FreeOpcUa
diff --git a/‎opcua/server/address_space.py‎
Lines changed: 13 additions & 13 deletions b/‎opcua/server/address_space.py‎
Lines changed: 13 additions & 13 deletions
diff --git a/‎opcua/server/internal_server.py‎
Lines changed: 16 additions & 64 deletions b/‎opcua/server/internal_server.py‎
Lines changed: 16 additions & 64 deletions
diff --git a/‎opcua/server/server.py‎
Lines changed: 9 additions & 6 deletions b/‎opcua/server/server.py‎
Lines changed: 9 additions & 6 deletions
@@ -9,7 +9,7 @@
     import pickle
 
 from opcua import ua
-from opcua.server.users import User
+from opcua.server.user_manager import UserManager
 
 
 class AttributeValue(object):
@@ -50,11 +50,11 @@ def read(self, params):
             res.append(self._aspace.get_attribute_value(readvalue.NodeId, readvalue.AttributeId))
         return res
 
-    def write(self, params, user=User.Admin):
+    def write(self, params, user=UserManager.User.Admin):
         self.logger.debug("write %s as user %s", params, user)
         res = []
         for writevalue in params.NodesToWrite:
-            if user != User.Admin:
+            if user != UserManager.User.Admin:
                 if writevalue.AttributeId != ua.AttributeIds.Value:
                     res.append(ua.StatusCode(ua.StatusCodes.BadUserAccessDenied))
                     continue
@@ -182,13 +182,13 @@ def __init__(self, aspace):
         self.logger = logging.getLogger(__name__)
         self._aspace = aspace
 
-    def add_nodes(self, addnodeitems, user=User.Admin):
+    def add_nodes(self, addnodeitems, user=UserManager.User.Admin):
         results = []
         for item in addnodeitems:
             results.append(self._add_node(item, user))
         return results
 
-    def try_add_nodes(self, addnodeitems, user=User.Admin, check=True):
+    def try_add_nodes(self, addnodeitems, user=UserManager.User.Admin, check=True):
         for item in addnodeitems:
             ret = self._add_node(item, user, check=check)
             if not ret.StatusCode.is_good():
@@ -198,7 +198,7 @@ def _add_node(self, item, user, check=True):
         self.logger.debug("Adding node %s %s", item.RequestedNewNodeId, item.BrowseName)
         result = ua.AddNodesResult()
 
-        if not user == User.Admin:
+        if not user == UserManager.User.Admin:
             result.StatusCode = ua.StatusCode(ua.StatusCodes.BadUserAccessDenied)
             return result
 
@@ -302,14 +302,14 @@ def _add_type_definition(self, nodedata, item):
         addref.TargetNodeClass = ua.NodeClass.DataType
         self._add_reference_no_check(nodedata, addref)
 
-    def delete_nodes(self, deletenodeitems, user=User.Admin):
+    def delete_nodes(self, deletenodeitems, user=UserManager.User.Admin):
         results = []
         for item in deletenodeitems.NodesToDelete:
             results.append(self._delete_node(item, user))
         return results
 
     def _delete_node(self, item, user):
-        if user != User.Admin:
+        if user != UserManager.User.Admin:
             return ua.StatusCode(ua.StatusCodes.BadUserAccessDenied)
 
         if item.NodeId not in self._aspace:
@@ -337,13 +337,13 @@ def _delete_node_callbacks(self, nodedata):
                 except Exception as ex:
                     self.logger.exception("Error calling delete node callback callback %s, %s, %s", nodedata, ua.AttributeIds.Value, ex)
 
-    def add_references(self, refs, user=User.Admin):
+    def add_references(self, refs, user=UserManager.User.Admin):
         result = []
         for ref in refs:
             result.append(self._add_reference(ref, user))
         return result
 
-    def try_add_references(self, refs, user=User.Admin):
+    def try_add_references(self, refs, user=UserManager.User.Admin):
         for ref in refs:
             if not self._add_reference(ref, user).is_good():
                 yield ref
@@ -354,7 +354,7 @@ def _add_reference(self, addref, user):
             return ua.StatusCode(ua.StatusCodes.BadSourceNodeIdInvalid)
         if addref.TargetNodeId not in self._aspace:
             return ua.StatusCode(ua.StatusCodes.BadTargetNodeIdInvalid)
-        if user != User.Admin:
+        if user != UserManager.User.Admin:
             return ua.StatusCode(ua.StatusCodes.BadUserAccessDenied)
         return self._add_reference_no_check(sourcedata, addref)
 
@@ -375,7 +375,7 @@ def _add_reference_no_check(self, sourcedata, addref):
             rdesc.DisplayName = dname
         return self._add_unique_reference(sourcedata, rdesc)
 
