUriInvalid);
}
function validate_security_endpoint(channel) {
let endpoints = server._get_endpoints();
// ignore restricted endpoints
endpoints = endpoints.filter(function (endpoint) {
return !endpoint.restricted;
});
const endpoints_matching_security_mode = endpoints.filter(function (e) {
return e.securityMode === channel.securityMode;
});
if (endpoints_matching_security_mode.length === 0) {
return StatusCodes.BadSecurityModeRejected;
}
const endpoints_matching_security_policy = endpoints_matching_security_mode.filter(function (e) {
return e.securityPolicyUri === channel.securityHeader.securityPolicyUri;
});
if (endpoints_matching_security_policy.length === 0) {
return StatusCodes.BadSecurityPolicyRejected;
}
return StatusCodes.Good;
}
const errStatus = validate_security_endpoint(channel);
if (errStatus !== StatusCodes.Good) {
return rejectConnection(errStatus);
}
//endpointUrl String The network address that the Client used to access the Session Endpoint. The HostName portion
// of the URL should be one of the HostNames for the application that are specified in the Server’s
// ApplicationInstanceCertificate (see 7.2). The Server shall raise an AuditUrlMismatchEventType event
// if the URL does not match the Server’s HostNames. AuditUrlMismatchEventType event type is defined in
// Part 5. The Server uses this information for diagnostics and to determine the set of
// EndpointDescriptions to return in the response.
function validate_endpointUri() {
// ToDo: check endpointUrl validity and emit an AuditUrlMismatchEventType event if not
}
validate_endpointUri();
// see Release 1.02 27 OPC Unified Architecture, Part 4
const session = server.createSession({
sessionTimeout: revisedSessionTimeout,
clientDescription: request.clientDescription
});
assert(session);
assert(session.sessionTimeout === revisedSessionTimeout);
session.clientDescription = request.clientDescription;
session.sessionName = request.sessionName;
// Depending upon on the SecurityPolicy and the SecurityMode of the SecureChannel, the exchange of
// ApplicationInstanceCertificates and Nonces may be optional and the signatures may be empty. See
// Part 7 for the definition of SecurityPolicies and the handling of these parameters
// serverNonce:
// A random number that should never be used in any other request.
// This number shall have a minimum length of 32 bytes.
// The Client shall use this value to prove possession of its application instance
// Certificate in the ActivateSession request.
// This value may also be used to prove possession of the userIdentityToken it
// specified in the ActivateSession request.
//
// ( this serverNonce will only be used up to the _on_ActivateSessionRequest
// where a new nonce will be created)
session.nonce = server.makeServerNonce();
session.secureChannelId = channel.secureChannelId;
session._attach_channel(channel);
const serverCertificateChain = server.getCertificateChain();
const hasEncryption = true;
// If the securityPolicyUri is NONE and none of the UserTokenPolicies requires encryption
if (session.channel.securityMode === MessageSecurityMode.NONE) {
// ToDo: Check that none of our unsecure endpoint has a a UserTokenPolicy that require encryption
// and set hasEncryption = false under this condition
}
const response = new CreateSessionResponse({
// A identifier which uniquely identifies the session.
sessionId: session.nodeId,
// A unique identifier assigned by the Server to the Session.
// The token used to authenticate the client in subsequent requests.
authenticationToken: session.authenticationToken,
revisedSessionTimeout: revisedSessionTimeout,
serverNonce: session.nonce,
// serverCertificate: type ApplicationServerCertificate
// The application instance Certificate issued to the Server.
// A Server shall prove possession by using the private key to sign the Nonce provided
// by the Client in the request. The Client shall verify that this Certificate is the same as
// the one it used to create the SecureChannel.
// The ApplicationInstanceCertificate type is defined in OpCUA 1.03 part 4 - $7.2 page 108
// If the securityPolicyUri is NONE and none of the UserTokenPolicies requires
// encryption, the Server shall not send an ApplicationInstanceCertificate and the Client
// shall ignore the ApplicationInstanceCertificate.
serverCertificate: hasEncryption ? serverCertificateChain : null,
// The endpoints provided by the server.
// The Server shall return a set of EndpointDescriptions available for the serverUri
// specified in the request.[...]
// The Client shall verify this list with the list from a Discovery Endpoint if it used a Discovery
// Endpoint to fetch the EndpointDescriptions.
// It is recommended that Servers only include the endpointUrl, securityMode,
// securityPolicyUri, userIdentityTokens, transportProfileUri and securityLevel with all
// other parameters set to null. Only the recommended parameters shall be verified by
// the client.
serverEndpoints: _serverEndpointsForCreateSessionResponse(server, request.serverUri),
//This parameter is deprecated and the array shall be empty.
serverSoftwareCertificates: null,
// This is a signature generated with the private key associated with the
// serverCertificate. This parameter is calculated by appending the clientNonce to the
// clientCertificate and signing the resulting sequence of bytes.
// The SignatureAlgorithm shall be the AsymmetricSignatureAlgorithm specified in the
// SecurityPolicy for the Endpoint.
// The SignatureData type is defined in 7.30.
serverSignature: server.computeServerSignature(channel, request.clientCertificate, request.clientNonce),
// The maximum message size accepted by the server
// The Client Communication Stack should return a Bad_RequestTooLarge error to the
// application if a request message exceeds this limit.
// The value zero indicates that this parameter is not used.
maxRequestMessageSize: 0x4000000
});
server.emit("create_session", session);
session.on("session_closed", function (session, deleteSubscriptions, reason) {
assert(_.isString(reason));
if (server.isAuditing) {
assert(reason === "Timeout" || reason === "Terminated" || reason === "CloseSession" || reason === "Forcing");
const sourceName = "Session/" + reason;
server.raiseEvent("AuditSessionEventType", {
/* part 5 - 6.4.3 AuditEventType */
actionTimeStamp: {dataType: "DateTime", value: new Date()},
status: {dataType: "Boolean", value: true},
serverId: {dataType: "String", value: ""},
// ClientAuditEntryId contains the human-readable AuditEntryId defined in Part 3.
clientAuditEntryId: {dataType: "String", value: ""},
// The ClientUserId identifies the user of the client requesting an action. The ClientUserId can be
// obtained from the UserIdentityToken passed in the ActivateSession call.
clientUserId: {dataType: "String", value: ""},
sourceName: {dataType: "String", value: sourceName},
/* part 5 - 6.4.7 AuditSessionEventType */
sessionId: {dataType: "NodeId", value: session.nodeId}
});
}
server.emit("session_closed", session, deleteSubscriptions);
});
if (server.isAuditing) {
// ----------------------------------------------------------------------------------------------------------------
server.raiseEvent("AuditCreateSessionEventType", {
/* part 5 - 6.4.3 AuditEventType */
actionTimeStamp: {dataType: "DateTime", value: new Date()},
status: {dataType: "Boolean", value: true},
serverId: {dataType: "String", value: ""},
// ClientAuditEntryId contains the human-readable AuditEntryId defined in Part 3.
clientAuditEntryId: {dataType: "String", value: ""},
// The ClientUserId identifies the user of the client requesting an action. The ClientUserId can be
// obtained from the UserIdentityToken passed in the ActivateSession call.
