# This file is part of Beremiz, a Integrated Development Environment for
# programming IEC 61131-3 automates supporting plcopen standard and CanFestival.
# Copyright (C) 2007: Edouard TISSERANT and Laurent BESSARD
# See COPYING file for copyrights details.
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
from functools import partial
from threading import Thread, Event
from twisted.internet import reactor, threads
from twisted.internet._sslverify import OpenSSLCertificateAuthorities
from twisted.internet.ssl import PrivateCertificate, optionsForClientTLS, VerificationError
from autobahn.twisted import wamp
from autobahn.twisted.websocket import WampWebSocketClientFactory, connectWS
from autobahn.wamp import types, auth
from autobahn.wamp.exception import TransportLost, ApplicationError
from autobahn.wamp.serializer import MsgPackSerializer
from OpenSSL import crypto
from ProjectController import ToDoBeforeQuit
from connectors.ConnectorBase import ConnectorBase
import PSKManagement as PSK
import CertManagement as Cert
_WampConnectEvent = Event()
AUTH_CLIENTCERT = "ClientCertificate"
AUTHENTICATION_TYPES = [AUTH_NONE, AUTH_PSK, AUTH_CLIENTCERT]
SSL_AUTHENTICATION_TYPES = [AUTH_CLIENTCERT]
class WampSession(wamp.ApplicationSession):
auth = self.config.extra["authentication"]
accepted_method = "anonymous"
authID = self.config.extra["IDE_ID"]
accepted_method = "wampcra"
elif auth in SSL_AUTHENTICATION_TYPES:
log = self.config.extra["log"]
log.write_error("WAMP Invalid authentication: %s\n"%auth)
self.join(self.config.realm,
authmethods=[accepted_method],
def onChallenge(self, challenge):
if challenge.method == "wampcra":
secret = self.config.extra["secret"]
if 'salt' in challenge.extra:
key = auth.derive_key(secret,
challenge.extra['iterations'],
challenge.extra['keylen'])
signature = auth.compute_wcs(key, challenge.extra['challenge'])
log = self.config.extra["log"]
log.write_error("Invalid authmethod {}\n".format(challenge.method))
def onJoin(self, details):
global _WampSession, _WampConnectEvent
log = self.config.extra["log"]
log.write('WAMP session joined for: %s\n'%self.config.extra["IDE_ID"])
def onLeave(self, details):
global _WampSession, _WampError, _WampConnectEvent
if details.reason == "wamp.close.normal":
_WampError = "Closed normally"
elif details.reason == "wamp.error.not_authorized":
_WampError = "WAMP authentication failed. Check IDE identity in security manager."
_WampError = "WAMP closed with error {}: {}".format(details.reason, details.message)
# this case can go silent if connection was already established, so log it additionally.
log = self.config.extra["log"]
log.write_error(_WampError+"\n")
class ComplainingWampWebSocketClientFactory(WampWebSocketClientFactory):
def clientConnectionLost(self, connector, reason):
global _WampError, _WampConnectEvent, _WampSession
if not reason.check(VerificationError):
_WampError = "WAMP TLS certificate verification failed. "+\
"Provide valid certicate in identity manager."
