How to use the node-opcua-service-secure-channel.MessageSecurityMode.None function in node-opcua-service-secure-channel
To help you get started, we’ve selected a few node-opcua-service-secure-channel examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
node-opcua / node-opcua / packages / node-opcua-secure-channel / source / client / client_secure_channel_layer.ts View on Github 
const openSecureChannelResponse = response as OpenSecureChannelResponse;
// record channelId for future transactions
this.channelId = openSecureChannelResponse.securityToken.channelId;
// todo : verify that server certificate is valid
// A self-signed application instance certificate does not need to be verified with a CA.
// todo : verify that Certificate URI matches the ApplicationURI of the server
assert(openSecureChannelResponse.securityToken.tokenId > 0 || msgType === "OPN",
"_sendSecureOpcUARequest: invalid token Id ");
assert(openSecureChannelResponse.hasOwnProperty("serverNonce"));
this.securityToken = openSecureChannelResponse.securityToken;
this.serverNonce = openSecureChannelResponse.serverNonce;
if (this.securityMode !== MessageSecurityMode.None) {
// verify that server nonce if provided is at least 32 bytes long
/* istanbul ignore next */
if (!openSecureChannelResponse.serverNonce) {
console.log(" client : server nonce is invalid !");
return callback(new Error(" Invalid server nonce"));
}
// This parameter shall have a length equal to key size used for the symmetric
// encryption algorithm that is identified by the securityPolicyUri.
if (openSecureChannelResponse.serverNonce.length !== this.clientNonce.length) {
console.log(" client : server nonce is invalid !");
return callback(new Error(" Invalid server nonce length"));
}
}
const cryptoFactory = this.messageBuilder.cryptoFactory;private _decrypt_MSG(binaryStream: BinaryStream): boolean {
assert(this.securityHeader instanceof SymmetricAlgorithmSecurityHeader);
assert(this.securityMode !== MessageSecurityMode.None);
assert(this.securityMode !== MessageSecurityMode.Invalid);
assert(this.securityPolicy !== SecurityPolicy.None);
assert(this.securityPolicy !== SecurityPolicy.Invalid);
const symmetricAlgorithmSecurityHeader = this.securityHeader as SymmetricAlgorithmSecurityHeader;
// Check security token
// securityToken may have been renewed
const securityTokenData = this._select_matching_token(symmetricAlgorithmSecurityHeader.tokenId);
if (!securityTokenData) {
this._report_error("Security token data for token " + symmetricAlgorithmSecurityHeader.tokenId + " doesn't exist");
return false;
}
assert(securityTokenData.hasOwnProperty("derivedKeys"));
// SecurityToken may have expired, in this case the MessageBuilder shall reject the messageprivate _prepare_security_header(request: OpenSecureChannelRequest, message: Message): AsymmetricAlgorithmSecurityHeader {
let securityHeader = null;
// senderCertificate:
// The X509v3 certificate assigned to the sending application instance.
// This is a DER encoded blob.
// This indicates what private key was used to sign the MessageChunk.
// This field shall be null if the message is not signed.
// receiverCertificateThumbprint:
// The thumbprint of the X509v3 certificate assigned to the receiving application
// The thumbprint is the SHA1 digest of the DER encoded form of the certificate.
// This indicates what public key was used to encrypt the MessageChunk
// This field shall be null if the message is not encrypted.
