You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@plc4x.apache.org by hu...@apache.org on 2020/11/27 12:33:51 UTC
[plc4x] branch update/opcua-server updated: Disabled the remote
insecure endpoint.
This is an automated email from the ASF dual-hosted git repository.
hutcheb pushed a commit to branch update/opcua-server
in repository https://gitbox.apache.org/repos/asf/plc4x.git
The following commit(s) were added to refs/heads/update/opcua-server by this push:
new ef40b9d Disabled the remote insecure endpoint.
ef40b9d is described below
commit ef40b9d21ba45b5425abfe1afe36bf44f53534a8
Author: hutcheb <be...@gmail.com>
AuthorDate: Fri Nov 27 07:33:34 2020 -0500
Disabled the remote insecure endpoint.
---
pom.xml | 2 +-
.../plc4x/java/opcuaserver/Configuration.java | 7 ++++++
.../apache/plc4x/java/opcuaserver/OPCUAServer.java | 26 ++++++++++++++++-----
.../opcuaserver/backend/Plc4xCommunication.java | 27 ++++++++++++++++++----
sandbox/opcua-server/src/main/resources/config.yml | 1 +
5 files changed, 52 insertions(+), 11 deletions(-)
diff --git a/pom.xml b/pom.xml
index fe63052..9d0fc02 100644
--- a/pom.xml
+++ b/pom.xml
@@ -149,7 +149,7 @@
<logstash.version>7.4.0</logstash.version>
<lucene.version>8.3.0</lucene.version>
<metrics-core.version>3.1.2</metrics-core.version>
- <milo.version>0.5.2</milo.version>
+ <milo.version>0.5.3</milo.version>
<mockito.version>2.24.5</mockito.version>
<netty.version>4.1.47.Final</netty.version>
<owasp-dependency-check.version>6.0.0</owasp-dependency-check.version>
diff --git a/sandbox/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver/Configuration.java b/sandbox/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver/Configuration.java
index ee9d33b..0060c85 100644
--- a/sandbox/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver/Configuration.java
+++ b/sandbox/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver/Configuration.java
@@ -44,6 +44,9 @@ public class Configuration {
private String name;
@JsonProperty
+ private Boolean disableInsecureEndpoint = true;
+
+ @JsonProperty
private List<DeviceConfiguration> devices;
@JsonProperty
@@ -63,6 +66,10 @@ public class Configuration {
return name;
}
+ public boolean getDisableInsecureEndpoint() {
+ return disableInsecureEndpoint;
+ }
+
public String getDir() {
return dir;
}
diff --git a/sandbox/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver/OPCUAServer.java b/sandbox/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver/OPCUAServer.java
index 3480e59..4aa90ed 100644
--- a/sandbox/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver/OPCUAServer.java
+++ b/sandbox/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver/OPCUAServer.java
@@ -23,6 +23,7 @@ import java.io.File;
import java.security.KeyPair;
import java.security.Security;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
@@ -275,6 +276,8 @@ public class OPCUAServer {
List<String> bindAddresses = newArrayList();
bindAddresses.add("0.0.0.0");
+ List<String> localAddresses = new ArrayList<>(bindAddresses);
+
Set<String> hostnames = new LinkedHashSet<>();
hostnames.add(HostnameUtil.getHostname());
hostnames.addAll(HostnameUtil.getHostnames("0.0.0.0"));
@@ -292,12 +295,22 @@ public class OPCUAServer {
USER_TOKEN_POLICY_X509);
- EndpointConfiguration.Builder noSecurityBuilder = builder.copy()
- .setSecurityPolicy(SecurityPolicy.None)
- .setSecurityMode(MessageSecurityMode.None);
-
- endpointConfigurations.add(buildTcpEndpoint(noSecurityBuilder));
- endpointConfigurations.add(buildHttpsEndpoint(noSecurityBuilder));
+ if (!config.getDisableInsecureEndpoint()) {
+ EndpointConfiguration.Builder noSecurityBuilder = builder.copy()
+ .setSecurityPolicy(SecurityPolicy.None)
+ .setSecurityMode(MessageSecurityMode.None);
+ endpointConfigurations.add(buildTcpEndpoint(noSecurityBuilder));
+ endpointConfigurations.add(buildHttpsEndpoint(noSecurityBuilder));
+ } else {
+ //Always add an unsecured endpoint to localhost, this is a work around for Milo throughing an exception if it isn't here.
