New security policy #1025

Kallelele · 2022-09-07T10:47:34Z

Kallelele
Sep 7, 2022

Hi, I am wondering if it possible to add a new security policy. "Aes128-Sha256-RsaOaep"

Sep 8, 2022

sure OPC UA Spec. expects that algorithm expire after some time and should be replaced!
see:
https://reference.opcfoundation.org/v104/Core/docs/Part7/6.6.164/

would look similar to:
https://github.com/FreeOpcUa/opcua-asyncio/blob/master/asyncua/crypto/security_policies.py#L608

but with:

View full answer

AndreasHeine · 2022-09-08T08:54:00Z

AndreasHeine
Sep 8, 2022
Maintainer

sure OPC UA Spec. expects that algorithm expire after some time and should be replaced!
see:
https://reference.opcfoundation.org/v104/Core/docs/Part7/6.6.164/

would look similar to:
https://github.com/FreeOpcUa/opcua-asyncio/blob/master/asyncua/crypto/security_policies.py#L608

but with:

3 replies

Kallelele Sep 8, 2022
Author

So I can add it? Spec says no published end date.
I guess this would be the same as https://github.com/FreeOpcUa/opcua-asyncio/blob/master/asyncua/crypto/security_policies.py#L608
but with different key size

oroulet Sep 8, 2022
Maintainer

send a merge request

Kallelele Sep 16, 2022
Author

#1032

dibyendumca · 2022-10-17T05:13:27Z

dibyendumca
Oct 17, 2022

Hello,
Could anybody suggest, How to Implement Username & Password Authentication in the Server Code and also in the Client to connect this authenticated Server ?

Also whether the client code (with Username & Password authentication) will be suitable to connect any other 3rd party OPC UA Server, which is already being secured with Username and Password ?

2 replies

AndreasHeine Oct 17, 2022
Maintainer

@dibyendumca currently we dont have an example... but this is the way to setup the server:

simplified not for production use!!!

#...

users_db =  {
                'user1': 'pw1'
            }

def user_manager(isession, username, password):
    isession.user = UserManager.User
    return username in users_db and password == users_db[username]

#...

policyIDs = ["Username"]
server.set_security_IDs(policyIDs)
server.user_manager.set_user_manager(user_manager)

#...

AndreasHeine Oct 17, 2022
Maintainer

client:

client.set_user("user1")
client.set_password("pw1")

dibyendumca · 2022-10-17T08:35:26Z

dibyendumca
Oct 17, 2022

Hello @AndreasHeine,

client.set_user("user1")
client.set_password("pw1")

Will the above client code work for any 3rd party OPC UA Server connection?

1 reply

AndreasHeine Oct 17, 2022
Maintainer

for all opc ua servers which implement username/password authentication!

dibyendumca · 2022-10-17T09:10:24Z

dibyendumca
Oct 17, 2022

Hello @AndreasHeine,
I am using the below OPC Async library......
from asyncua import Server, ua, uamethod
from asyncua.server.user_managers import UserManager

I have added the Code below in my Server Component...

users_db =  {
                'user1': 'pw1'
            }

def user_manager(isession, username, password):
    isession.user = UserManager.User
    return username in users_db and password == users_db[username]

#...

policyIDs = ["Username"]
server.set_security_IDs(policyIDs)
server.user_manager.set_user_manager(user_manager)

When I execute the server component, I get the following error........

