The library currently uses time.time() for timing in multiple places,
which causes problems when the system clock changes (e.g. manual adjustments).
time.monotonic() offers a monotonic clock unaffected by system time changes,
making it more reliable for measuring time intervals and timeouts.
This commit updates all occurrences of time.time() to time.monotonic() in:
- asyncua/crypto/security_policies.py
- asyncua/server/internal_subscription.py
- asyncua/server/uaprocessor.py
- asyncua/client/ha/reconciliator.py
Addresses issues reported in https://github.com/FreeOpcUa/opcua-asyncio/issues/1848.
Tested with existing test suite. Two tests fail on master as well, unrelated to this change.
* make prosys accept our certificate again in examples
* allow to send certificate without encryption or user identification as prosys now requires.
Had to fix a few new bugs that sudently appeared...
* clean imports
* remove leftover prints, less verbose when renaming struct
* remove unused variable
---------
Co-authored-by: Olivier <olivier@helitech>
* fix xml issue if standard namespace is also exported in the xml export file.
* ruff reformatted
* added safe guard
---------
Co-authored-by: Lukas Kaupp <lukas.kaupp@h-da.de>
* Added a chunked version of build etree to prevent a server-overload because of the mass of subsequent requests.
* Added a chunked version of build etree to prevent a server-overload because of the mass of subsequent requests.
Added argument description
Extended the _add_namespace method
* ruff reformatted
---------
Co-authored-by: Lukas Kaupp <lukas.kaupp@h-da.de>
The ClientNonce and also the peer_certificate can be set to None,
this fixes the resulting TypeError
```
Traceback (most recent call last):
File "...\Python312-32\Lib\site-packages\asyncua\server\uaprocessor.py", line 147, in process_message
return await self._process_message(typeid, requesthdr, seqhdr, body)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "...\Python312-32\Lib\site-packages\asyncua\server\uaprocessor.py", line 213, in _process_message
data = self._connection.security_policy.peer_certificate + params.ClientNonce
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~
TypeError: can't concat NoneType to bytes
^^^^^^^^^^^^^^^^^^^^^^^
TypeError: object of type 'NoneType' has no len()
```
fixes#1821
* Fix certificate chain handling in x509_from_der function
This change enhances the x509_from_der function to properly handle certificate chains
by extracting and using the first certificate when a chain is detected.
When a certificate chain is received, the cryptography library raises a ValueError
with 'extradata' in the error message. This fix catches that specific error and
implements DER parsing to extract the first certificate from the chain.
This allows the library to work with certificate chains that some OPC UA servers
might provide, improving compatibility.
Fixes#1148 and #1245
* Update CHANGELOG.md with certificate chain fix
* Improve exception handling comment in x509_from_der function
* Add tests for certificate chain handling
* Fix code formatting issues
* Apply Ruff formatting changes
* Remove unused os import from test file
If loading data types out of order it is expected to get an exception in load_data_typ_definitions. We shouldn't report this to the log file until we give up on loading types.
This also fixes an error in the log format string, which leads to an exception when logging.
* datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
So I use ".now(UTC)"" and "from datetime import datetime, UTC". And fix typos. Optimize imports
* I accidentally deleted a line.
* Parse ExtensionObjects with missing length (= -1)
Some old OPC/UA implementations omit the length when building ExtensionObjects and
instead specify -1 - for interoperability, assume this means the rest of the buffer
* Lint
* Update connection limit logging to check for changes
Added conditionals to log limit updates only when changes are detected, reducing unnecessary log noise. This applies to both server and client limit updates in the connection logic.
* Fix indentation in server and client limit updates
Adjusted indentation in the `update_limits` methods to ensure values are updated only when changes are detected. This aligns the logic with the condition and avoids unnecessary updates.
* Fix ruff format
---------
Co-authored-by: Hector Oliveros <holiveros.see@aminerals.cl>
- The updated ServerNonce was not saved after activate_session, which
means that subsequent activate_sessions would fail with
BadIdentityTokenInvalid.
- The _username and _password attributes of Client were never updated but
checked in the code (_add_user_auth function).