clientUserId: {dataType: "String", value: ""},
sourceName: {dataType: "String", value: "Session/CreateSession"},
/* part 5 - 6.4.7 AuditSessionEventType */
sessionId: {dataType: "NodeId", value: session.nodeId},
/* part 5 - 6.4.8 AuditCreateSessionEventType */
// SecureChannelId shall uniquely identify the SecureChannel. The application shall use the same identifier in
// all AuditEvents related to the Session Service Set (AuditCreateSessionEventType, AuditActivateSessionEventType
// and their subtypes) and the SecureChannel Service Set (AuditChannelEventType and its subtypes
secureChannelId: {dataType: "String", value: session.channel.secureChannelId.toString()},
// Duration
revisedSessionTimeout: {dataType: "Duration", value: session.sessionTimeout},
// clientCertificate
clientCertificate: {dataType: "ByteString", value: session.channel.clientCertificate},
// clientCertificateThumbprint
clientCertificateThumbprint: {dataType: "ByteString", value: thumbprint(session.channel.clientCertificate)}
});
}
// ----------------------------------------------------------------------------------------------------------------
assert(response.authenticationToken);
channel.send_response("MSG", response, message);
};
const UserNameIdentityToken = session_service.UserNameIdentityToken;
const AnonymousIdentityToken = session_service.AnonymousIdentityToken;
const getCryptoFactory = require("node-opcua-secure-channel").getCryptoFactory;
function adjustSecurityPolicy(channel, userTokenPolicy_securityPolicyUri) {
// check that userIdentityToken
let securityPolicy = fromURI(userTokenPolicy_securityPolicyUri);
// if the security policy is not specified we use the session security policy
if (securityPolicy === SecurityPolicy.Invalid) {
securityPolicy = fromURI(channel.clientSecurityHeader.securityPolicyUri);
assert(securityPolicy);
}
return securityPolicy;
}
OPCUAServer.prototype.isValidUserNameIdentityToken = function (channel, session, userTokenPolicy, userIdentityToken) {
const self = this;
assert(userIdentityToken instanceof UserNameIdentityToken);
const securityPolicy = adjustSecurityPolicy(channel, userTokenPolicy.securityPolicyUri);
const cryptoFactory = getCryptoFactory(securityPolicy);
if (!cryptoFactory) {
throw new Error(" Unsupported security Policy");
}
if (userIdentityToken.encryptionAlgorithm !== cryptoFactory.asymmetricEncryptionAlgorithm) {
console.log("invalid encryptionAlgorithm");
console.log("userTokenPolicy", userTokenPolicy.toString());
console.log("userTokenPolicy", userIdentityToken.toString());
return false;
}
const userName = userIdentityToken.userName;
const password = userIdentityToken.password;
if (!userName || !password) {
return false;
}
return true;
};
/**
* @method userNameIdentityTokenAuthenticateUser
* @param channel
* @param session
* @param userTokenPolicy
* @param userIdentityToken
* @param done {Function}
* @param done.err {Error}
* @param done.isAuthorized {Boolean}
* @return {*}
*/
OPCUAServer.prototype.userNameIdentityTokenAuthenticateUser = function (channel, session, userTokenPolicy, userIdentityToken, done) {
const self = this;
assert(userIdentityToken instanceof UserNameIdentityToken);
assert(self.isValidUserNameIdentityToken(channel, session, userTokenPolicy, userIdentityToken));
const securityPolicy = adjustSecurityPolicy(channel, userTokenPolicy.securityPolicyUri);
const serverPrivateKey = self.getPrivateKey();
const serverNonce = session.nonce;
assert(serverNonce instanceof Buffer);
const cryptoFactory = getCryptoFactory(securityPolicy);
if (!cryptoFactory) {
return done(new Error(" Unsupported security Policy"));
}
const userName = userIdentityToken.userName;
let password = userIdentityToken.password;
const buff = cryptoFactory.asymmetricDecrypt(password, serverPrivateKey);
const length = buff.readUInt32LE(0) - serverNonce.length;
password = buff.slice(4, 4 + length).toString("utf-8");
if (_.isFunction(self.userManager.isValidUserAsync)) {
self.userManager.isValidUserAsync.call(session, userName, password, done);
} else {
const authorized = self.userManager.isValidUser.call(session, userName, password);
async.setImmediate(function () {
done(null, authorized)
});
}
};
function findUserTokenByPolicy(endpoint_description, policyId) {
assert(endpoint_description instanceof EndpointDescription);
const r = _.filter(endpoint_description.userIdentityTokens, function (userIdentity) {
// assert(userIdentity instanceof UserTokenPolicy)
assert(userIdentity.tokenType);
return userIdentity.policyId === policyId;
});
return r.length === 0 ? null : r[0];
}
const UserIdentityTokenType = require("node-opcua-service-endpoints").UserIdentityTokenType;
function findUserTokenPolicy(endpoint_description, userTokenType) {
assert(endpoint_description instanceof EndpointDescription);
const r = _.filter(endpoint_description.userIdentityTokens, function (userIdentity) {
// assert(userIdentity instanceof UserTokenPolicy)
assert(userIdentity.tokenType);
return userIdentity.tokenType === userTokenType;
});
return r.length === 0 ? null : r[0];
}
function createAnonymousIdentityToken(endpoint_desc) {
assert(endpoint_desc instanceof EndpointDescription);
const userTokenPolicy = findUserTokenPolicy(endpoint_desc, UserIdentityTokenType.ANONYMOUS);
if (!userTokenPolicy) {
throw new Error("Cannot find ANONYMOUS user token policy in end point description");
}
return new AnonymousIdentityToken({policyId: userTokenPolicy.policyId});
}
OPCUAServer.prototype.isValidUserIdentityToken = function (channel, session, userIdentityToken) {
const self = this;
assert(userIdentityToken);
const endpoint_desc = channel.endpoint;
assert(endpoint_desc instanceof EndpointDescription);
const userTokenPolicy = findUserTokenByPolicy(endpoint_desc, userIdentityToken.policyId);
if (!userTokenPolicy) {
// cannot find token with this policyId
return false;
}
//
if (userIdentityToken instanceof UserNameIdentityToken) {
return self.isValidUserNameIdentityToken(channel, session, userTokenPolicy, userIdentityToken);
}
return true;
};
OPCUAServer.prototype.isUserAuthorized = function (channel, session, userIdentityToken, done) {
const self = this;
assert(userIdentityToken);
assert(_.isFunction(done));
const endpoint_desc = channel.endpoint;
assert(endpoint_desc instanceof EndpointDescription);
const userTokenPolicy = findUserTokenByPolicy(endpoint_desc, userIdentityToken.policyId);
assert(userTokenPolicy);
// find if a userToken exists
if (userIdentityToken instanceof UserNameIdentityToken) {
return self.userNameIdentityTokenAuthenticateUser(channel, session, userTokenPolicy, userIdentityToken, done);
}
async.setImmediate(done.bind(null, null, true));
};
OPCUAServer.prototype.makeServerNonce = function () {
return crypto.randomBytes(32);
};
function sameIdentityToken(token1, token2) {
if (token1 instanceof UserNameIdentityToken) {
if (!(token2 instanceof UserNameIdentityToken)) {
return false;
}
if (token1.userName !== token2.userName) {
return false;
}
if (token1.password.toString("hex") !== token2.password.toString("hex")) {
return false;
}
} else if (token1 instanceof AnonymousIdentityToken) {
if (!(token2 instanceof AnonymousIdentityToken)) {
return false;
}
if (token1.policyId !== token2.policyId) {
return false;
}
return true;
}
assert(0, " Not implemented yet");
return false;
}
function thumbprint(certificate) {
return certificate ? certificate.toString("base64") : "";
}
// TODO : implement this:
//
// When the ActivateSession Service is called for the first time then the Server shall reject the request
// if the SecureChannel is not same as the one associated with the CreateSession request.
// Subsequent calls to ActivateSession may be associated with different SecureChannels. If this is the
// case then the Server shall verify that the Certificate the Client used to create the new
// SecureChannel is the same as the Certificate used to create the original SecureChannel. In addition,
// the Server shall verify that the Client supplied a UserIdentityToken that is identical to the token
// currently associated with the Session. Once the Server accepts the new SecureChannel it shall
// reject requests sent via the old SecureChannel.
/**
*
* @method _on_ActivateSessionRequest
* @param message {Buffer}
* @param channel {ServerSecureChannelLayer}
* @private
*
*
*/
OPCUAServer.prototype._on_ActivateSessionRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof ActivateSessionRequest);
// get session from authenticationToken
const authenticationToken = request.requestHeader.authenticationToken;
const session = server.getSession(authenticationToken);
function rejectConnection(statusCode) {
server.engine._rejectedSessionCount += 1;
const response = new ActivateSessionResponse({responseHeader: {serviceResult: statusCode}});
channel.send_response("MSG", response, message);
// and close !