1 reply

AndreasHeine Oct 17, 2022
Maintainer

oh... haven't realised that API-Change! sorry...

opcua-asyncio/asyncua/server/server.py

Line 83 in f49068a

def __init__(self, iserver: InternalServer = None, user_manager=None):

you need to give the manager as parameter the constructor of the server class

server = Server(user_manager=user_manager)

dibyendumca · 2022-10-18T04:14:20Z

dibyendumca
Oct 18, 2022

Hello @AndreasHeine,

I added the following code in my Server component...

users_db = {
    'user1': 'pw1'
}

def user_manager(isession, username, password):
    isession.user = UserManager.User
    return username in users_db and password == users_db[username]

async def main():
    server = Server(user_manager=user_manager)
    await server.init()
#......

if __name__ == "__main__":
    asyncio.run(main())

NOW MY CLIENT COMPONENT IS AS FOLLOWS ...

async def main():
    client = Client(url)
    # Connect to Server
    client.set_user("user1")
    client.set_password("pw1")
    print("I am here 1")
    await client.connect()
    print("I am here 2")
# ...

if __name__ == "__main__":
    asyncio.run(main())

WHEN I TRY TO EXECUTE THE CLIENT COMPONENT, I GET THE FOLLOWING ERROR...

I am here 1
Sending plain-text password
ServiceFault (BadInternalError, diagnostics: DiagnosticInfo(SymbolicId=None, NamespaceURI=None, Locale=None, LocalizedText=None, AdditionalInfo=None, InnerStatusCode=None, InnerDiagnosticInfo=None)) from server received in response to ActivateSessionRequest
Traceback (most recent call last):
File "....\dOPCuaXpertClient.py", line 312, in
asyncio.run(main())
File "C:\ProgramData\Anaconda3\lib\asyncio\runners.py", line 44, in run
return loop.run_until_complete(main)
File "C:\ProgramData\Anaconda3\lib\asyncio\base_events.py", line 647, in run_until_complete
return future.result()
File "....\dOPCuaXpertClient.py", line 203, in main
await client.connect()
File "C:\ProgramData\Anaconda3\lib\site-packages\asyncua\client\client.py", line 272, in connect
await self.activate_session(username=self._username, password=self._password, certificate=self.user_certificate)
File "C:\ProgramData\Anaconda3\lib\site-packages\asyncua\client\client.py", line 480, in activate_session
return await self.uaclient.activate_session(params)
File "C:\ProgramData\Anaconda3\lib\site-packages\asyncua\client\ua_client.py", line 309, in activate_session
data = await self.protocol.send_request(request)
File "C:\ProgramData\Anaconda3\lib\site-packages\asyncua\client\ua_client.py", line 154, in send_request
self.check_answer(data, f" in response to {request.class.name}")
File "C:\ProgramData\Anaconda3\lib\site-packages\asyncua\client\ua_client.py", line 163, in check_answer
hdr.ServiceResult.check()
File "C:\ProgramData\Anaconda3\lib\site-packages\asyncua\ua\uatypes.py", line 328, in check
raise UaStatusCodeError(self.value)
asyncua.ua.uaerrors._auto.BadInternalError: "An internal error occurred as a result of a programming or configuration error."(BadInternalError)
Exception ignored in: <function _ProactorBasePipeTransport.del at 0x000001B304612790>
Traceback (most recent call last):
File "C:\ProgramData\Anaconda3\lib\asyncio\proactor_events.py", line 116, in del
File "C:\ProgramData\Anaconda3\lib\asyncio\proactor_events.py", line 108, in close
File "C:\ProgramData\Anaconda3\lib\asyncio\base_events.py", line 751, in call_soon
File "C:\ProgramData\Anaconda3\lib\asyncio\base_events.py", line 515, in _check_closed
RuntimeError: Event loop is closed

COULD YOU PLEASE HELP ??

4 replies

schroeder- Oct 18, 2022
Maintainer

The client log doesn't help, the server has an exception. So for diagnostics you have to look at the server log.