switch (request.securityMode) {
case MessageSecurityMode.None:
securityHeader = new AsymmetricAlgorithmSecurityHeader({
receiverCertificateThumbprint: null, // message not encrypted
securityPolicyUri: "http://opcfoundation.org/UA/SecurityPolicy#None",
senderCertificate: null // message not signed
});
break;
case MessageSecurityMode.Sign:
case MessageSecurityMode.SignAndEncrypt:
default: {
// get the thumbprint of the client certificate
const thumbprint = this.receiverCertificate
? makeSHA1Thumbprint(this.receiverCertificate)
: null;
if (!this.clientSecurityHeader) {private _send_error(statusCode: StatusCode, description: string, message: Message, callback: ErrorCallback) {
// turn of security mode as we haven't manage to set it to
this.securityMode = MessageSecurityMode.None;
// unexpected message type ! let close the channel
const err = new Error(description);
this.send_error_and_abort(statusCode, description, message, () => {
callback(err); // OK
});
}private _decrypt(binaryStream: BinaryStream) {
if (this.securityPolicy === SecurityPolicy.Invalid) {
// this._report_error("SecurityPolicy");
// return false;
return true;
}
const msgType = this.messageHeader.msgType;
// check if security is active or not
if (this.securityPolicy === SecurityPolicy.None) {
this.securityMode = MessageSecurityMode.None;
assert(this.securityMode === MessageSecurityMode.None, "expecting securityMode = None when securityPolicy is None");
return true; // nothing to do
}
assert(this.securityMode !== MessageSecurityMode.None);
if (msgType === "OPN") {
return this._decrypt_OPN(binaryStream);
} else {
return this._decrypt_MSG(binaryStream);
}
}exports.fixture3 = (function () {
var endPointResponse = new GetEndpointsResponse();
endPointResponse.endpoints.length.should.equal(0);
endPointResponse.endpoints.push(exports.makeEndPoint());
endPointResponse.endpoints.push(exports.makeEndPoint());
endPointResponse.endpoints.push(exports.makeEndPoint());
endPointResponse.endpoints.length.should.equal(3);
endPointResponse.endpoints[0].server.gatewayServerUri.should.eql("gatewayServerUri");
endPointResponse.endpoints[0].securityMode.should.eql(MessageSecurityMode.None);
return endPointResponse;
})();applicationName: {text: "Localised application name"},
applicationType: ApplicationType.ClientAndServer,
gatewayServerUri: "gatewayServerUri",
discoveryProfileUri: "discoveryProfileUri",
discoveryUrls: [
"discoveryUrls1",
"discoveryUrls2",
"discoveryUrls3",
"discoveryUrls4",
"discoveryUrls5"
]
},
serverCertificate: Buffer.alloc(256),
securityMode: MessageSecurityMode.None,
securityPolicyUri: "http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15",
userIdentityTokens: [
{
policyId: "policyId",
tokenType: UserTokenType.Anonymous,
issuedTokenType: "issuedTokenType",
issuerEndpointUrl: "qdqsdq",
securityPolicyUri: "String"
}
],
transportProfileUri: "",
securityLevel: 36
};
var value = new EndpointDescription(data);
assert(value.server);endpoint = endpoints.filter(function (e) {
return e.securityMode === MessageSecurityMode.None;
});
}node-opcua-service-secure-channel
pure nodejs OPCUA SDK - module service-secure-channel
Package Health Score
81 / 100Popular node-opcua-service-secure-channel functions
- node-opcua-service-secure-channel.AsymmetricAlgorithmSecurityHeader
- node-opcua-service-secure-channel.ChannelSecurityToken
- node-opcua-service-secure-channel.CloseSecureChannelRequest
- node-opcua-service-secure-channel.CloseSecureChannelResponse
- node-opcua-service-secure-channel.coerceMessageSecurityMode
- node-opcua-service-secure-channel.ErrorMessage
- node-opcua-service-secure-channel.hasTokenExpired
- node-opcua-service-secure-channel.MessageSecurityMode
- node-opcua-service-secure-channel.MessageSecurityMode.get
- node-opcua-service-secure-channel.MessageSecurityMode.INVALID
- node-opcua-service-secure-channel.MessageSecurityMode.Invalid
- node-opcua-service-secure-channel.MessageSecurityMode.NONE
- node-opcua-service-secure-channel.MessageSecurityMode.None
- node-opcua-service-secure-channel.MessageSecurityMode.SIGN
- node-opcua-service-secure-channel.MessageSecurityMode.Sign
- node-opcua-service-secure-channel.MessageSecurityMode.SIGNANDENCRYPT
- node-opcua-service-secure-channel.MessageSecurityMode.SignAndEncrypt
- node-opcua-service-secure-channel.ServiceFault
- node-opcua-service-secure-channel.SignatureData
- node-opcua-service-secure-channel.SymmetricAlgorithmSecurityHeader