}
let response;
/* istanbul ignore next */
if (!session) {
// this may happen when the server has been restarted and a client tries to reconnect, thinking
// that the previous session may still be active
debugLog(" Bad Session in _on_ActivateSessionRequest".yellow.bold, authenticationToken.value.toString("hex"));
return rejectConnection(StatusCodes.BadSessionNotActivated);
}
// OpcUA 1.02 part 3 $5.6.3.1 ActiveSession Set page 29
// When the ActivateSession Service is called f or the first time then the Server shall reject the request
// if the SecureChannel is not same as the one associated with the CreateSession request.
if (session.status === "new") {
//xx if (channel.session_nonce !== session.nonce) {
if (!channel_has_session(channel, session)) {
// it looks like session activation is being using a channel that is not the
// one that have been used to create the session
console.log(" channel.sessionTokens === " + Object.keys(channel.sessionTokens).join(" "));
return rejectConnection(StatusCodes.BadSessionNotActivated);
}
}
// OpcUA 1.02 part 3 $5.6.3.1 ActiveSession Set page 29
// ... Subsequent calls to ActivateSession may be associated with different SecureChannels. If this is the
// case then the Server shall verify that the Certificate the Client used to create the new
// SecureChannel is the same as the Certificate used to create the original SecureChannel.
if (session.status === "active") {
if (session.channel.secureChannelId !== channel.secureChannelId) {
console.log(" Session is being transferred from channel",
session.channel.secureChannelId.toString().cyan,
" to channel ", channel.secureChannelId.toString().cyan);
// session is being reassigned to a new Channel,
// we shall verify that the certificate used to create the Session is the same as the current channel certificate.
const old_channel_cert_thumbprint = thumbprint(session.channel.clientCertificate);
const new_channel_cert_thumbprint = thumbprint(channel.clientCertificate);
if (old_channel_cert_thumbprint !== new_channel_cert_thumbprint) {
return rejectConnection(StatusCodes.BadNoValidCertificates); // not sure about this code !
}
// ... In addition the Server shall verify that the Client supplied a UserIdentityToken that is identical to
// the token currently associated with the Session reassign session to new channel.
if (!sameIdentityToken(session.userIdentityToken, request.userIdentityToken)) {
return rejectConnection(StatusCodes.BadIdentityChangeNotSupported); // not sure about this code !
}
}
moveSessionToChannel(session, channel);
} else if (session.status === "screwed") {
// session has been used before being activated => this should be detected and session should be dismissed.
return rejectConnection(StatusCodes.BadSessionClosed);
} else if (session.status === "closed") {
console.log(" Bad Session Closed in _on_ActivateSessionRequest".yellow.bold, authenticationToken.value.toString("hex"));
return rejectConnection(StatusCodes.BadSessionClosed);
}
// verify clientSignature provided by the client
if (!server.verifyClientSignature(session, channel, request.clientSignature, session.clientCertificate)) {
return rejectConnection(StatusCodes.BadApplicationSignatureInvalid);
}
// userIdentityToken may be missing , assume anonymous access then
request.userIdentityToken = request.userIdentityToken || createAnonymousIdentityToken(channel.endpoint);
// check request.userIdentityToken is correct ( expected type and correctly formed)
if (!server.isValidUserIdentityToken(channel, session, request.userIdentityToken)) {
return rejectConnection(StatusCodes.BadIdentityTokenInvalid);
}
session.userIdentityToken = request.userIdentityToken;
// check if user access is granted
server.isUserAuthorized(channel, session, request.userIdentityToken, function (err, authorized) {
if (err) {
return rejectConnection(StatusCodes.BadInternalError);
}
if (!authorized) {
return rejectConnection(StatusCodes.BadUserAccessDenied);
} else {
// extract : OPC UA part 4 - 5.6.3
// Once used, a serverNonce cannot be used again. For that reason, the Server returns a new
// serverNonce each time the ActivateSession Service is called.
session.nonce = server.makeServerNonce();
session.status = "active";
response = new ActivateSessionResponse({serverNonce: session.nonce});
channel.send_response("MSG", response, message);
const userIdentityTokenPasswordRemoved = function (userIdentityToken) {
const a = userIdentityToken;
// to do remove password
return a;
};
// send OPCUA Event Notification
// see part 5 : 6.4.3 AuditEventType
// 6.4.7 AuditSessionEventType
// 6.4.10 AuditActivateSessionEventType
const VariantArrayType = require("node-opcua-variant").VariantArrayType;
assert(session.nodeId); // sessionId
//xx assert(session.channel.clientCertificate instanceof Buffer);
assert(session.sessionTimeout > 0);
if (server.isAuditing) {
server.raiseEvent("AuditActivateSessionEventType", {
/* part 5 - 6.4.3 AuditEventType */
actionTimeStamp: {dataType: "DateTime", value: new Date()},
status: {dataType: "Boolean", value: true},
serverId: {dataType: "String", value: ""},
// ClientAuditEntryId contains the human-readable AuditEntryId defined in Part 3.
clientAuditEntryId: {dataType: "String", value: ""},
// The ClientUserId identifies the user of the client requesting an action. The ClientUserId can be
// obtained from the UserIdentityToken passed in the ActivateSession call.
clientUserId: {dataType: "String", value: "cc"},
sourceName: {dataType: "String", value: "Session/ActivateSession"},
/* part 5 - 6.4.7 AuditSessionEventType */
sessionId: {dataType: "NodeId", value: session.nodeId},
/* part 5 - 6.4.10 AuditActivateSessionEventType */
clientSoftwareCertificates: {
dataType: "ExtensionObject" /* SignedSoftwareCertificate */,
arrayType: VariantArrayType.Array,
value: []
},
// UserIdentityToken reflects the userIdentityToken parameter of the ActivateSession Service call.
// For Username/Password tokens the password should NOT be included.
userIdentityToken: {
dataType: "ExtensionObject" /* UserIdentityToken */,
value: userIdentityTokenPasswordRemoved(session.userIdentityToken)
},
// SecureChannelId shall uniquely identify the SecureChannel. The application shall use the same identifier
// in all AuditEvents related to the Session Service Set (AuditCreateSessionEventType,
// AuditActivateSessionEventType and their subtypes) and the SecureChannel Service Set
// (AuditChannelEventType and its subtypes).
secureChannelId: {dataType: "String", value: session.channel.secureChannelId.toString()}
});
}
}
});
};
OPCUAServer.prototype.raiseEvent = function (eventType, options) {
const self = this;
if (!self.engine.addressSpace) {
console.log("addressSpace missing");
return;
}
const server = self.engine.addressSpace.findNode("Server");
if (!server) {
//xx throw new Error("OPCUAServer#raiseEvent : cannot find Server object");
return;
}
let eventTypeNode = eventType;
if (typeof(eventType) === "string") {
eventTypeNode = self.engine.addressSpace.findEventType(eventType);
}
if (eventTypeNode) {
return server.raiseEvent(eventTypeNode, options);
} else {
console.warn(" cannot find event type ", eventType);
}
};
/**
* ensure that action is performed on a valid session object,
* @method _apply_on_SessionObject
* @param ResponseClass {Constructor} the constructor of the response Class
* @param message
* @param channel
* @param action_to_perform {Function}
* @param action_to_perform.session {ServerSession}
* @param action_to_perform.sendResponse {Function}
* @param action_to_perform.sendResponse.response {ResponseClass}
* @param action_to_perform.sendError {Function}
* @param action_to_perform.sendError.statusCode {StatusCode}
* @param action_to_perform.sendError.diagnostics {DiagnosticsInfo}
*
* @private
*/
OPCUAServer.prototype._apply_on_SessionObject = function (ResponseClass, message, channel, action_to_perform) {
assert(_.isFunction(action_to_perform));
function sendResponse(response) {
assert(response instanceof ResponseClass);
if (message.session) {
message.session.incrementRequestTotalCounter(ResponseClass.name.replace("Response", ""));
}
return channel.send_response("MSG", response, message);
}
function sendError(statusCode, diagnostics) {
if (message.session) {
message.session.incrementRequestErrorCounter(ResponseClass.name.replace("Response", ""));
}
return g_sendError(channel, message, ResponseClass, statusCode, diagnostics);
}
let response;
/* istanbul ignore next */
if (!message.session || message.session_statusCode !== StatusCodes.Good) {
const errMessage = "INVALID SESSION !! ";
response = new ResponseClass({responseHeader: {serviceResult: message.session_statusCode}});
debugLog(errMessage.red.bold, message.session_statusCode.toString().yellow, response.constructor.name);
return sendResponse(response);
}
assert(message.session_statusCode === StatusCodes.Good);
// OPC UA Specification 1.02 part 4 page 26
// When a Session is terminated, all outstanding requests on the Session are aborted and
// Bad_SessionClosed StatusCodes are returned to the Client. In addition, the Server deletes the entry
// for the Client from its SessionDiagnostics Array Variable and notifies any other Clients who were
// subscribed to this entry.