-    def delete_references(self, refs, user=User.Admin):
+    def delete_references(self, refs, user=UserManager.User.Admin):
         result = []
         for ref in refs:
             result.append(self._delete_reference(ref, user))
@@ -400,7 +400,7 @@ def _delete_reference(self, item, user):
             return ua.StatusCode(ua.StatusCodes.BadTargetNodeIdInvalid)
         if item.ReferenceTypeId not in self._aspace:
             return ua.StatusCode(ua.StatusCodes.BadReferenceTypeIdInvalid)
-        if user != User.Admin:
+        if user != UserManager.User.Admin:
             return ua.StatusCode(ua.StatusCodes.BadUserAccessDenied)
 
         if item.DeleteBidirectional:
 
@@ -4,7 +4,6 @@
 """
 from datetime import datetime, timedelta
 from copy import copy
-from struct import unpack_from, unpack
 import os
 import logging
 from threading import Lock
@@ -28,16 +27,9 @@
 from opcua.server.address_space import MethodService
 from opcua.server.subscription_service import SubscriptionService
 from opcua.server.standard_address_space import standard_address_space
-from opcua.server.users import User
+from opcua.server.user_manager import UserManager
 #from opcua.common import xmlimporter
 
-use_crypto = True
-try:
-    from opcua.crypto import uacrypto
-except ImportError:
-    logging.getLogger(__name__).warning("cryptography is not installed, use of crypto disabled")
-    use_crypto = False
-
 
 class SessionState(Enum):
     Created = 0
@@ -53,19 +45,17 @@ def __init__(self, serv, cap=None):
 
 class InternalServer(object):
 
-    def __init__(self, shelffile=None):
+    def __init__(self, shelffile=None, parent=None):
         self.logger = logging.getLogger(__name__)
 
+        self._parent = parent
         self.server_callback_dispatcher = CallbackDispatcher()
 
         self.endpoints = []
         self._channel_id_counter = 5
-        self.allow_remote_admin = True
         self.disabled_clock = False  # for debugging we may want to disable clock that writes too much in log
         self._known_servers = {}  # used if we are a discovery server
 
-        self.private_key = None
-
         self.aspace = AddressSpace()
         self.attribute_service = AttributeService(self.aspace)
         self.view_service = ViewService(self.aspace)
@@ -80,15 +70,18 @@ def __init__(self, shelffile=None):
 
         self.history_manager = HistoryManager(self)
 
-        self.user_manager = default_user_manager # defined at the end of this file
-
         # create a session to use on server side
-        self.isession = InternalSession(self, self.aspace, self.subscription_service, "Internal", user=User.Admin)
+        self.isession = InternalSession(self, self.aspace, \
+          self.subscription_service, "Internal", user=UserManager.User.Admin)
 
         self.current_time_node = Node(self.isession, ua.NodeId(ua.ObjectIds.Server_ServerStatus_CurrentTime))
         self._address_space_fixes()
         self.setup_nodes()
 
+    @property
+    def userManager(self):
+        return self._parent.userManager
+
     def setup_nodes(self):
         """
         Set up some nodes as defined by spec
@@ -219,7 +212,7 @@ def register_server(self, server, conf=None):
     def register_server2(self, params):
         return self.register_server(params.Server, params.DiscoveryConfiguration)
 
-    def create_session(self, name, user=User.Anonymous, external=False):
+    def create_session(self, name, user=UserManager.User.Anonymous, external=False):
         return InternalSession(self, self.aspace, self.subscription_service, name, user=user, external=external)
 
     def enable_history_data_change(self, node, period=timedelta(days=7), count=0):
@@ -280,48 +273,12 @@ def set_attribute_value(self, nodeid, datavalue, attr=ua.AttributeIds.Value):
         """
         self.aspace.set_attribute_value(nodeid, ua.AttributeIds.Value, datavalue)
 
-    def set_user_manager(self, user_manager):
-        """
-        set up a function which that will check for authorize users. Input function takes username
-        and password as paramters and returns True of user is allowed access, False otherwise.
-        """
-        self.user_manager = user_manager
-
-    def check_user_token(self, isession, token):
-        """
-        unpack the username and password for the benefit of the user defined user manager
-        """
-        userName = token.UserName
-        passwd = token.Password
-
-        # decrypt password is we can
-        if str(token.EncryptionAlgorithm) != "None":
-            if use_crypto == False:
-                return False;
-            try:
-                if token.EncryptionAlgorithm == "http://www.w3.org/2001/04/xmlenc#rsa-1_5":
-                    raw_pw = uacrypto.decrypt_rsa15(self.private_key, passwd)
-                elif token.EncryptionAlgorithm == "http://www.w3.org/2001/04/xmlenc#rsa-oaep":
-                    raw_pw = uacrypto.decrypt_rsa_oaep(self.private_key, passwd)
-                else:
-                    self.logger.warning("Unknown password encoding '{0}'".format(token.EncryptionAlgorithm))
-                    return False
-                length = unpack_from('<I', raw_pw)[0] - len(isession.nonce)
-                passwd = raw_pw[4:4 + length]
-                passwd = passwd.decode('utf-8')
-            except Exception as exp:
-                self.logger.warning("Unable to decrypt password")
-                return False
-
-        # call user_manager
-        return self.user_manager(self, isession, userName, passwd)
-
 
 class InternalSession(object):
     _counter = 10
     _auth_counter = 1000
 
-    def __init__(self, internal_server, aspace, submgr, name, user=User.Anonymous, external=False):
+    def __init__(self, internal_server, aspace, submgr, name, user=UserManager.User.Anonymous, external=False):
         self.logger = logging.getLogger(__name__)
         self.iserver = internal_server
         self.external = external  # define if session is external, we need to copy some objects if it is internal
@@ -339,6 +296,10 @@ def __init__(self, internal_server, aspace, submgr, name, user=User.Anonymous, e
         self.logger.info("Created internal session %s", self.name)
         self._lock = Lock()
 
