opcua 0.12.0

OPC UA client and server API
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

// OPCUA for Rust
// SPDX-License-Identifier: MPL-2.0
// Copyright (C) 2017-2024 Adam Lock

use std::sync::Arc;

use crate::sync::*;
use crate::types::{status_code::StatusCode, *};

use crate::server::prelude::SecureChannel;
use crate::server::{
    address_space::address_space::AddressSpace,
    events::audit::{certificate_events::*, session_events::*},
    session::Session,
    state::ServerState,
};

fn next_node_id(address_space: Arc<RwLock<AddressSpace>>) -> NodeId {
    let audit_namespace = {
        let address_space = trace_read_lock!(address_space);
        address_space.audit_namespace()
    };
    NodeId::next_numeric(audit_namespace)
}

pub fn log_create_session(
    server_state: &ServerState,
    secure_channel: &SecureChannel,
    session: &Session,
    address_space: Arc<RwLock<AddressSpace>>,
    status: bool,
    revised_session_timeout: Duration,
    request: &CreateSessionRequest,
) {
    let node_id = next_node_id(address_space);
    let now = DateTime::now();

    // Raise an event
    let event = AuditCreateSessionEventType::new(node_id, now)
        .status(status)
        .client_audit_entry_id(request.request_header.audit_entry_id.clone());

    let event = if status {
        let session_id = session.session_id().clone();
        let secure_channel_id = format!("{}", secure_channel.secure_channel_id());

        let event = event
            .session_id(session_id)
            .secure_channel_id(secure_channel_id)
            .revised_session_timeout(revised_session_timeout);

        // Client certificate info
        if let Some(ref client_certificate) = session.client_certificate() {
            event.client_certificate(client_certificate)
        } else {
            event
        }
    } else {
        event
    };

    let _ = server_state.raise_and_log(event);
}

pub fn log_activate_session(
    secure_channel: &SecureChannel,
    server_state: &ServerState,
    session: &Session,
    address_space: Arc<RwLock<AddressSpace>>,
    status: bool,
    request: &ActivateSessionRequest,
) {
    let node_id = next_node_id(address_space);
    let now = DateTime::now();

    let session_id = session.session_id().clone();
    let secure_channel_id = format!("{}", secure_channel.secure_channel_id());
    let event = AuditActivateSessionEventType::new(node_id, now)
        .status(status)
        .session_id(session_id)
        .client_audit_entry_id(request.request_header.audit_entry_id.clone())
        .secure_channel_id(secure_channel_id);

    let event = if status {
        // Client software certificates
        let event =
            if let Some(ref client_software_certificates) = request.client_software_certificates {
                event.client_software_certificates(client_software_certificates.clone())
            } else {
                event
            };

        // TODO user identity token - should we serialize the entire token in an audit log, or just the policy uri?
        //  from a security perspective, logging credentials is bad.

        event
    } else {
        event
    };

    let _ = server_state.raise_and_log(event);
}

pub fn log_close_session(
    server_state: &ServerState,
    session: &Session,
    address_space: Arc<RwLock<AddressSpace>>,
    status: bool,
    request: &CloseSessionRequest,
) {
    let node_id = next_node_id(address_space);
    let now = DateTime::now();

    let session_id = session.session_id().clone();
    let event = AuditSessionEventType::new_close_session(
        node_id,
        now,
        AuditCloseSessionReason::CloseSession,
    )
    .status(status)
    .client_user_id(session.client_user_id())
    .client_audit_entry_id(request.request_header.audit_entry_id.clone())
    .session_id(session_id);

    let _ = server_state.raise_and_log(event);
}

pub fn log_certificate_error(
    server_state: &ServerState,
    address_space: Arc<RwLock<AddressSpace>>,
    status_code: StatusCode,
    request_header: &RequestHeader,
) {
    let node_id = next_node_id(address_space);
    let now = DateTime::now();

    match status_code.status() {
        StatusCode::BadCertificateTimeInvalid => {
            let event = AuditCertificateExpiredEventType::new(node_id, now)
                .client_audit_entry_id(request_header.audit_entry_id.clone());
            let _ = server_state.raise_and_log(event);
        }
        _ => {
            // TODO client_id
            let event = AuditCertificateInvalidEventType::new(node_id, now)
                .client_audit_entry_id(request_header.audit_entry_id.clone());
            let _ = server_state.raise_and_log(event);
        }
    };
}