AndreasHeine Oct 18, 2022
Maintainer

another API change i havent noticed that... the usermanager class has changed

opcua-asyncio/asyncua/server/user_managers.py

Line 6 in f49068a

class UserManager:

AndreasHeine Oct 18, 2022
Maintainer

@dibyendumca here is a working example:

import asyncio
import logging
from datetime import datetime
from asyncua import Server, ua
from asyncua.server.user_managers import UserManager
from asyncua.server.users import UserRole, User

users_db =  {
                'user1': 'pw1'
            }

class my_user_manager():
    def get_user(self, username=None, password=None, certificate=None):
        if username in users_db and password == users_db[username]:
            # valid user
            return User(role=UserRole.Admin)
        else:
            # invalid user
            return

logging.basicConfig(level=logging.WARNING)
_logger = logging.getLogger('asyncua')

async def main():
     # Serversetup
    server = Server(user_manager=my_user_manager)
    server.name = "OPC UA Tutorial Server"
    await server.init()
    server.set_endpoint("opc.tcp://127.0.0.1:4840")

    async with server:
        while 1:
            await asyncio.sleep(1)


if __name__ == "__main__":
    asyncio.run(main())

dibyendumca Oct 18, 2022

Hello @AndreasHeine ,

I implemented your way.
Thanks so much, Its working now ....

dibyendumca · 2022-10-18T05:52:03Z

dibyendumca
Oct 18, 2022

Hello @schroeder

OK, SO I ALSO SEND THE ERROR LOGS FROM THE SERVER COMPONENT AS FOLLOWS...
THE FIRST 3 LINES AND THE LAST 3 LINES ARE IN OK CONDITION

18-10-2022 11:18:49.684324 >> I: 40 362 44 18-10-2022 11:18:49.684324 0 0
18-10-2022 11:18:50.200223 >> I: MyFirstEvent triggered: 362
18-10-2022 11:18:50.203777 >> I: 39 421 45 18-10-2022 11:18:50.203777 1 0
Error while processing message
Traceback (most recent call last):
File "C:\ProgramData\Anaconda3\lib\site-packages\asyncua\server\uaprocessor.py", line 126, in process_message
return await self._process_message(typeid, requesthdr, seqhdr, body)
File "C:\ProgramData\Anaconda3\lib\site-packages\asyncua\server\uaprocessor.py", line 209, in _process_message
result = self.session.activate_session(params, self._connection.security_policy.peer_certificate)
File "C:\ProgramData\Anaconda3\lib\site-packages\asyncua\server\internal_session.py", line 103, in activate_session
user = self.iserver.user_manager.get_user(self.iserver, username=username, password=password,
AttributeError: 'function' object has no attribute 'get_user'
18-10-2022 11:18:50.728589 >> I: 38 544 22 18-10-2022 11:18:50.728589 1 0
18-10-2022 11:18:51.235819 >> I: MyFirstEvent triggered: 544
18-10-2022 11:18:51.239564 >> I: 37 420 26 18-10-2022 11:18:51.239564 1 0

0 replies

dibyendumca · 2022-10-20T09:15:22Z

dibyendumca
Oct 20, 2022

Hello,
Can anybody please help?

MY SERVER COMPONENT HAVE THE FOLLOWING CODE SNIPPETS...

     rootNodeId = server.get_root_node()
	# ...
    # TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT
    # Server Date Time Nodes
    # TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT
    serverLocalTimeNode = await server.nodes.objects.get_child( ["0:Server", "0:LocalTime"])
    serverCurrentTimeNode = await server.nodes.objects.get_child( ["0:Server", "0:ServerStatus", "0:CurrentTime"])
    baseEventLocalTimeNode = await rootNodeId.get_child(["0:Types", "0:ObjectTypes", "0:BaseObjectType", "0:BaseEventType", 
    "0:LocalTime"])
    baseEventReceiveTimeNode = await rootNodeId.get_child(["0:Types", "0:ObjectTypes", "0:BaseObjectType", "0:BaseEventType", 
    "0:ReceiveTime"])
    baseEventTimeNode = await rootNodeId.get_child(["0:Types", "0:ObjectTypes", "0:BaseObjectType", "0:BaseEventType", "0:Time"])
    
