Merge pull request #750 from brubbel/cert-to-server

moved certificate variable from InternalServer to Server class

Author: oroulet

opcua/server/internal_server.py

@@ -64,7 +64,6 @@ def __init__(self, shelffile=None):
         self.disabled_clock = False  # for debugging we may want to disable clock that writes too much in log
         self._known_servers = {}  # used if we are a discovery server
 
-        self.certificate = None
         self.private_key = None
 
         self.aspace = AddressSpace()
@@ -466,4 +465,4 @@ def default_user_manager(iserver, isession, userName, password):
     """
     if iserver.allow_remote_admin and userName in ("admin", "Admin"):
         isession.user = User.Admin
-    return True
+    return True

opcua/server/server.py

@@ -112,6 +112,7 @@ def __init__(self, shelffile=None, iserver=None):
 
 
         # enable all endpoints by default
+        self.certificate = None
         self._security_policy = [
                         ua.SecurityPolicyType.NoSecurity,
                         ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt,
@@ -130,7 +131,7 @@ def load_certificate(self, path):
         """
         load server certificate from file, either pem or der
         """
-        self.iserver.certificate = uacrypto.load_certificate(path)
+        self.certificate = uacrypto.load_certificate(path)
 
     def load_private_key(self, path):
         self.iserver.private_key = uacrypto.load_private_key(path)
@@ -255,7 +256,7 @@ def _setup_server_nodes(self):
             self._policies = [ua.SecurityPolicyFactory()]
 
         if self._security_policy != [ua.SecurityPolicyType.NoSecurity]:
-            if not (self.iserver.certificate and self.iserver.private_key):
+            if not (self.certificate and self.iserver.private_key):
                 self.logger.warning("Endpoints other than open requested but private key and certificate are not set.")
                 return
 
@@ -267,15 +268,15 @@ def _setup_server_nodes(self):
                                     ua.MessageSecurityMode.SignAndEncrypt)
                 self._policies.append(ua.SecurityPolicyFactory(security_policies.SecurityPolicyBasic256Sha256,
                                                                ua.MessageSecurityMode.SignAndEncrypt,
-                                                               self.iserver.certificate,
+                                                               self.certificate,
                                                                self.iserver.private_key)
                                      )
             if ua.SecurityPolicyType.Basic256Sha256_Sign in self._security_policy:
                 self._set_endpoints(security_policies.SecurityPolicyBasic256Sha256,
                                     ua.MessageSecurityMode.Sign)
                 self._policies.append(ua.SecurityPolicyFactory(security_policies.SecurityPolicyBasic256Sha256,
                                                                ua.MessageSecurityMode.Sign,
-                                                               self.iserver.certificate,
+                                                               self.certificate,
                                                                self.iserver.private_key)
                                      )
 
@@ -309,8 +310,8 @@ def _set_endpoints(self, policy=ua.SecurityPolicy, mode=ua.MessageSecurityMode.N
         edp = ua.EndpointDescription()
         edp.EndpointUrl = self.endpoint.geturl()
         edp.Server = appdesc
-        if self.iserver.certificate:
-            edp.ServerCertificate = uacrypto.der_from_x509(self.iserver.certificate)
+        if self.certificate:
+            edp.ServerCertificate = uacrypto.der_from_x509(self.certificate)
         edp.SecurityMode = mode
         edp.SecurityPolicyUri = policy.URI
         edp.UserIdentityTokens = idtokens