Create a demo server implementing the Push Management model (OPC UA part 12)
Create a demo server that implements the push management according to OPC UA specification §7.8 and §7.10 part 12 v1.05.
Notes : to use the demo binarie toolkit_demo_push_server
with UaExpert, S2OPC shall be build with the S2OPC_DYNAMIC_TYPE_RESOLUTION
option.
Implemented
Management of the ServerConfigurationType
- ServerConfiguration.GetRejectedList
- ServerConfiguration.CreateSigningRequest
- ServerConfiguration.UpdateCertificate
Management of the TrustList that belongs to the DefaultApplicationGroup
- TrustList.Open
- TrustList.OpenWithMasks
- TrustList.Close
- TrustList.CloseAndUpdate
- TrustList.GetPosition
- TrustList.SetPosition
- TrustList.Read
- TrustList.Write
- TrustList.AddCertificate
- TrustList.RemoveCertificate
- TrustList.ActivityTimeout (nodeId is not available since S2OPC works with the address space v1.04)
- TrustList.Size
- TrustList.OpenCount
- TrustList.LastUpdateTime
Deviation from specification
Management of the CertificateGroupType
- Supports only the group
DefaultApplicationGroup
- Supports only one nodeId for the
CertificateTypes
properties (one-dimensional array). Indeed the S2OPC server supports only one key-cert pair. - Supports only the nodeIds
RsaMinApplicationCertificateType
andRsaSha256ApplicationCertificateType
for theCertificateTypes
properties
Management of the ServerConfigurationType
ServerConfiguration.CreateSigningRequest :
- Custom subjectName from method call argument is not supported (instead, the subjectName of the current certificate is used.
OpcUa_Bad_NotSupported
is returned) - The use of the given
nonce
as additional entropy source is ignored and no error is returned ifregeneratePrivateKey = True
and nonce is notgiven
. - Info : for
RsaMinApplicationCertificateType
, the generated RSA key size is set to 2048 and the hash algorithm for the signature is SHA256. - Info : for
RsaSha256ApplicationCertificateType
, the generated RSA key size is set to 4096 and the hash algorithm for the signature is SHA256.
ServerConfiguration.UpdateCertificate :
- Update with a new privateKey and certificate created outside the server is not supported (
OpcUa_Bad_NotSupported
is returned) - No check are made to handle that the security level of the update isn't higher than the security level of the secure channel. (issue has been submitted)
- The new private key is exported in the file system but its content is not encrypted (password challenge for decryption).
- Info : The output
applyChangesRequired
is always set tofalse
because S2OPC do not support transaction. - Info : No backup is implemented if export to the file system fails (missing of a key store)
Management of the TrustList that belongs to the DefaultApplicationGroup
TrustList.Open and TrustList.OpenWithMasks
- The TrustList cannot be opened if it is not closed (
OpcUa_BadInvalidState
is returned). - When the TrustList is open in read mode then the TrustList.Size propertie is set to size in bytes of the UA Binary encoded stream containing the instance of TrustListDataType.
TrustList.ActivityTimeout
- If the activity timeout has elapsed, the TrustList is closed, but the address space properties are not reset until the TrustList is reopened (TrustList.Size and TrustList.OpenCount values). Moreover the ActivityTimeout nodeId is not available since S2OPC works with the address space v1.04
- Info : The default value of of 60000 milliseconds (1 minute) is used
TrustList.RemoveCertificate
- The TrustList shall not be open (
OpcUa_BadNotWritable
is returned if the TrustList is open in read mode, otherwise,OpcUa_BadInvalidState
).
TrustList.AddCertificate
- The TrustList shall not be open (
OpcUa_BadNotWritable
is returned if the TrustList is open in read mode, otherwise,OpcUa_BadInvalidState
). - No check are made to handle that the security level of the update isn't higher than the security level of the secure channel. (issue has been submitted)
- As describes in ticket, the key size and the hash algorithm of the signature are not check for the new certificate, instead, a minimum profile is applied to check the chain (size shall be at least 1024 bits and at least SHA1 as hash used) . The validity period, signature, key usage, extended key usage, basic constraint and key type (RSA) are verified before to add the certificate.
TrustList.CloseAndUpdate
- No check are made to handle that the security level of the update isn't higher than the security level of the secure channel. (issue has been submitted)
- As describes in ticket, the key size and the hash algorithm of the signature are not check for new certificates, instead, a minimum profile is applied to check the chain (size shall be at least 1024 bits and at least SHA1 as hash used) . The validity period, signature, key usage, extended key usage, basic constraint and key type (RSA) are verified before to apply new updates.
- Info : the output
applyChangesRequired
is always set tofalse
because S2OPC do not support transaction.
Default address space values (at startup)
file S2OPC_Demo_Push_AddSpace.xml
- ServerConfiguration.ServerCapabilities :
"DA"
- ServerConfiguration.SupportedPrivateKeyFormats :
"PEM"
- ServerConfiguration.MaxTrustListSize :
0
=> means no limit. The default is 65 535 bytes. - ServerConfiguration.MulticastDnsEnabled :
false
- DefaultApplicationGroup.CertificateTypes : nodeId of
RsaSha256ApplicationCertificateType
- TrustList.OpenCount :
0
- TrustList.ActivityTimeout : Not specified and nodeId not available in v1.04 => default behaviour = 60000 milliseconds (1 minute)
- TrustList.Size :
0
- TrustList.Writable :
true
- TrustList.UserWritable :
true
- TrustList.LastUpdateTime :
NULL
(until the first update)
TOFU mode (Trust On First Use)
The TOFU mode allows to start the server push with an empty PKI and allows a specific user to configure the TrustList for the first time. In TOFU mode, when a valid update is completed through TrustList.AddCertificate
or TrustList.Write
+ TrustList.CloseAndUpdate
methods then the server reboot with the new configuration of the TrustList.
The TOFU mode works during a period and if the timeout has elapsed then the server is stopped.
To activate TOFU mode, the user must set the TOFU period value from the binary command line eg ./toolkit_demo_push_server 1
(server will start in TOFU state with a timeout of 1 minute)