cherry pick 33bf3850

af2d044d · kleskjr · Christian Bergmiller · f4a5dc52 · af2d044d · af2d044d
Commit af2d044d authored Jun 07, 2018 by kleskjr Committed by Christian Bergmiller Jul 30, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 51 additions and 32 deletions

examples/server-example.py examples/server-example.py +7 -6

opcua/server/server.py opcua/server/server.py +25 -26

opcua/ua/uatypes.py opcua/ua/uatypes.py +19 -0

No files found.
--- a/examples/server-example.py
+++ b/examples/server-example.py
@@ -67,12 +67,13 @@ if __name__ == "__main__":
    #server.set_endpoint("opc.tcp://localhost:4840/freeopcua/server/")
    server.set_endpoint("opc.tcp://0.0.0.0:4840/freeopcua/server/")
    server.set_server_name("FreeOpcUa Example Server")
-    # set possible endpoint policies for clients to connect through
-    server.set_security_policy(["None",
-                                "Basic128Rsa15_Sign",
-                                "Basic128Rsa15_SignAndEncrypt", 
-                                "Basic256_Sign",
-                                "Basic256_SignAndEncrypt"])
+    # set all possible endpoint policies for clients to connect through
+    server.set_security_policy([
+                ua.SecurityPolicyType.NoSecurity,
+                ua.SecurityPolicyType.Basic128Rsa15_SignAndEncrypt,
+                ua.SecurityPolicyType.Basic128Rsa15_Sign,
+                ua.SecurityPolicyType.Basic256_SignAndEncrypt,
+                ua.SecurityPolicyType.Basic256_Sign])

    # setup our own namespace
    uri = "http://examples.freeopcua.github.io"

--- a/opcua/server/server.py
+++ b/opcua/server/server.py
@@ -217,22 +217,22 @@ class Server:
    def set_security_policy(self, security_policy):
        """
            Method setting up the security policies for connections
-            to the server. During server object initialization, all
-            possible endpoints are enabled:
+            to the server, where security_policy is a list of integers.
+            During server initialization, all endpoints are enabled:

-                security_policy = ["None",
-                                    "Basic128Rsa15_Sign",
-                                    "Basic128Rsa15_SignAndEncrypt",
-                                    "Basic256_Sign",
-                                    "Basic256_SignAndEncrypt"]
-
-            where security_policy is a list of strings. "None" enables an
-            endpoint without any security.
+                security_policy = [
+                            ua.SecurityPolicyType.NoSecurity,
+                            ua.SecurityPolicyType.Basic128Rsa15_SignAndEncrypt,
+                            ua.SecurityPolicyType.Basic128Rsa15_Sign,
+                            ua.SecurityPolicyType.Basic256_SignAndEncrypt,
+                            ua.SecurityPolicyType.Basic256_Sign
+                                ]

            E.g. to limit the number of endpoints and disable no encryption:

-                set_security_policy(["Basic256_Sign",
-                                        "Basic256_SignAndEncrypt"])
+                set_security_policy([
+                            ua.SecurityPolicyType.Basic128Rsa15_SignAndEncrypt
+                            ua.SecurityPolicyType.Basic256_SignAndEncrypt])

        """
        self._security_policy = security_policy
@@ -266,33 +266,32 @@ class Server:
                return

            if ua.SecurityPolicyType.NoSecurity in self._security_policy:
-                self.logger.warning(
-                    "Creating an open endpoint to the server, although encrypted endpoints are enabled.")
+                self.logger.warning("Creating an open endpoint to the server, although encrypted endpoints are enabled.")

            if ua.SecurityPolicyType.Basic128Rsa15_SignAndEncrypt in self._security_policy:
                self._set_endpoints(security_policies.SecurityPolicyBasic128Rsa15,
                    ua.MessageSecurityMode.SignAndEncrypt)
                self._policies.append(ua.SecurityPolicyFactory(security_policies.SecurityPolicyBasic128Rsa15,
-                    ua.MessageSecurityMode.SignAndEncrypt,
-                    self.certificate,
-                    self.private_key)
-                )
+                                                               ua.MessageSecurityMode.SignAndEncrypt,
+                                                               self.certificate,
+                                                               self.private_key)
+                                     )
            if ua.SecurityPolicyType.Basic128Rsa15_Sign in self._security_policy:
                self._set_endpoints(security_policies.SecurityPolicyBasic128Rsa15,
                    ua.MessageSecurityMode.Sign)
                self._policies.append(ua.SecurityPolicyFactory(security_policies.SecurityPolicyBasic128Rsa15,
-                    ua.MessageSecurityMode.Sign,
-                    self.certificate,
-                    self.private_key)
-                )
+                                                               ua.MessageSecurityMode.Sign,
+                                                               self.certificate,
+                                                               self.private_key)
+                                     )
            if ua.SecurityPolicyType.Basic256_SignAndEncrypt in self._security_policy:
                self._set_endpoints(security_policies.SecurityPolicyBasic256,
                    ua.MessageSecurityMode.SignAndEncrypt)
                self._policies.append(ua.SecurityPolicyFactory(security_policies.SecurityPolicyBasic256,
-                    ua.MessageSecurityMode.SignAndEncrypt,
-                    self.certificate,
-                    self.private_key)
-                )
+                                                               ua.MessageSecurityMode.SignAndEncrypt,
+                                                               self.certificate,
+                                                               self.private_key)
+                                     )
            if ua.SecurityPolicyType.Basic256_Sign in self._security_policy:
                self._set_endpoints(security_policies.SecurityPolicyBasic256,
                    ua.MessageSecurityMode.Sign)

--- a/opcua/ua/uatypes.py
+++ b/opcua/ua/uatypes.py
@@ -951,3 +951,22 @@ def get_extensionobject_class_type(typeid):
        return extension_object_classes[typeid]
    else:
        return None
+
+
+class SecurityPolicyType(Enum):
+    """
+    The supported types of SecurityPolicy.
+    
+    "None"
+    "Basic128Rsa15_Sign"
+    "Basic128Rsa15_SignAndEncrypt"
+    "Basic256_Sign"
+    "Basic256_SignAndEncrypt"
+
+    """
+
+    NoSecurity = 0
+    Basic128Rsa15_Sign = 1
+    Basic128Rsa15_SignAndEncrypt = 2
+    Basic256_Sign = 3
+    Basic256_SignAndEncrypt = 4