	# ...
     await serverLocalTimeNode.set_writable(writable=True)
     await serverCurrentTimeNode.set_writable(writable=True)
     await baseEventLocalTimeNode.set_writable(writable=True)
     await baseEventReceiveTimeNode.set_writable(writable=True)
     await baseEventTimeNode.set_writable(writable=True)
	
	# ...
# The custom event object automatically will have members from its parent (BaseEventType)
    etype = await server.create_custom_event_type(spaceNodeId, 'MyFirstEvent', ua.ObjectIds.BaseEventType,
                                                  [('MyNumericProperty', ua.VariantType.Int64),
                                                   ('MyStringProperty', ua.VariantType.String)])

    # create second event
    etype2 = await server.create_custom_event_type(spaceNodeId, 'MySecondEvent', ua.ObjectIds.BaseEventType,
                                                   [('MyFloatProperty', ua.VariantType.Float),
                                                    ('MyStringProperty', ua.VariantType.String)])

    # get an event generator for the Param node which generates custom events
    myevgen = await server.get_event_generator(etype, ParamEvents)
    myevgen.event.MyNumericProperty = ua.Variant(-456)
    myevgen.event.MyStringProperty = ua.Variant("First Event")

    # get another event generator for the Param node which generates different custom events
    myevgen2 = await server.get_event_generator(etype2, ParamEvents)
    myevgen2.event.MyFloatProperty = ua.Variant(1.337)
    myevgen2.event.MyStringProperty = ua.Variant("Second Event")

    # get an event generator for the server node which generates BaseEventType
    serverevgen = await server.get_event_generator()
 
# . . .
while True:
	TIME = datetime.datetime.now()
	await serverLocalTimeNode.set_value(TIME)
        await serverCurrentTimeNode.set_value(TIME)
	await baseEventLocalTimeNode.set_value(TIME)
	await baseEventReceiveTimeNode.set_value(TIME)
	await baseEventTimeNode.set_value(TIME)

AFTER RUNNING THE SERVER COMPONENT, I NOTICED THE TIME BEING UPDATED IN THOSE NODE SPECIFIED.

I HAVE THE FOLLOWING CODE SNIPPET IN MY CLIENT COMPONET...

def event_notification(self, event):
        mevent = Event.get_event_props_as_fields_dict(event)
        print("Event: ", event)

        print("#####################################################")
        print("Source Name       : ", mevent.get("SourceName").Value)
        print("NumericNodeId     : ", mevent.get("EventType").Value)
        print("Event NodeId      : ", ua_utils.val_to_string(
            mevent.get("EventType").Value))

        tagValue = str("''")
        if mevent.keys().__contains__("MyNumericProperty"):
            print("Numeric Property  : ", mevent.get("MyNumericProperty").Value)
            tagValue = "'" + str(mevent.get("MyNumericProperty").Value) + "'"

        if mevent.keys().__contains__("MyFloatProperty"):
            print("Float Property    : ", mevent.get("MyFloatProperty").Value)
            tagValue = "'" + str(mevent.get("MyFloatProperty").Value) + "'"

        if mevent.keys().__contains__("MyStringProperty"):
            print("String Property   : ", mevent.get("MyStringProperty").Value)
            tagValue = "'" + str(mevent.get("MyStringProperty").Value) + "'"

        # receivedTime = mevent.get("Time").Value.strftime(
        #     "%d-%m-%Y %H:%M:%S.%f")

        receivedTime = mevent.get("ReceiveTime").Value.strftime(
            "%d-%m-%Y %H:%M:%S.%f")

        print("Received Time     : ", receivedTime)
        print("#####################################################")

NOW MY QUESTION IS WHY STILL I GET THE UTC TIME, IN THE EVENT NOTIFICATION FUNCTION AS SHOWN BELOW.