_WampError = "WAMP connection lost: "+reason.getErrorMessage()
clientConnectionFailed = clientConnectionLost
def _WAMP_connector_factory(cls, uri, confnodesroot):
WAMPS://127.0.0.1:12345/path#realm#PLC_ID
Accepted schemes: WAMP WAMP-ANNON WAMPS WAMPS-ANNON WAMPS-INSECURE WAMPS-NOVERIFY WAMPS-CRT
scheme, location = uri.split("://")
urlpath, realm, PLC_ID = location.split('#')
urlprefix , ssl_auth, use_secret, use_ssl, verify, auth = {
"WAMP": ("ws" , 0 , 1 , 0 , 0 , AUTH_PSK ),
"WAMP-ANNON": ("ws" , 0 , 0 , 0 , 0 , AUTH_NONE ),
"WAMPS": ("wss", 0 , 1 , 1 , 1 , AUTH_PSK ),
"WAMPS-ANNON": ("wss", 0 , 0 , 1 , 1 , AUTH_NONE ),
"WAMPS-INSECURE":("wss", 0 , 0 , 1 , 0 , AUTH_NONE ),
"WAMPS-NOVERIFY":("wss", 0 , 1 , 1 , 0 , AUTH_PSK ),
"WAMPS-CRT": ("wss", 1 , 0 , 1 , 1 , AUTH_CLIENTCERT ),
url = urlprefix+"://"+urlpath
CN = urlpath.split("/")[0].split(":")[0]
confnodesroot.logger.write_error(
_("Malformed URI: {uri} failure: {ex}\n").format(
uri=uri, ex=str(e)) + __doc__)
IDE_ID, secret = PSK.GetIDEIdentity()
trust_store = Cert.GetCertPath(CN)
client_cert_file = Cert.GetClientCert()
confnodesroot.logger.write_error(
_("Connection to {uri} ({url}) failed with exception {ex}\n").format(
uri=uri, url=url, ex=str(e)))
def RegisterWampClient():
# start logging to console
# log.startLogging(sys.stdout)
"log": confnodesroot.logger
extraconf["secret"] = secret
# create a WAMP application session factory
session_factory = wamp.ApplicationSessionFactory(
config=types.ComponentConfig(
session_factory.session = cls
# create a WAMP-over-WebSocket transport client factory
transport_factory = ComplainingWampWebSocketClientFactory(
serializers=[MsgPackSerializer()])
if transport_factory.isSecure:
if os.path.exists(client_cert_file):
client_cert = PrivateCertificate.loadPEM(open(client_cert_file, 'rb').read())
confnodesroot.logger.write_error(
_("WAMP client certificate not provided for: {CN}\n").format(CN=CN))
if os.path.exists(trust_store):
cert = crypto.load_certificate(crypto.FILETYPE_PEM,
open(trust_store, 'rb').read())
trustRoot = OpenSSLCertificateAuthorities([cert])
contextFactory=optionsForClientTLS(transport_factory.host,
clientCertificate=client_cert)
# start the client from a Twisted endpoint
conn = connectWS(transport_factory, contextFactory)
confnodesroot.logger.write(_("WAMP connecting to: %s\n") % uri)
_WampConnection = RegisterWampClient()
ToDoBeforeQuit.append(reactor.stop)
reactor.run(installSignalHandlers=False)
global _WampConnection, _WampSession, _WampConnectEvent, _WampError
_WampConnectEvent.clear()
Thread(target=ThreadProc).start()
_WampConnection = threads.blockingCallFromThread(
reactor, RegisterWampClient)
if not _WampConnectEvent.wait(4):
confnodesroot.logger.write_error("WAMP connection timeout\n")
threads.blockingCallFromThread(
reactor, _WampConnection.stopConnecting)
confnodesroot.logger.write_error(f"WAMP connection failed: {_WampError}\n")
class WampPLCObjectProxy(ConnectorBase):
_WampConnection.disconnect()
def WampSessionProcMapper(self, funcname):
wampfuncname = '.'.join((PLC_ID, funcname))
def catcher_func(*args, **kwargs):
if _WampSession is not None:
return threads.blockingCallFromThread(
reactor, _WampSession.call, wampfuncname,
confnodesroot.logger.write_error(_("Connection lost!\n"))
confnodesroot._SetConnector(None)
except ApplicationError as e:
confnodesroot.logger.write_error(_("Connection closed because of error: ") + e.error_message() + "\n")
confnodesroot._SetConnector(None)
errmess = traceback.format_exc()
confnodesroot.logger.write_error(_("Unexcpected exception in WAMP connector: ") + errmess + "\n")
# confnodesroot._SetConnector(None)
return self.PLCObjDefaults.get(funcname)
def __getattr__(self, attrName):
member = self.__dict__.get(attrName, None)
member = self.WampSessionProcMapper(attrName)
self.__dict__[attrName] = member
return WampPLCObjectProxy()
WAMP_connector_factory = partial(_WAMP_connector_factory, WampSession)