+ if (hostname.equals("127.0.0.1")) {
+ EndpointConfiguration.Builder noSecurityBuilder = builder.copy()
+ .setSecurityPolicy(SecurityPolicy.None)
+ .setSecurityMode(MessageSecurityMode.None);
+ endpointConfigurations.add(buildTcpEndpoint(noSecurityBuilder));
+ endpointConfigurations.add(buildHttpsEndpoint(noSecurityBuilder));
+ }
+ }
// TCP Basic256Sha256 / SignAndEncrypt
endpointConfigurations.add(buildTcpEndpoint(
@@ -318,6 +331,7 @@ public class OPCUAServer {
.setSecurityPolicy(SecurityPolicy.None)
.setSecurityMode(MessageSecurityMode.None);
+
endpointConfigurations.add(buildTcpEndpoint(discoveryBuilder));
endpointConfigurations.add(buildHttpsEndpoint(discoveryBuilder));
}
diff --git a/sandbox/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver/backend/Plc4xCommunication.java b/sandbox/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver/backend/Plc4xCommunication.java
index da11acb..5a0a13a 100644
--- a/sandbox/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver/backend/Plc4xCommunication.java
+++ b/sandbox/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver/backend/Plc4xCommunication.java
@@ -216,7 +216,7 @@ public class Plc4xCommunication {
connection.connect();
}
logger.debug(connectionString + " Connected");
- } catch (Exception e) {
+ } catch (PlcConnectionException e) {
logger.error("Failed to connect to device, error raised - " + e);
failedConnectionList.put(connectionString, System.currentTimeMillis());
return resp;
@@ -224,6 +224,11 @@ public class Plc4xCommunication {
if (!connection.getMetadata().canRead()) {
logger.error("This connection doesn't support reading.");
+ try {
+ connection.close();
+ } catch (Exception exception) {
+ logger.warn("Closing connection failed with error - " + exception);
+ }
return resp;
}
@@ -246,7 +251,7 @@ public class Plc4xCommunication {
try {
connection.close();
} catch (Exception exception) {
- logger.warn("Closing Connection Failed with error - " + exception);
+ logger.warn("Closing connection failed with error - " + exception);
}
return resp;
}
@@ -278,7 +283,7 @@ public class Plc4xCommunication {
connection.close();
} catch (Exception e) {
failedConnectionList.put(connectionString, System.currentTimeMillis());
- logger.warn("Close Failed" + e);
+ logger.warn("Closing connection failed with error " + e);
}
return resp;
}
@@ -287,10 +292,24 @@ public class Plc4xCommunication {
PlcConnection connection = null;
try {
connection = driverManager.getConnection(connectionString);
+ if (connection.isConnected() == false) {
+ logger.debug("getConnection() returned a connection that isn't connected");
+ connection.connect();
+ }
} catch (PlcConnectionException e) {
logger.warn("Failed" + e);
}
+ if (!connection.getMetadata().canWrite()) {
+ logger.error("This connection doesn't support writing.");
+ try {
+ connection.close();
+ } catch (Exception e) {
+ logger.warn("Closing connection failed with error " + e);
+ }
+ return;
+ }
+
// Create a new read request:
// - Give the single item requested an alias name
final PlcWriteRequest.Builder builder = connection.writeRequestBuilder();
@@ -315,7 +334,7 @@ public class Plc4xCommunication {
try {
connection.close();
} catch (Exception e) {
- logger.warn("Close Failed" + e);
+ logger.warn("Closing Connection Failed with error " + e);
}
return;
}
diff --git a/sandbox/opcua-server/src/main/resources/config.yml b/sandbox/opcua-server/src/main/resources/config.yml
index d3bcb54..686a28b 100644
--- a/sandbox/opcua-server/src/main/resources/config.yml
+++ b/sandbox/opcua-server/src/main/resources/config.yml
@@ -19,6 +19,7 @@
version: 0.1
#dir: {directory.here}
name: Plc4x.OPC.UA.Server
+disableInsecureEndpoint: true
tcpPort: 12687
httpPort: 8445
devices: