python-opcua/opcua/server/certificate_manager.py at bf0493fc5e917507a067cad30590f5cc70491521 · FreeOpcUa/python-opcua · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import logging


class CertificateManager(object):

    def __init__(self):
        self.logger = logging.getLogger(__name__)
        self.certificate_manager = self.default_certificate_manager

    def default_certificate_manager(self, isession, certificate, signature):
        """
        Default certificate_manager, does nothing.
        """
        self.logger.warning("There is no certificate manager. You have to set one to manage the client identity.")
        return True

    def set_certificate_manager(self, certificate_manager):
        """
        set up a function which will check for the authorize client certificate. Input function takes certificate
        and signature as parameters and returns True of client is allowed access, False otherwise.
        """
        self.certificate_manager = certificate_manager

    def check_certificate_token(self, isession, client_params):
        """
        call the certificate manager
        """
        return self.certificate_manager(isession, client_params.UserIdentityToken.CertificateData,
                                        client_params.UserTokenSignature.Signature)