org.eclipse.milo.opcua.stack.client.transport.uasc.ClientSecureChannel.java Source code

Java tutorial

Introduction

Here is the source code for org.eclipse.milo.opcua.stack.client.transport.uasc.ClientSecureChannel.java

Source

/*
 * Copyright (c) 2019 the Eclipse Milo Authors
 *
 * This program and the accompanying materials are made
 * available under the terms of the Eclipse Public License 2.0
 * which is available at https://www.eclipse.org/legal/epl-2.0/
 *
 * SPDX-License-Identifier: EPL-2.0
 */

package org.eclipse.milo.opcua.stack.client.transport.uasc;

import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;

import com.google.common.base.MoreObjects;
import io.netty.channel.Channel;
import io.netty.util.AttributeKey;
import io.netty.util.DefaultAttributeMap;
import org.eclipse.milo.opcua.stack.client.UaStackClientConfig;
import org.eclipse.milo.opcua.stack.core.StatusCodes;
import org.eclipse.milo.opcua.stack.core.UaException;
import org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity;
import org.eclipse.milo.opcua.stack.core.channel.SecureChannel;
import org.eclipse.milo.opcua.stack.core.security.SecurityPolicy;
import org.eclipse.milo.opcua.stack.core.types.builtin.ByteString;
import org.eclipse.milo.opcua.stack.core.types.enumerated.MessageSecurityMode;
import org.eclipse.milo.opcua.stack.core.types.structured.EndpointDescription;
import org.eclipse.milo.opcua.stack.core.util.CertificateUtil;
import org.eclipse.milo.opcua.stack.core.util.LongSequence;

public class ClientSecureChannel extends DefaultAttributeMap implements SecureChannel {

    public static final AttributeKey<LongSequence> KEY_REQUEST_ID_SEQUENCE = AttributeKey
            .valueOf("request-id-sequence");

    private volatile Channel channel;
    private volatile long channelId = 0;
    private volatile ChannelSecurity channelSecurity;
    private volatile ByteString localNonce = ByteString.NULL_VALUE;
    private volatile ByteString remoteNonce = ByteString.NULL_VALUE;

    private final KeyPair keyPair;
    private final X509Certificate localCertificate;
    private final List<X509Certificate> localCertificateChain;
    private final X509Certificate remoteCertificate;
    private final List<X509Certificate> remoteCertificateChain;
    private final SecurityPolicy securityPolicy;
    private final MessageSecurityMode messageSecurityMode;

    public ClientSecureChannel(SecurityPolicy securityPolicy, MessageSecurityMode messageSecurityMode) {
        this(null, null, null, null, null, securityPolicy, messageSecurityMode);
    }

    public ClientSecureChannel(KeyPair keyPair, X509Certificate localCertificate,
            List<X509Certificate> localCertificateChain, X509Certificate remoteCertificate,
            List<X509Certificate> remoteCertificateChain, SecurityPolicy securityPolicy,
            MessageSecurityMode messageSecurityMode) {

        this.keyPair = keyPair;
        this.localCertificate = localCertificate;
        this.localCertificateChain = localCertificateChain;
        this.remoteCertificate = remoteCertificate;
        this.remoteCertificateChain = remoteCertificateChain;
        this.securityPolicy = securityPolicy;
        this.messageSecurityMode = messageSecurityMode;
    }

    public void setChannel(Channel channel) {
        this.channel = channel;
    }

    public void setChannelId(long channelId) {
        this.channelId = channelId;
    }

    public void setChannelSecurity(ChannelSecurity channelSecurity) {
        this.channelSecurity = channelSecurity;
    }

    public void setLocalNonce(ByteString localNonce) {
        this.localNonce = localNonce;
    }

    public void setRemoteNonce(ByteString remoteNonce) {
        this.remoteNonce = remoteNonce;
    }

    public Channel getChannel() {
        return channel;
    }

    @Override
    public long getChannelId() {
        return channelId;
    }

    @Override
    public KeyPair getKeyPair() {
        return keyPair;
    }

    @Override
    public ByteString getLocalNonce() {
        return localNonce;
    }

    @Override
    public ByteString getRemoteNonce() {
        return remoteNonce;
    }

    @Override
    public SecurityPolicy getSecurityPolicy() {
        return securityPolicy;
    }

    @Override
    public MessageSecurityMode getMessageSecurityMode() {
        return messageSecurityMode;
    }

    @Override
    public X509Certificate getLocalCertificate() {
        return localCertificate;
    }

    @Override
    public List<X509Certificate> getLocalCertificateChain() {
        return localCertificateChain;
    }

    @Override
    public X509Certificate getRemoteCertificate() {
        return remoteCertificate;
    }

    @Override
    public List<X509Certificate> getRemoteCertificateChain() {
        return remoteCertificateChain;
    }

    @Override
    public ChannelSecurity getChannelSecurity() {
        return channelSecurity;
    }

    @Override
    public ChannelSecurity.SecretKeys getEncryptionKeys(ChannelSecurity.SecurityKeys securityKeys) {
        return securityKeys.getClientKeys();
    }

    @Override
    public ChannelSecurity.SecretKeys getDecryptionKeys(ChannelSecurity.SecurityKeys securityKeys) {
        return securityKeys.getServerKeys();
    }

    @Override
    public String toString() {
        return MoreObjects.toStringHelper(this).add("channelId", channelId).add("securityPolicy", securityPolicy)
                .toString();
    }

    public static ClientSecureChannel fromConfig(UaStackClientConfig config) throws UaException {
        EndpointDescription endpoint = config.getEndpoint();

        SecurityPolicy securityPolicy = SecurityPolicy.fromUri(endpoint.getSecurityPolicyUri());

        if (securityPolicy == SecurityPolicy.None) {
            return new ClientSecureChannel(securityPolicy, endpoint.getSecurityMode());
        } else {
            KeyPair keyPair = config.getKeyPair().orElseThrow(
                    () -> new UaException(StatusCodes.Bad_ConfigurationError, "no KeyPair configured"));

            X509Certificate certificate = config.getCertificate().orElseThrow(
                    () -> new UaException(StatusCodes.Bad_ConfigurationError, "no certificate configured"));

            List<X509Certificate> certificateChain = Arrays.asList(config.getCertificateChain().orElseThrow(
                    () -> new UaException(StatusCodes.Bad_ConfigurationError, "no certificate chain configured")));

            X509Certificate remoteCertificate = CertificateUtil
                    .decodeCertificate(endpoint.getServerCertificate().bytes());

            List<X509Certificate> remoteCertificateChain = CertificateUtil
                    .decodeCertificates(endpoint.getServerCertificate().bytes());

            return new ClientSecureChannel(keyPair, certificate, certificateChain, remoteCertificate,
                    remoteCertificateChain, securityPolicy, endpoint.getSecurityMode());
        }
    }

}