OpenSecureChannel request
=========================

.. note::
   Add more information about:
   * ua time format
   * the Construct
   * openSSL


The OPC UA OpenSecureChannel request
------------------------------------



The OpenSecureChannel request contains the following fields:

===================================  ==============  =======================   ==================================
Parameter                            Datatype        Value                     Comments
===================================  ==============  =======================   ==================================
MessageType                          3 ACII bytes    OPN                       from Open
IsFinal                              1 ASCII byte    F                         from final
MessageSize                          ULInt32                
SecureChannelId                      ULInt32                                   
SecurityPolicyUriLength              ULInt32
SecurityPolicyUri                    String          NONE [SecPol]_            utf-8 encoded.                                    
SenderCertificateLength              ULInt32                                   
SenderCertificate                    Array of bytes  a DER encoded blob                                   
ReceiverCertificateThumbprintLength  ULInt32                                   
ReceiverCertificateThumbprint        Array of bytes                                   
Sequencenumber                       ULInt32                                   
RequestId                            ULInt32                                   
EncodingByte                         ULInt8 (ENUM)
NameSpace                            Byte
Identifier                           UInt16
AuthenticationTokenEncodingByte      Byte
AuthenticationTokenIdentifier        Byte
TimeStamp                            ULInt64
RequestHandle                        ULInt32
ReturnDiagnostics                    ULInt32
AuditEntryId                         String
TimeOutHint                          ULInt32
AHEncodingByte                       ULInt8 (ENUM)
AHIdentifier                         Byte
AHEncoding                           Byte
ProtocolVersion                      ULInt32
RequestType                          ULInt32
SecurityMode                         ULInt32
ClientNonce                          ULInt32
RequestedLifetime                    ULInt32
===================================  ==============  =======================   ==================================

Construct
---------

Using Construct we can create a struct, containing these fields.

.. code-block:: python

    from construct import *
    
    c = Struct('OPC UASC OpenSecureChannel Request',
    
                String('MessageType', 3),
                String('IsFinal', 1),
                ULInt32('MessageSize'),
                ULInt32('SecureChannelId'),
                PascalString('SecurityPolicyUri', length_field=ULInt32('length')),            
                SLInt32('SenderCertificateLength'),
                Bytes('SenderCertificate', lambda ctx:ctx['SenderCertificateLength']),            
                SLInt32('ReceiverCertificateThumbprintLength'),
                Bytes('ReceiverCertificateThumbprint', lambda ctx:ctx['ReceiverCertificateThumbprintLength']),
                ULInt32('SequenceNumber'),
                ULInt32('RequestId'),
                ULInt8('EncodingByte'),
                ULInt8('NameSpace'),
                ULInt16('Identifier'),
                ULInt8('AuthenticationTokenEncodingByte'),
                ULInt8('AuthenticationTokenIdentifier'),  
                ULInt64('TimeStamp'),
                ULInt32('RequestHandle'),
                ULInt32('ReturnDiagnostics'),
                PascalString('AuditEntryId', 
                             length_field=ULInt32('length'), 
                             encoding='utf8'),
                ULInt32('TimeOutHint'),
                ULInt8('AHEncodingByte'),# AdditionalHeader
                ULInt8('AHIdentifier'),
                ULInt8('AHEncoding'),
                ULInt32('ProtocolVersion'),
                ULInt32('RequestType'),
                ULInt32('SecurityMode'),
                ULInt32('ClientNonce'),
                ULInt32('RequestedLifetime'),
            )
    

Snippets
--------




.. [SecPol] The correct URL is something like: 
            `http://opcfoundation.org/UA/SecurityPolicy#None <https://opcfoundation.org/profilereporting/index.htm?ModifyProfile.aspx?ProfileID=53605a50-a6ac-44ed-9baa-36c4873ff504>`_