123 lines
4.9 KiB
C#
123 lines
4.9 KiB
C#
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.Extensions.Logging;
|
|
using Opc.Ua;
|
|
using Opc.Ua.Server;
|
|
using ZB.MOM.WW.OtOpcUa.Core.Abstractions;
|
|
using ZB.MOM.WW.OtOpcUa.Core.Hosting;
|
|
using ZB.MOM.WW.OtOpcUa.Core.OpcUa;
|
|
using ZB.MOM.WW.OtOpcUa.Server.Security;
|
|
|
|
namespace ZB.MOM.WW.OtOpcUa.Server.OpcUa;
|
|
|
|
/// <summary>
|
|
/// <see cref="StandardServer"/> subclass that wires one <see cref="DriverNodeManager"/> per
|
|
/// registered driver from <see cref="DriverHost"/>. Anonymous endpoint on
|
|
/// <c>opc.tcp://0.0.0.0:4840</c>, no security — PR 16 minimum-viable scope; LDAP + security
|
|
/// profiles are deferred to their own PR on top of this.
|
|
/// </summary>
|
|
public sealed class OtOpcUaServer : StandardServer
|
|
{
|
|
private readonly DriverHost _driverHost;
|
|
private readonly IUserAuthenticator _authenticator;
|
|
private readonly ILoggerFactory _loggerFactory;
|
|
private readonly List<DriverNodeManager> _driverNodeManagers = new();
|
|
|
|
public OtOpcUaServer(DriverHost driverHost, IUserAuthenticator authenticator, ILoggerFactory loggerFactory)
|
|
{
|
|
_driverHost = driverHost;
|
|
_authenticator = authenticator;
|
|
_loggerFactory = loggerFactory;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Read-only snapshot of the driver node managers materialized at server start. Used by
|
|
/// the generic-driver-node-manager-driven discovery flow after the server starts — the
|
|
/// host walks each entry and invokes
|
|
/// <c>GenericDriverNodeManager.BuildAddressSpaceAsync(manager)</c> passing the manager
|
|
/// as its own <see cref="IAddressSpaceBuilder"/>.
|
|
/// </summary>
|
|
public IReadOnlyList<DriverNodeManager> DriverNodeManagers => _driverNodeManagers;
|
|
|
|
protected override MasterNodeManager CreateMasterNodeManager(IServerInternal server, ApplicationConfiguration configuration)
|
|
{
|
|
foreach (var driverId in _driverHost.RegisteredDriverIds)
|
|
{
|
|
var driver = _driverHost.GetDriver(driverId);
|
|
if (driver is null) continue;
|
|
|
|
var logger = _loggerFactory.CreateLogger<DriverNodeManager>();
|
|
var manager = new DriverNodeManager(server, configuration, driver, logger);
|
|
_driverNodeManagers.Add(manager);
|
|
}
|
|
|
|
return new MasterNodeManager(server, configuration, null, _driverNodeManagers.ToArray());
|
|
}
|
|
|
|
protected override void OnServerStarted(IServerInternal server)
|
|
{
|
|
base.OnServerStarted(server);
|
|
// Hook UserName / Anonymous token validation here. Anonymous passes through; UserName
|
|
// is validated against the IUserAuthenticator (LDAP in production). Rejected identities
|
|
// throw ServiceResultException which the stack translates to Bad_IdentityTokenInvalid.
|
|
server.SessionManager.ImpersonateUser += OnImpersonateUser;
|
|
}
|
|
|
|
private void OnImpersonateUser(Session session, ImpersonateEventArgs args)
|
|
{
|
|
switch (args.NewIdentity)
|
|
{
|
|
case AnonymousIdentityToken:
|
|
args.Identity = new UserIdentity(); // anonymous
|
|
return;
|
|
|
|
case UserNameIdentityToken user:
|
|
{
|
|
var result = _authenticator.AuthenticateAsync(
|
|
user.UserName, user.DecryptedPassword, CancellationToken.None)
|
|
.GetAwaiter().GetResult();
|
|
if (!result.Success)
|
|
{
|
|
throw ServiceResultException.Create(
|
|
StatusCodes.BadUserAccessDenied,
|
|
"Invalid username or password ({0})", result.Error ?? "no detail");
|
|
}
|
|
args.Identity = new RoleBasedIdentity(user.UserName, result.DisplayName, result.Roles);
|
|
return;
|
|
}
|
|
|
|
default:
|
|
throw ServiceResultException.Create(
|
|
StatusCodes.BadIdentityTokenInvalid,
|
|
"Unsupported user identity token type: {0}", args.NewIdentity?.GetType().Name ?? "null");
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// Tiny UserIdentity carrier that preserves the resolved roles so downstream node
|
|
/// managers can gate writes by role via <c>session.Identity</c>. Anonymous identity still
|
|
/// uses the stack's default.
|
|
/// </summary>
|
|
private sealed class RoleBasedIdentity : UserIdentity, IRoleBearer
|
|
{
|
|
public IReadOnlyList<string> Roles { get; }
|
|
public string? Display { get; }
|
|
|
|
public RoleBasedIdentity(string userName, string? displayName, IReadOnlyList<string> roles)
|
|
: base(userName, "")
|
|
{
|
|
Display = displayName;
|
|
Roles = roles;
|
|
}
|
|
}
|
|
|
|
protected override ServerProperties LoadServerProperties() => new()
|
|
{
|
|
ManufacturerName = "OtOpcUa",
|
|
ProductName = "OtOpcUa.Server",
|
|
ProductUri = "urn:OtOpcUa:Server",
|
|
SoftwareVersion = "2.0.0",
|
|
BuildNumber = "0",
|
|
BuildDate = DateTime.UtcNow,
|
|
};
|
|
}
|