Event: Event(["EventId:b'1b177f41595e4383bf021882771b456a'", 'EventType:NodeId(Identifier=2041, NamespaceIndex=0, NodeIdType=<NodeIdType.FourByte: 1>)', 'SourceNode:NodeId(Identifier=2253, NamespaceIndex=0, NodeIdType=<NodeIdType.FourByte: 1>)', 'SourceName:Server', 'Time:2022-10-20 08:57:36.532349', 'ReceiveTime:2022-10-20 08:57:36.532349', 'LocalTime:TimeZoneDataType(Offset=330, DaylightSavingInOffset=True)', "Message:LocalizedText(Locale=None, Text='Server Event Message 763')", 'Severity:1'])
#####################################################
Source Name : Server
NumericNodeId : NodeId(Identifier=2041, NamespaceIndex=0, NodeIdType=<NodeIdType.FourByte: 1>)
Event NodeId : i=2041
Received Time : 20-10-2022 08:57:36.532349
#####################################################
Event: Event(['MyNumericProperty:-456', 'MyStringProperty:First Event', "EventId:b'765737d8127444a6a83d7642675d163d'", 'EventType:NodeId(Identifier=2, NamespaceIndex=2, NodeIdType=<NodeIdType.FourByte: 1>)', 'SourceNode:NodeId(Identifier=1, NamespaceIndex=2, NodeIdType=<NodeIdType.FourByte: 1>)', 'SourceName:ParamEvents', 'Time:2022-10-20 08:57:37.048961', 'ReceiveTime:2022-10-20 08:57:37.048961', 'LocalTime:TimeZoneDataType(Offset=330, DaylightSavingInOffset=True)', "Message:LocalizedText(Locale=None, Text='This is MyFirstEvent 866')", 'Severity:1'])
#####################################################
Source Name : ParamEvents
NumericNodeId : NodeId(Identifier=2, NamespaceIndex=2, NodeIdType=<NodeIdType.FourByte: 1>)
Event NodeId : ns=2;i=2
Numeric Property : -456
String Property : First Event
Received Time : 20-10-2022 08:57:37.048961
#####################################################

2 replies

AndreasHeine Oct 20, 2022
Maintainer

@dibyendumca that does not have any relation to the initial topic!
you should open a own one with a proper name!?

dibyendumca Oct 20, 2022

OK, Sorry, thanks

New security policy #1025

Uh oh!

Replies: 7 comments · 13 replies

Uh oh!

AndreasHeine Sep 8, 2022 Maintainer

Uh oh!

Kallelele Sep 8, 2022 Author

Uh oh!

oroulet Sep 8, 2022 Maintainer

Uh oh!

Kallelele Sep 16, 2022 Author

Uh oh!

Uh oh!

Uh oh!

AndreasHeine Oct 17, 2022 Maintainer

Uh oh!

AndreasHeine Oct 17, 2022 Maintainer

Uh oh!

Uh oh!

Uh oh!

AndreasHeine Oct 17, 2022 Maintainer

Uh oh!

Uh oh!

AndreasHeine Oct 17, 2022 Maintainer

Uh oh!

Uh oh!

Uh oh!

schroeder- Oct 18, 2022 Maintainer

Uh oh!

AndreasHeine Oct 18, 2022 Maintainer

Uh oh!

AndreasHeine Oct 18, 2022 Maintainer

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

AndreasHeine Oct 20, 2022 Maintainer

Uh oh!

Replies: 7 comments 13 replies

AndreasHeine
Sep 8, 2022
Maintainer

Kallelele Sep 8, 2022
Author

oroulet Sep 8, 2022
Maintainer

Kallelele Sep 16, 2022
Author

AndreasHeine Oct 17, 2022
Maintainer

AndreasHeine Oct 17, 2022
Maintainer

AndreasHeine Oct 17, 2022
Maintainer

AndreasHeine Oct 17, 2022
Maintainer

schroeder- Oct 18, 2022
Maintainer

AndreasHeine Oct 18, 2022
Maintainer

AndreasHeine Oct 18, 2022
Maintainer

AndreasHeine Oct 20, 2022
Maintainer