if (message.session.status === "closed") {
//note : use StatusCodes.BadSessionClosed , for pending message for this session
//xx console.log("xxxxxxxxxxxxxxxxxxxxxxxxxx message.session.status ".red.bold,message.session.status.toString().cyan);
return sendError(StatusCodes.BadSessionIdInvalid);
}
if (message.session.status !== "active") {
// mark session as being screwed ! so it cannot be activated anymore
message.session.status = "screwed";
//note : use StatusCodes.BadSessionClosed , for pending message for this session
return sendError(StatusCodes.BadSessionNotActivated);
}
// lets also reset the session watchdog so it doesn't
// (Sessions are terminated by the Server automatically if the Client fails to issue a Service request on the Session
// within the timeout period negotiated by the Server in the CreateSession Service response. )
assert(_.isFunction(message.session.keepAlive));
message.session.keepAlive();
message.session.incrementTotalRequestCount();
action_to_perform(message.session, sendResponse, sendError);
};
/**
* @method _apply_on_Subscription
* @param ResponseClass
* @param message
* @param channel
* @param action_to_perform
* @private
*/
OPCUAServer.prototype._apply_on_Subscription = function (ResponseClass, message, channel, action_to_perform) {
assert(_.isFunction(action_to_perform));
const request = message.request;
assert(request.hasOwnProperty("subscriptionId"));
this._apply_on_SessionObject(ResponseClass, message, channel, function (session, sendResponse, sendError) {
const subscription = session.getSubscription(request.subscriptionId);
if (!subscription) {
return sendError(StatusCodes.BadSubscriptionIdInvalid);
}
subscription.resetLifeTimeAndKeepAliveCounters();
action_to_perform(session, subscription, sendResponse, sendError);
});
};
/**
* @method _apply_on_SubscriptionIds
* @param ResponseClass
* @param message
* @param channel
* @param action_to_perform
* @private
*/
OPCUAServer.prototype._apply_on_SubscriptionIds = function (ResponseClass, message, channel, action_to_perform) {
assert(_.isFunction(action_to_perform));
const request = message.request;
assert(request.hasOwnProperty("subscriptionIds"));
this._apply_on_SessionObject(ResponseClass, message, channel, function (session, sendResponse, sendError) {
const subscriptionIds = request.subscriptionIds;
if (!request.subscriptionIds || request.subscriptionIds.length === 0) {
return sendError(StatusCodes.BadNothingToDo);
}
const results = subscriptionIds.map(function (subscriptionId) {
return action_to_perform(session, subscriptionId)
});
const response = new ResponseClass({
results: results
});
sendResponse(response);
});
};
/**
* @method _apply_on_Subscriptions
* @param ResponseClass
* @param message
* @param channel
* @param action_to_perform
* @private
*/
OPCUAServer.prototype._apply_on_Subscriptions = function (ResponseClass, message, channel, action_to_perform) {
this._apply_on_SubscriptionIds(ResponseClass, message, channel, function (session, subscriptionId) {
if (subscriptionId <= 0) {
return StatusCodes.BadSubscriptionIdInvalid;
}
const subscription = session.getSubscription(subscriptionId);
if (!subscription) {
return StatusCodes.BadSubscriptionIdInvalid;
}
return action_to_perform(session, subscription);
});
};
/**
* @method _on_CloseSessionRequest
* @param message
* @param channel
* @private
*/
OPCUAServer.prototype._on_CloseSessionRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof CloseSessionRequest);
let response;
message.session_statusCode = StatusCodes.Good;
function sendError(statusCode) {
return g_sendError(channel, message, CloseSessionResponse, statusCode);
}
function sendResponse(response) {
channel.send_response("MSG", response, message);
}
// do not use _apply_on_SessionObject
//this._apply_on_SessionObject(CloseSessionResponse, message, channel, function (session) {
//});
const session = message.session;
if (!session) {
return sendError(StatusCodes.BadSessionIdInvalid);
}
// session has been created but not activated !
const wasNotActivated = (session.status === "new");
server.engine.closeSession(request.requestHeader.authenticationToken, request.deleteSubscriptions, "CloseSession");
if (wasNotActivated) {
return sendError(StatusCodes.BadSessionNotActivated);
}
response = new CloseSessionResponse({});
sendResponse(response);
if (forceGarbageCollectionOnSessionClose) {
if (global.gc) {
global.gc(true);
try {
require("heapdump").writeSnapshot();
}
catch (err) {
/* */
}
}
}
};
// browse services
/**
* @method _on_BrowseRequest
* @param message
* @param channel
* @private
*/
OPCUAServer.prototype._on_BrowseRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof BrowseRequest);
const diagnostic = {};
this._apply_on_SessionObject(BrowseResponse, message, channel, function (session, sendResponse, sendError) {
let response;
// test view
if (request.view && !request.view.viewId.isEmpty()) {
//xx console.log("xxxx ",request.view.toString());
//xx console.log("xxxx NodeClas",View.prototype.nodeClass);
let theView = server.engine.addressSpace.findNode(request.view.viewId);
if (theView && theView.constructor.nodeClass !== View.prototype.nodeClass) {
// Error: theView is not a View
diagnostic.localizedText = {text: "blah"};
theView = null;
}
if (!theView) {
return sendError(StatusCodes.BadViewIdUnknown, diagnostic);
}
}
if (!request.nodesToBrowse || request.nodesToBrowse.length === 0) {
return sendError(StatusCodes.BadNothingToDo);
}
if (server.engine.serverCapabilities.operationLimits.maxNodesPerBrowse > 0) {
if (request.nodesToBrowse.length > server.engine.serverCapabilities.operationLimits.maxNodesPerBrowse) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
// ToDo: limit results to requestedMaxReferencesPerNode
const requestedMaxReferencesPerNode = request.requestedMaxReferencesPerNode;
let results = [];
assert(request.nodesToBrowse[0]._schema.name === "BrowseDescription");
results = server.engine.browse(request.nodesToBrowse, session);
assert(results[0]._schema.name === "BrowseResult");
// handle continuation point and requestedMaxReferencesPerNode
results = results.map(function (result) {
assert(!result.continuationPoint);
const r = session.continuationPointManager.register(requestedMaxReferencesPerNode, result.references);
assert(r.statusCode === StatusCodes.Good);
r.statusCode = result.statusCode;
return r;
});
response = new BrowseResponse({
results: results,
diagnosticInfos: null
});
sendResponse(response);
});
};
/**
* @method _on_BrowseNextRequest
* @param message
* @param channel
* @private
*/
OPCUAServer.prototype._on_BrowseNextRequest = function (message, channel) {
const request = message.request;
assert(request instanceof BrowseNextRequest);
this._apply_on_SessionObject(BrowseNextResponse, message, channel, function (session, sendResponse, sendError) {
let response;
if (!request.continuationPoints || request.continuationPoints.length === 0) {
return sendError(StatusCodes.BadNothingToDo);
}
// A Boolean parameter with the following values:
let results;
if (request.releaseContinuationPoints) {
//releaseContinuationPoints = TRUE
// passed continuationPoints shall be reset to free resources in
// the Server. The continuation points are released and the results
// and diagnosticInfos arrays are empty.