+    @property
+    def userManager(self):
+        return self.iserver.userManager
+
     def __str__(self):
         return "InternalSession(name:{0}, user:{1}, id:{2}, auth_token:{3})".format(
             self.name, self.user, self.session_id, self.authentication_token)
@@ -377,7 +338,7 @@ def activate_session(self, params):
         self.state = SessionState.Activated
         id_token = params.UserIdentityToken
         if isinstance(id_token, ua.UserNameIdentityToken):
-            if self.iserver.check_user_token(self, id_token) == False:
+            if self.userManager.check_user_token(self, id_token) == False:
                 raise utils.ServiceError(ua.StatusCodes.BadUserAccessDenied)
         self.logger.info("Activated internal session %s for user %s", self.name, self.user)
         return result
@@ -457,12 +418,3 @@ def publish(self, acks=None):
         if acks is None:
             acks = []
         return self.subscription_service.publish(acks)
-
-
-def default_user_manager(iserver, isession, userName, password):
-    """
-    Default user_manager, does nothing much but check for admin
-    """
-    if iserver.allow_remote_admin and userName in ("admin", "Admin"):
-        isession.user = User.Admin
-    return True
@@ -15,6 +15,7 @@
 from opcua.server.binary_server_asyncio import BinaryServer
 from opcua.server.internal_server import InternalServer
 from opcua.server.event_generator import EventGenerator
+from opcua.server.user_manager import UserManager
 from opcua.common.node import Node
 from opcua.common.subscription import Subscription
 from opcua.common.manage_nodes import delete_nodes
@@ -86,7 +87,7 @@ def __init__(self, shelffile=None, iserver=None):
         if iserver is not None:
             self.iserver = iserver
         else:
-            self.iserver = InternalServer(shelffile)
+            self.iserver = InternalServer(shelffile = shelffile, parent = self)
         self.bserver = None
         self._discovery_clients = {}
         self._discovery_period = 60
@@ -113,6 +114,8 @@ def __init__(self, shelffile=None, iserver=None):
 
         # enable all endpoints by default
         self.certificate = None
+        self.private_key = None
+        self.userManager = UserManager(parent = self)
         self._security_policy = [
                         ua.SecurityPolicyType.NoSecurity,
                         ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt,
@@ -134,7 +137,7 @@ def load_certificate(self, path):
         self.certificate = uacrypto.load_certificate(path)
 
     def load_private_key(self, path):
-        self.iserver.private_key = uacrypto.load_private_key(path)
+        self.private_key = uacrypto.load_private_key(path)
 
     def disable_clock(self, val=True):
         """
@@ -204,7 +207,7 @@ def allow_remote_admin(self, allow):
         """
         Enable or disable the builtin Admin user from network clients
         """
-        self.iserver.allow_remote_admin = allow
+        self.userManager.allow_remote_admin = allow
 
     def set_endpoint(self, url):
         self.endpoint = urlparse(url)
@@ -256,7 +259,7 @@ def _setup_server_nodes(self):
             self._policies = [ua.SecurityPolicyFactory()]
 
         if self._security_policy != [ua.SecurityPolicyType.NoSecurity]:
-            if not (self.certificate and self.iserver.private_key):
+            if not (self.certificate and self.private_key):
                 self.logger.warning("Endpoints other than open requested but private key and certificate are not set.")
                 return
 
@@ -269,15 +272,15 @@ def _setup_server_nodes(self):
                 self._policies.append(ua.SecurityPolicyFactory(security_policies.SecurityPolicyBasic256Sha256,
                                                                ua.MessageSecurityMode.SignAndEncrypt,
                                                                self.certificate,
-                                                               self.iserver.private_key)
+                                                               self.private_key)
                                      )
             if ua.SecurityPolicyType.Basic256Sha256_Sign in self._security_policy:
                 self._set_endpoints(security_policies.SecurityPolicyBasic256Sha256,
                                     ua.MessageSecurityMode.Sign)
                 self._policies.append(ua.SecurityPolicyFactory(security_policies.SecurityPolicyBasic256Sha256,
                                                                ua.MessageSecurityMode.Sign,
                                                                self.certificate,
-                                                               self.iserver.private_key)
+                                                               self.private_key)
                                      )
 
     def _set_endpoints(self, policy=ua.SecurityPolicy, mode=ua.MessageSecurityMode.None_):