Node-OPCUA Connect to Server with unknown securityMode/securityPolicy
I am trying to connect to an opcua server with unknown securityMode and securityPolicy. Probably I have a basic understanding problem, but according to the OPCUA specification I can get the EndpointDescription via the local DiscoveryServer and then open a SecureChannel (session).
Currently I connect to the server without specifying the security settings, read out the endpoints and would then select an appropriate security setting and reconnect.
const getEndpoints = function (endpointUrl) {
return new Promise(function (resolve, reject) {
let client = new opcua.OPCUAClient();
client.connect(endpointUrl, function (err) {
if(err) reject(new Error(err));
client.getEndpointsRequest(function (err,endpoints) {
let reducedEndpoints = endpoints.map(endpoint =>
({
endpointUrl: endpoint.endpointUrl,
securityMode: endpoint.securityMode,
securityPolicy: endpoint.securityPolicyUri,
})
);
resolve(endpoints);
// resolve(reducedEndpoints);
client.disconnect();
})
})
})
}
const connect = function (endpointUrl, options) {
return new Promise(function (resolve, reject) {
const defaultOptions = {
connectionStrategy: {
maxRetry: 6,
},
keepSessionAlive: true,
endpoint_must_exist: false,
securityMode: options.MessageSecurityMode.NONE,
securityPolicy: SecurityPolicy.None,
};
let client = new opcua.OPCUAClient(Object.assign({}, defaultOptions, options));
client.connect(endpointUrl, function (err) {
if(err) {
reject(new Error(err));
}
resolve(client)
});
});
};
That doesn't feel right. It would be nice if someone would help me with an example.
Best Regards
Solution
- A client usually queries the endpoints of a OPCUA server in order to find out what will be the best security and encryption mode it will use to connect to the server.
- getEndpoints is one of the service that doesn't require the client to open a session on the Server.
// with node-opcua@0.4.1
const opcua = require("node-opcua");
async function getEndpoints(endpointUrl) {
let client = new opcua.OPCUAClient();
await client.connect(endpointUrl);
const endpoints = await client.getEndpoints();
const reducedEndpoints = endpoints.map(endpoint => ({
endpointUrl: endpoint.endpointUrl,
securityMode: endpoint.securityMode.toString(),
securityPolicy: endpoint.securityPolicyUri.toString(),
}));
await client.disconnect();
return reducedEndpoints;
}
async function main() {
const endpoints = await getEndpoints("opc.tcp://opcuademo.sterfive.com:26543");
console.log(endpoints);
}
main().then();
This code will output:
[ { endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
securityMode: 'NONE',
securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#None' },
{ endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
securityMode: 'SIGN',
securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15' },
{ endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
securityMode: 'SIGN',
securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic256' },
{ endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
securityMode: 'SIGN',
securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256' },
{ endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
securityMode: 'SIGNANDENCRYPT',
securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15' },
{ endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
securityMode: 'SIGNANDENCRYPT',
securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic256' },
{ endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
securityMode: 'SIGNANDENCRYPT',
securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256' } ]
This being said, an node-opcua client will automatically query the server endpoint during connect and verifies that the securityMode and securityPolicy requested by the user is available.
// with node-opcua@0.4.1
const opcua = require("node-opcua");
async function verifyEndpointAndConnect(endpointUrl) {
let client = new opcua.OPCUAClient();
await client.connect(endpointUrl);
// note that client has already requested the server endpoints
// during the connection. We can now simply query the Application
// description matching our security settings
const applicationDescription = client.findEndpointForSecurity(
opcua.MessageSecurityMode.SIGN,
opcua.SecurityPolicy.Basic256Sha256
);
await client.disconnect();
if (applicationDescription) {
console.log("Yes! the server support this endpoints:");
console.log(applicationDescription.toString());
}else {
console.log("Sorry! this server do not support the requested security mode");
return;
}
// let recreate our client with the requested security mode
client = new opcua.OPCUAClient({
securityMode: opcua.MessageSecurityMode.SIGN,
securityPolicy: opcua.SecurityPolicy.Basic256Sha256,
});
await client.connect(endpointUrl);
// [...] do something with this connected client.
await client.disconnect();
}
async function main() {
await verifyEndpointAndConnect("opc.tcp://opcuademo.sterfive.com:26543");
console.log("done");
}
main();
- Write integer to OPC UA server - “not of the same type” error
- Is there any way to export the model from the OPC server?
- Python OPC-UA : authentification
- The OPC UA server is only accessible via localhost
- How to set an access level to a method or a folder in milo server
- Connect system which includes OPC UA IoT Agent, Orion Context Broker. Cygnus and Historic data with Postgres
- A question about Milo SDK subscriptionTransfer
- OPC UA Client certificate connection problem: BadCertificateUseNotAllowed
- OCP UA status=Bad_ConnectionClosed using digital petri
- Writing variables with OPC UA
- question about Milo SDK SubscriptionListener
- Why isn't dataChangeFilterDeadbandValue key working by using Apache Camel OPC UA Client?
- Use Open62541 to connect a server failed, because of 'No suitable UserTokenPolicy found for the possible endpoints'
- Collect OPC-UA Data using Telegraf into QuestDB in a dense format
- Read ExtensionObject OPC UA - python
- Encoding and Decoding Custom OPC-UA DataTypes with UA-ModelCompiler
- Trouble Overriding addNodes Method in Eclipse Milo's NodeManagementServices
- Retries for Certs rejected by the OPCUA server
- save to csv simultaneously opcua datachange notification
- Adding security to OPC UA python server/client (Asyncua)
- Is it technically possible for an OPC UA client to tunnel requests to an OPC UA server via a Forward Proxy?
- The infinite loop to make the connection with opcua server, regardless of disconnecting the client
- Python OPCUA, modbus communication code gets a RuntimeError after 3 hours of running
- How to check whether a specific opc ua node already exists with asyncua?
- Opc.Ua "ServiceResultException: Endpoint does not support the user identity type provided." but Security Level is None
- OPC UA - Serialize an ExtensionObject
- Nodejs OPC-UA server certificat error without using any tls or certificates
- Understanding OPC-UA Security using Eclipse Milo
- OPC UA Foundation SDK .net OnSimpleWriteValue method return byte[] on complex data
- Why does my Listbox print the whole list in one line?