results = request.continuationPoints.map(function (continuationPoint) {
return session.continuationPointManager.cancel(continuationPoint);
});
} else {
// let extract data from continuation points
// releaseContinuationPoints = FALSE
// passed continuationPoints shall be used to get the next set of
// browse information.
results = request.continuationPoints.map(function (continuationPoint) {
return session.continuationPointManager.getNext(continuationPoint);
});
}
response = new BrowseNextResponse({
results: results,
diagnosticInfos: null
});
sendResponse(response);
});
};
// read services
OPCUAServer.prototype._on_ReadRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof ReadRequest);
this._apply_on_SessionObject(ReadResponse, message, channel, function (session, sendResponse, sendError) {
const context = new SessionContext({session, server});
let response;
let results = [];
const timestampsToReturn = request.timestampsToReturn;
if (timestampsToReturn === TimestampsToReturn.Invalid) {
return sendError(StatusCodes.BadTimestampsToReturnInvalid);
}
if (request.maxAge < 0) {
return sendError(StatusCodes.BadMaxAgeInvalid);
}
request.nodesToRead = request.nodesToRead || [];
if (!request.nodesToRead || request.nodesToRead.length <= 0) {
return sendError(StatusCodes.BadNothingToDo);
}
assert(request.nodesToRead[0]._schema.name === "ReadValueId");
assert(request.timestampsToReturn);
// limit size of nodesToRead array to maxNodesPerRead
if (server.engine.serverCapabilities.operationLimits.maxNodesPerRead > 0) {
if (request.nodesToRead.length > server.engine.serverCapabilities.operationLimits.maxNodesPerRead) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
// proceed with registered nodes alias resolution
for (let i = 0; i < request.nodesToRead.length; i++) {
request.nodesToRead[i].nodeId = session.resolveRegisteredNode(request.nodesToRead[i].nodeId);
}
// ask for a refresh of asynchronous variables
server.engine.refreshValues(request.nodesToRead, function (err) {
assert(!err, " error not handled here , fix me");
results = server.engine.read(context, request);
assert(results[0]._schema.name === "DataValue");
assert(results.length === request.nodesToRead.length);
response = new ReadResponse({
results: null,
diagnosticInfos: null
});
// set it here for performance
response.results = results;
assert(response.diagnosticInfos.length === 0);
sendResponse(response);
});
});
};
// read services
OPCUAServer.prototype._on_HistoryReadRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof HistoryReadRequest);
this._apply_on_SessionObject(HistoryReadResponse, message, channel, function (session, sendResponse, sendError) {
let response;
const timestampsToReturn = request.timestampsToReturn;
if (timestampsToReturn === TimestampsToReturn.Invalid) {
return sendError(StatusCodes.BadTimestampsToReturnInvalid);
}
if (request.maxAge < 0) {
return sendError(StatusCodes.BadMaxAgeInvalid);
}
request.nodesToRead = request.nodesToRead || [];
if (!request.nodesToRead || request.nodesToRead.length <= 0) {
return sendError(StatusCodes.BadNothingToDo);
}
assert(request.nodesToRead[0]._schema.name === "HistoryReadValueId");
assert(request.timestampsToReturn);
// limit size of nodesToRead array to maxNodesPerRead
if (server.engine.serverCapabilities.operationLimits.maxNodesPerRead > 0) {
if (request.nodesToRead.length > server.engine.serverCapabilities.operationLimits.maxNodesPerRead) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
// todo : handle
if (server.engine.serverCapabilities.operationLimits.maxNodesPerHistoryReadData > 0) {
if (request.nodesToRead.length > server.engine.serverCapabilities.operationLimits.maxNodesPerHistoryReadData) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
if (server.engine.serverCapabilities.operationLimits.maxNodesPerHistoryReadEvents > 0) {
if (request.nodesToRead.length > server.engine.serverCapabilities.operationLimits.maxNodesPerHistoryReadEvents) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
const context = new SessionContext({session, server});
// ask for a refresh of asynchronous variables
server.engine.refreshValues(request.nodesToRead, function (err) {
assert(!err, " error not handled here , fix me"); //TODO
server.engine.historyRead(context, request, function (err, results) {
assert(results[0]._schema.name === "HistoryReadResult");
assert(results.length === request.nodesToRead.length);
response = new HistoryReadResponse({
results: results,
diagnosticInfos: null
});
assert(response.diagnosticInfos.length === 0);
sendResponse(response);
});
});
});
};
/*
// write services
// OPCUA Specification 1.02 Part 3 : 5.10.4 Write
// This Service is used to write values to one or more Attributes of one or more Nodes. For constructed
// Attribute values whose elements are indexed, such as an array, this Service allows Clients to write
// the entire set of indexed values as a composite, to write individual elements or to write ranges of
// elements of the composite.
// The values are written to the data source, such as a device, and the Service does not return until it writes
// the values or determines that the value cannot be written. In certain cases, the Server will successfully
// to an intermediate system or Server, and will not know if the data source was updated properly. In these cases,
// the Server should report a success code that indicates that the write was not verified.
// In the cases where the Server is able to verify that it has successfully written to the data source,
// it reports an unconditional success.
*/
OPCUAServer.prototype._on_WriteRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof WriteRequest);
assert(!request.nodesToWrite || _.isArray(request.nodesToWrite));
this._apply_on_SessionObject(WriteResponse, message, channel, function (session, sendResponse, sendError) {
let response;
if (!request.nodesToWrite || request.nodesToWrite.length === 0) {
return sendError(StatusCodes.BadNothingToDo);
}
if (server.engine.serverCapabilities.operationLimits.maxNodesPerWrite > 0) {
if (request.nodesToWrite.length > server.engine.serverCapabilities.operationLimits.maxNodesPerWrite) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
// proceed with registered nodes alias resolution
for (let i = 0; i < request.nodesToWrite.length; i++) {
request.nodesToWrite[i].nodeId = session.resolveRegisteredNode(request.nodesToWrite[i].nodeId);
}
const context = new SessionContext({session, server});
assert(request.nodesToWrite[0]._schema.name === "WriteValue");
server.engine.write(context, request.nodesToWrite, function (err, results) {
assert(!err);
assert(_.isArray(results));
assert(results.length === request.nodesToWrite.length);
response = new WriteResponse({
results: results,
diagnosticInfos: null
});
sendResponse(response);
});
});
};
/*=== private
*
* perform the read operation on a given node for a monitored item.
* this method DOES NOT apply to Variable Values attribute
*
* @param self
* @param oldValue
* @param node
* @param itemToMonitor
* @private
*/
function monitoredItem_read_and_record_value(self, oldValue, node, itemToMonitor, callback) {
assert(self instanceof MonitoredItem);
assert(oldValue instanceof DataValue);
assert(itemToMonitor.attributeId === AttributeIds.Value);
const dataValue = node.readAttribute(itemToMonitor.attributeId, itemToMonitor.indexRange, itemToMonitor.dataEncoding);
callback(null, dataValue);
}
/*== private
* @method monitoredItem_read_and_record_value_async
* this method applies to Variable Values attribute
* @param self
* @param oldValue
* @param node
* @param itemToMonitor
* @private
*/
function monitoredItem_read_and_record_value_async(self, context, oldValue, node, itemToMonitor, callback) {
assert(context instanceof SessionContext);
assert(itemToMonitor.attributeId === AttributeIds.Value);
assert(self instanceof MonitoredItem);
assert(oldValue instanceof DataValue);
// do it asynchronously ( this is only valid for value attributes )
assert(itemToMonitor.attributeId === AttributeIds.Value);
node.readValueAsync(context, function (err, dataValue) {
callback(err, dataValue);
});
}
function build_scanning_node_function(context, addressSpace, monitoredItem, itemToMonitor) {
//assert(addressSpace instanceof AddressSpace);
assert(context instanceof SessionContext);
assert(addressSpace.constructor.name === "AddressSpace");
assert(itemToMonitor instanceof ReadValueId);
const node = addressSpace.findNode(itemToMonitor.nodeId);
/* istanbul ignore next */
if (!node) {
console.log(" INVALID NODE ID , ", itemToMonitor.nodeId.toString());
dump(itemToMonitor);
return function (oldData, callback) {
callback(null, new DataValue({
statusCode: StatusCodes.BadNodeIdUnknown,
value: {dataType: DataType.Null, value: 0}
}));
};
}
/////!!monitoredItem.setNode(node);
if (itemToMonitor.attributeId === AttributeIds.Value) {
const monitoredItem_read_and_record_value_func =
(itemToMonitor.attributeId === AttributeIds.Value && _.isFunction(node.readValueAsync)) ?
monitoredItem_read_and_record_value_async :
monitoredItem_read_and_record_value;
return function (oldDataValue, callback) {
assert(this instanceof MonitoredItem);
assert(oldDataValue instanceof DataValue);
assert(_.isFunction(callback));
monitoredItem_read_and_record_value_func(this, context, oldDataValue, node, itemToMonitor, callback);
};
} else {
// Attributes, other than the Value Attribute, are only monitored for a change in value.
// The filter is not used for these Attributes. Any change in value for these Attributes
// causes a Notification to be generated.
// only record value when it has changed
return function (oldDataValue, callback) {
const self = this;
assert(self instanceof MonitoredItem);
assert(oldDataValue instanceof DataValue);
assert(_.isFunction(callback));
const newDataValue = node.readAttribute(itemToMonitor.attributeId);
callback(null, newDataValue);
};
}
}
function prepareMonitoredItem(context, addressSpace, monitoredItem) {
const itemToMonitor = monitoredItem.itemToMonitor;
const readNodeFunc = build_scanning_node_function(context, addressSpace, monitoredItem, itemToMonitor);
monitoredItem.samplingFunc = readNodeFunc;
}
OPCUAServer.MAX_SUBSCRIPTION = 50;
// subscription services
OPCUAServer.prototype._on_CreateSubscriptionRequest = function (message, channel) {
const server = this;
const engine = server.engine;
const addressSpace = engine.addressSpace;
const request = message.request;
assert(request instanceof CreateSubscriptionRequest);
this._apply_on_SessionObject(CreateSubscriptionResponse, message, channel, function (session, sendResponse, sendError) {
const context = new SessionContext({session, server});
if (session.currentSubscriptionCount >= OPCUAServer.MAX_SUBSCRIPTION) {
return sendError(StatusCodes.BadTooManySubscriptions);
}
const subscription = session.createSubscription(request);
subscription.on("monitoredItem", function (monitoredItem) {
prepareMonitoredItem(context, addressSpace, monitoredItem);
});
const response = new CreateSubscriptionResponse({
subscriptionId: subscription.id,
revisedPublishingInterval: subscription.publishingInterval,
revisedLifetimeCount: subscription.lifeTimeCount,
revisedMaxKeepAliveCount: subscription.maxKeepAliveCount
});
sendResponse(response);
});
};
OPCUAServer.prototype._on_DeleteSubscriptionsRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof DeleteSubscriptionsRequest);
this._apply_on_SubscriptionIds(DeleteSubscriptionsResponse, message, channel, function (session, subscriptionId) {
const subscription = server.engine.findOrphanSubscription(subscriptionId);
if (subscription) {
return server.engine.deleteOrphanSubscription(subscription);
}
return session.deleteSubscription(subscriptionId);
});
};
OPCUAServer.prototype._on_TransferSubscriptionsRequest = function (message, channel) {
//
// sendInitialValue Boolean
// A Boolean parameter with the following values:
// TRUE the first Publish response(s) after the TransferSubscriptions call shall
// contain the current values of all Monitored Items in the Subscription where
// the Monitoring Mode is set to Reporting.
// FALSE the first Publish response after the TransferSubscriptions call shall contain only the value
// changes since the last Publish response was sent.
// This parameter only applies to MonitoredItems used for monitoring Attribute changes.
//
const server = this;
const engine = server.engine;
const request = message.request;
assert(request instanceof TransferSubscriptionsRequest);
this._apply_on_SubscriptionIds(TransferSubscriptionsResponse, message, channel, function (session, subscriptionId) {
return engine.transferSubscription(session, subscriptionId, request.sendInitialValues);
});
};
OPCUAServer.prototype.prepare = function (message, channel) {
const server = this;
const request = message.request;
// --- check that session is correct
const authenticationToken = request.requestHeader.authenticationToken;
const session = server.getSession(authenticationToken, /*activeOnly*/true);
message.session = session;
if (!session) {
message.session_statusCode = StatusCodes.BadSessionIdInvalid;
return;
}
//xx console.log("xxxx channel ",channel.secureChannelId,session.secureChannelId);
// --- check that provided session matches session attached to channel
if (channel.secureChannelId !== session.secureChannelId) {
if (!(request instanceof ActivateSessionRequest)) {
console.log("ERROR: channel.secureChannelId !== session.secureChannelId".red.bgWhite, channel.secureChannelId, session.secureChannelId);
//xx console.log("trace",(new Error()).stack);
}
message.session_statusCode = StatusCodes.BadSecureChannelIdInvalid;
} else if (channel_has_session(channel, session)) {
message.session_statusCode = StatusCodes.Good;
} else {
// session ma y have been moved to a different channel
message.session_statusCode = StatusCodes.BadSecureChannelIdInvalid;
}
};
OPCUAServer.prototype._on_CreateMonitoredItemsRequest = function (message, channel) {
const server = this;
const engine = server.engine;
const addressSpace = engine.addressSpace;
const request = message.request;
assert(request instanceof CreateMonitoredItemsRequest);
this._apply_on_Subscription(CreateMonitoredItemsResponse, message, channel, function (session, subscription, sendResponse, sendError) {
const timestampsToReturn = request.timestampsToReturn;
if (timestampsToReturn === TimestampsToReturn.Invalid) {
return sendError(StatusCodes.BadTimestampsToReturnInvalid);
}
if (!request.itemsToCreate || request.itemsToCreate.length === 0) {
return sendError(StatusCodes.BadNothingToDo);
}
if (server.engine.serverCapabilities.operationLimits.maxMonitoredItemsPerCall > 0) {
if (request.itemsToCreate.length > server.engine.serverCapabilities.operationLimits.maxMonitoredItemsPerCall) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
const results = request.itemsToCreate.map(
subscription.createMonitoredItem.bind(subscription, addressSpace, timestampsToReturn));
const response = new CreateMonitoredItemsResponse({
responseHeader: {serviceResult: StatusCodes.Good},
results: results
//,diagnosticInfos: []
});
sendResponse(response);
});
};
const ModifySubscriptionRequest = subscription_service.ModifySubscriptionRequest;
const ModifySubscriptionResponse = subscription_service.ModifySubscriptionResponse;
OPCUAServer.prototype._on_ModifySubscriptionRequest = function (message, channel) {
const request = message.request;
assert(request instanceof ModifySubscriptionRequest);
this._apply_on_Subscription(ModifySubscriptionResponse, message, channel, function (session, subscription, sendResponse, sendError) {
subscription.modify(request);
const response = new ModifySubscriptionResponse({
revisedPublishingInterval: subscription.publishingInterval,
revisedLifetimeCount: subscription.lifeTimeCount,
revisedMaxKeepAliveCount: subscription.maxKeepAliveCount
});
sendResponse(response);
});
};
OPCUAServer.prototype._on_ModifyMonitoredItemsRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof ModifyMonitoredItemsRequest);
this._apply_on_Subscription(ModifyMonitoredItemsResponse, message, channel, function (session, subscription, sendResponse, sendError) {
const timestampsToReturn = request.timestampsToReturn;
if (timestampsToReturn === TimestampsToReturn.Invalid) {
return sendError(StatusCodes.BadTimestampsToReturnInvalid);
}
if (!request.itemsToModify || request.itemsToModify.length === 0) {
return sendError(StatusCodes.BadNothingToDo);
}
if (server.engine.serverCapabilities.operationLimits.maxMonitoredItemsPerCall > 0) {
if (request.itemsToModify.length > server.engine.serverCapabilities.operationLimits.maxMonitoredItemsPerCall) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
const itemsToModify = request.itemsToModify; // MonitoredItemModifyRequest
function modifyMonitoredItem(item) {
const monitoredItemId = item.monitoredItemId;
const monitoredItem = subscription.getMonitoredItem(monitoredItemId);
if (!monitoredItem) {
return new MonitoredItemModifyResult({statusCode: StatusCodes.BadMonitoredItemIdInvalid});
}
// adjust samplingInterval if === -1
if (item.requestedParameters.samplingInterval === -1) {
item.requestedParameters.samplingInterval = subscription.publishingInterval;
}
return monitoredItem.modify(timestampsToReturn, item.requestedParameters);
}
const results = itemsToModify.map(modifyMonitoredItem);
const response = new ModifyMonitoredItemsResponse({
results: results
});
sendResponse(response);
});
};
OPCUAServer.prototype._on_PublishRequest = function (message, channel) {
const request = message.request;
assert(request instanceof PublishRequest);
this._apply_on_SessionObject(PublishResponse, message, channel, function (session, sendResponse, sendError) {
assert(session);
assert(session.publishEngine); // server.publishEngine doesn't exists, OPCUAServer has probably shut down already
session.publishEngine._on_PublishRequest(request, function (request, response) {
sendResponse(response);
});
});
};
OPCUAServer.prototype._on_SetPublishingModeRequest = function (message, channel) {
const request = message.request;
assert(request instanceof SetPublishingModeRequest);
const publishingEnabled = request.publishingEnabled;
this._apply_on_Subscriptions(SetPublishingModeResponse, message, channel, function (session, subscription) {
return subscription.setPublishingMode(publishingEnabled);
});
};
OPCUAServer.prototype._on_DeleteMonitoredItemsRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof DeleteMonitoredItemsRequest);
this._apply_on_Subscription(DeleteMonitoredItemsResponse, message, channel, function (session, subscription, sendResponse, sendError) {
if (!request.monitoredItemIds || request.monitoredItemIds.length === 0) {
return sendError(StatusCodes.BadNothingToDo);
}
if (server.engine.serverCapabilities.operationLimits.maxMonitoredItemsPerCall > 0) {
if (request.monitoredItemIds.length > server.engine.serverCapabilities.operationLimits.maxMonitoredItemsPerCall) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
const results = request.monitoredItemIds.map(function (monitoredItemId) {
return subscription.removeMonitoredItem(monitoredItemId);
});
const response = new DeleteMonitoredItemsResponse({
results: results,
diagnosticInfos: null
});
sendResponse(response);
});
};
OPCUAServer.prototype._on_RepublishRequest = function (message, channel) {
const request = message.request;
assert(request instanceof RepublishRequest);
this._apply_on_Subscription(RepublishResponse, message, channel, function (session, subscription, sendResponse, sendError) {
// update diagnostic counter
subscription.subscriptionDiagnostics.republishRequestCount += 1;
const retransmitSequenceNumber = request.retransmitSequenceNumber;
const msgSequence = subscription.getMessageForSequenceNumber(retransmitSequenceNumber);
if (!msgSequence) {
return sendError(StatusCodes.BadMessageNotAvailable);
}
const response = new RepublishResponse({
responseHeader: {
serviceResult: StatusCodes.Good
},
notificationMessage: msgSequence.notification
});
sendResponse(response);
});
};
const SetMonitoringModeRequest = subscription_service.SetMonitoringModeRequest;
const SetMonitoringModeResponse = subscription_service.SetMonitoringModeResponse;
// Bad_NothingToDo
// Bad_TooManyOperations
// Bad_SubscriptionIdInvalid
// Bad_MonitoringModeInvalid
OPCUAServer.prototype._on_SetMonitoringModeRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof SetMonitoringModeRequest);
this._apply_on_Subscription(SetMonitoringModeResponse, message, channel, function (session, subscription, sendResponse, sendError) {
if (!request.monitoredItemIds || request.monitoredItemIds.length === 0) {
return sendError(StatusCodes.BadNothingToDo);
}
if (server.engine.serverCapabilities.operationLimits.maxMonitoredItemsPerCall > 0) {
if (request.monitoredItemIds.length > server.engine.serverCapabilities.operationLimits.maxMonitoredItemsPerCall) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
const monitoringMode = request.monitoringMode;
if (monitoringMode === subscription_service.MonitoringMode.Invalid) {
return sendError(StatusCodes.BadMonitoringModeInvalid);
}
const results = request.monitoredItemIds.map(function (monitoredItemId) {
const monitoredItem = subscription.getMonitoredItem(monitoredItemId);
if (!monitoredItem) {
return StatusCodes.BadMonitoredItemIdInvalid;
}
monitoredItem.setMonitoringMode(monitoringMode);
return StatusCodes.Good;
});
const response = new SetMonitoringModeResponse({
results: results
});
sendResponse(response);
});
};
// _on_TranslateBrowsePathsToNodeIds service
OPCUAServer.prototype._on_TranslateBrowsePathsToNodeIdsRequest = function (message, channel) {
const request = message.request;
assert(request instanceof TranslateBrowsePathsToNodeIdsRequest);
const server = this;
this._apply_on_SessionObject(TranslateBrowsePathsToNodeIdsResponse, message, channel, function (session, sendResponse, sendError) {
if (!request.browsePath || request.browsePath.length === 0) {
return sendError(StatusCodes.BadNothingToDo);
}
if (server.engine.serverCapabilities.operationLimits.maxNodesPerTranslateBrowsePathsToNodeIds > 0) {
if (request.browsePath.length > server.engine.serverCapabilities.operationLimits.maxNodesPerTranslateBrowsePathsToNodeIds) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
const browsePathResults = request.browsePath.map(function (browsePath) {
return server.engine.browsePath(browsePath);
});
const response = new TranslateBrowsePathsToNodeIdsResponse({
results: browsePathResults,
diagnosticInfos: null
});
sendResponse(response);
});
};
// Symbolic Id Description
//---------------------------- ----------------------------------------------------------------------------------------
// Bad_NodeIdInvalid Used to indicate that the specified object is not valid.
//
// Bad_NodeIdUnknown Used to indicate that the specified object is not valid.
//
// Bad_ArgumentsMissing The client did not specify all of the input arguments for the method.
// Bad_UserAccessDenied
//
// Bad_MethodInvalid The method id does not refer to a method for the specified object.
// Bad_OutOfRange Used to indicate that an input argument is outside the acceptable range.
// Bad_TypeMismatch Used to indicate that an input argument does not have the correct data type.
// A ByteString is structurally the same as a one dimensional array of Byte.
// A server shall accept a ByteString if an array of Byte is expected.
// Bad_NoCommunication
const getMethodDeclaration_ArgumentList = require("node-opcua-address-space").getMethodDeclaration_ArgumentList;
const verifyArguments_ArgumentList = require("node-opcua-address-space").verifyArguments_ArgumentList;
function callMethod(session, callMethodRequest, callback) {
/* jshint validthis: true */
const server = this;
const addressSpace = server.engine.addressSpace;
const objectId = callMethodRequest.objectId;
const methodId = callMethodRequest.methodId;
const inputArguments = callMethodRequest.inputArguments;
assert(objectId instanceof NodeId);
assert(methodId instanceof NodeId);
let response = getMethodDeclaration_ArgumentList(addressSpace, objectId, methodId);
if (response.statusCode !== StatusCodes.Good) {
return callback(null, {statusCode: response.statusCode});
}
const methodDeclaration = response.methodDeclaration;
// verify input Parameters
const methodInputArguments = methodDeclaration.getInputArguments();
response = verifyArguments_ArgumentList(addressSpace, methodInputArguments, inputArguments);
if (response.statusCode !== StatusCodes.Good) {
return callback(null, response);
}
const methodObj = addressSpace.findNode(methodId);
// invoke method on object
const context = new SessionContext({
session: session,
object: addressSpace.findNode(objectId),
server: server
});
methodObj.execute(inputArguments, context, function (err, callMethodResponse) {
/* istanbul ignore next */
if (err) {
return callback(err);
}
callMethodResponse.inputArgumentResults = response.inputArgumentResults || [];
assert(callMethodResponse.statusCode);
if (callMethodResponse.statusCode === StatusCodes.Good) {
assert(_.isArray(callMethodResponse.outputArguments));
}
assert(_.isArray(callMethodResponse.inputArgumentResults));
assert(callMethodResponse.inputArgumentResults.length === methodInputArguments.length);
return callback(null, callMethodResponse);
});
}
// Call Service Result Codes
// Symbolic Id Description
// Bad_NothingToDo See Table 165 for the description of this result code.
// Bad_TooManyOperations See Table 165 for the description of this result code.
//
OPCUAServer.prototype._on_CallRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof CallRequest);
this._apply_on_SessionObject(CallResponse, message, channel, function (session, sendResponse, sendError) {
let response;
if (!request.methodsToCall || request.methodsToCall.length === 0) {
return sendError(StatusCodes.BadNothingToDo);
}
// the MaxNodesPerMethodCall Property indicates the maximum size of the methodsToCall array when
// a Client calls the Call Service.
let maxNodesPerMethodCall = server.engine.serverCapabilities.operationLimits.maxNodesPerMethodCall;
maxNodesPerMethodCall = maxNodesPerMethodCall <= 0 ? 1000 : maxNodesPerMethodCall;
if (request.methodsToCall.length >= maxNodesPerMethodCall) {
return sendError(StatusCodes.BadTooManyOperations);
}
async.map(request.methodsToCall, callMethod.bind(server, session), function (err, results) {
if (err) {
console.log("ERROR in method Call !! ", err);
}
assert(_.isArray(results));
response = new CallResponse({results: results});
sendResponse(response);
}, function (err) {
/* istanbul ignore next */
if (err) {
channel.send_error_and_abort(StatusCodes.BadInternalError, err.message, "", function () {
});
}
});
});
};
OPCUAServer.prototype._on_RegisterNodesRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof RegisterNodesRequest);
this._apply_on_SessionObject(RegisterNodesResponse, message, channel, function (session, sendResponse, sendError) {
let response;
if (!request.nodesToRegister || request.nodesToRegister.length === 0) {
response = new RegisterNodesResponse({responseHeader: {serviceResult: StatusCodes.BadNothingToDo}});
return sendResponse(response);
}
if (server.engine.serverCapabilities.operationLimits.maxNodesPerRegisterNodes > 0) {
if (request.nodesToRegister.length > server.engine.serverCapabilities.operationLimits.maxNodesPerRegisterNodes) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
// A list of NodeIds which the Client shall use for subsequent access operations. The
// size and order of this list matches the size and order of the nodesToRegister
// request parameter.
// The Server may return the NodeId from the request or a new (an alias) NodeId. It
// is recommended that the Server return a numeric NodeIds for aliasing.
// In case no optimization is supported for a Node, the Server shall return the
// NodeId from the request.
const registeredNodeIds = request.nodesToRegister.map(nodeId => session.registerNode(nodeId));
response = new RegisterNodesResponse({
registeredNodeIds: registeredNodeIds
});
sendResponse(response);
});
};
OPCUAServer.prototype._on_UnregisterNodesRequest = function (message, channel) {
const server = this;
const request = message.request;
assert(request instanceof UnregisterNodesRequest);
this._apply_on_SessionObject(UnregisterNodesResponse, message, channel, function (session, sendResponse, sendError) {
let response;
if (!request.nodesToUnregister || request.nodesToUnregister.length === 0) {
response = new UnregisterNodesResponse({responseHeader: {serviceResult: StatusCodes.BadNothingToDo}});
return sendResponse(response);
}
if (server.engine.serverCapabilities.operationLimits.maxNodesPerRegisterNodes > 0) {
if (request.nodesToRegister.length > server.engine.serverCapabilities.operationLimits.maxNodesPerRegisterNodes) {
return sendError(StatusCodes.BadTooManyOperations);
}
}
request.nodesToUnregister.map(nodeId => session.unRegisterNode(nodeId));
response = new UnregisterNodesResponse({});
sendResponse(response);
});
};
OPCUAServer.prototype._on_Cancel = function (message, channel) {
return g_sendError(channel, message, session_service.CancelResponse, StatusCodes.BadNotImplemented);
};
// NodeManagement Service Set Overview
// This Service Set defines Services to add and delete AddressSpace Nodes and References between them. All added
// Nodes continue to exist in the AddressSpace even if the Client that created them disconnects from the Server.
//
const node_managment_service = require("node-opcua-service-node-management");
OPCUAServer.prototype._on_AddNodes = function (message, channel) {
return g_sendError(channel, message, node_managment_service.AddNodesResponse, StatusCodes.BadNotImplemented);
};
OPCUAServer.prototype._on_AddReferences = function (message, channel) {
return g_sendError(channel, message, node_managment_service.AddReferencesResponse, StatusCodes.BadNotImplemented);
};
OPCUAServer.prototype._on_DeleteNodes = function (message, channel) {
return g_sendError(channel, message, node_managment_service.DeleteNodesResponse, StatusCodes.BadNotImplemented);
};
OPCUAServer.prototype._on_DeleteReferences = function (message, channel) {
return g_sendError(channel, message, node_managment_service.DeleteReferencesResponse, StatusCodes.BadNotImplemented);
};
// Query Service
OPCUAServer.prototype._on_QueryFirst = function (message, channel) {
return g_sendError(channel, message, query_service.QueryFirstResponse, StatusCodes.BadNotImplemented);
};
OPCUAServer.prototype._on_QueryNext = function (message, channel) {
return g_sendError(channel, message, query_service.QueryNextResponse, StatusCodes.BadNotImplemented);
};
OPCUAServer.prototype._on_HistoryUpdate = function (message, channel) {
return g_sendError(channel, message, historizing_service.HistoryUpdateResponse, StatusCodes.BadNotImplemented);
};
/**
* @method registerServer
* @async
* @param discoveryServerEndpointUrl
* @param isOnline
* @param outer_callback
*/
function _registerServer(discoveryServerEndpointUrl, isOnline, outer_callback) {
assert(typeof discoveryServerEndpointUrl === "string");
assert(_.isBoolean(isOnline));
const self = this;
self.registerServerManager.discoveryServerEndpointUrl = discoveryServerEndpointUrl;
if (isOnline) {
self.registerServerManager.start(outer_callback);
} else {
self.registerServerManager.stop(outer_callback);
}
}
OPCUAServer.prototype.registerServer = function (discoveryServerEndpointUrl, callback) {
assert(!"registerServer is DEPRECATED - please use registerServerMethod when creating the OPCUAServer");
_registerServer.call(this,discoveryServerEndpointUrl, true, callback);
};
OPCUAServer.prototype.unregisterServer = function (discoveryServerEndpointUrl, callback) {
assert(!"unregisterServer is DEPRECATED - please use registerServerMethod when creating the OPCUAServer");
_registerServer.call(this,discoveryServerEndpointUrl, false, callback);
};
OPCUAServer.prototype.__defineGetter__("isAuditing", function () {
return this.engine.isAuditing;
});
exports.OPCUAServerEndPoint = OPCUAServerEndPoint;
exports.OPCUAServer = OPCUAServer;
exports.RegisterServerMethod = RegisterServerMethod;
The NodeOPCUA API