From 1a3081e22e5317eb9f15a6a8134a4bdc592f7aac Mon Sep 17 00:00:00 2001
From: nic <nic@iab.berlin>
Date: Thu, 7 Jun 2018 16:31:46 +0200
Subject: [PATCH 1/2] Client signature verification by server

---
 opcua/server/uaprocessor.py | 43 +++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/opcua/server/uaprocessor.py b/opcua/server/uaprocessor.py
index 87066374c..d7a6785a6 100644
--- a/opcua/server/uaprocessor.py
+++ b/opcua/server/uaprocessor.py
@@ -165,6 +165,49 @@ def _process_message(self, typeid, requesthdr, algohdr, seqhdr, body):
                 data = self._connection.security_policy.client_certificate + self.session.nonce
             self._connection.security_policy.asymmetric_cryptography.verify(data, params.ClientSignature.Signature)
 
+            #
+            # somewhere create a list of trusted certificates
+            #
+            from opcua.crypto import uacrypto
+            trusted_certificates = [uacrypto.load_certificate('certificate-example.der')]
+
+            #
+            # To be implmeneted in the asymmetric_cryptography.verify (just called function above)
+            #
+            from opcua.crypto import uacrypto
+            client_cert = params.UserIdentityToken.CertificateData
+            sig1 = params.ClientSignature.Signature
+            sig2 = params.UserTokenSignature.Signature
+            verification_passed = False
+
+            '''
+            # test
+            cert1 = uacrypto.load_certificate('certificate-example.der')
+            cert2 = uacrypto.load_certificate('cert.pem')
+            import pdb
+            pdb.set_trace()
+            '''
+
+            for cert in trusted_certificates:
+                if uacrypto.der_from_x509(cert) == client_cert:
+                    # even if certificates match, veryfy that a matching key is assigned with the signature
+                    # not sure what is the role of data here but the verification can't be done with any data
+                    try:
+                        uacrypto.verify_sha1(cert, data, sig2)
+                        verification_passed = True
+                    except:
+                        self.logger.warning('Faulty client signature received by server during connection activation')
+                    break
+
+            if verification_passed: 
+                self.logger.info('Verification of signature with a trusted certificate is confirmed')
+            else:
+                self.logger.warning('An untrusted client activates a session with the server!!!')
+
+            #
+            #######
+            #
+
             result = self.session.activate_session(params)
 
             response = ua.ActivateSessionResponse()

From 9a1dffd360e9de3843c693c9747a6a18e043463e Mon Sep 17 00:00:00 2001
From: nic <nic@iab.berlin>
Date: Thu, 7 Jun 2018 17:01:28 +0200
Subject: [PATCH 2/2] add working examples of client and server

---
 examples/XMLSchemas/xml_opc_schema_test1.xml | 257 +++++++++++++++++++
 examples/cert.pem                            |  15 ++
 examples/client_encrypt_malicious.py         |  36 +++
 examples/key.pem                             |  16 ++
 examples/server_encrypt_malicious.py         |  74 ++++++
 5 files changed, 398 insertions(+)
 create mode 100644 examples/XMLSchemas/xml_opc_schema_test1.xml
 create mode 100644 examples/cert.pem
 create mode 100644 examples/client_encrypt_malicious.py
 create mode 100644 examples/key.pem
 create mode 100644 examples/server_encrypt_malicious.py

diff --git a/examples/XMLSchemas/xml_opc_schema_test1.xml b/examples/XMLSchemas/xml_opc_schema_test1.xml
new file mode 100644
index 000000000..863276006
--- /dev/null
+++ b/examples/XMLSchemas/xml_opc_schema_test1.xml
@@ -0,0 +1,257 @@
+<?xml version='1.0' encoding='utf-8'?>
+<UANodeSet xmlns="http://opcfoundation.org/UA/2011/03/UANodeSet.xsd" xmlns:uax="http://opcfoundation.org/UA/2008/02/Types.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <NamespaceUris>
+    <Uri />
+    <Uri>iab_namespace</Uri>
+  </NamespaceUris>
+  <Aliases>
+    <Alias Alias="Float">i=10</Alias>
+    <Alias Alias="String">i=12</Alias>
+    <Alias Alias="Organizes">i=35</Alias>
+    <Alias Alias="HasTypeDefinition">i=40</Alias>
+    <Alias Alias="HasProperty">i=46</Alias>
+    <Alias Alias="HasComponent">i=47</Alias>
+  </Aliases>
+  <UAObject BrowseName="2:iab" NodeId="ns=2;i=1" ParentNodeId="i=85">
+    <DisplayName>iab</DisplayName>
+    <Description>The base type for all object nodes.</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="Organizes">i=85</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=58</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;i=2</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;i=3</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;i=4</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;i=5</Reference>
+    </References>
+  </UAObject>
+  <UAObject BrowseName="2:Analytics" NodeId="ns=2;i=2" ParentNodeId="ns=2;i=1">
+    <DisplayName>Analytics</DisplayName>
+    <Description>The base type for all object nodes.</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=1</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=58</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;i=6</Reference>
+    </References>
+  </UAObject>
+  <UAObject BrowseName="2:cRIO" NodeId="ns=2;i=3" ParentNodeId="ns=2;i=1">
+    <DisplayName>cRIO</DisplayName>
+    <Description>The base type for all object nodes.</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=1</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=58</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;i=10</Reference>
+    </References>
+  </UAObject>
+  <UAObject BrowseName="2:Twin" NodeId="ns=2;i=4" ParentNodeId="ns=2;i=1">
+    <DisplayName>Twin</DisplayName>
+    <Description>The base type for all object nodes.</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=1</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=58</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;i=19</Reference>
+    </References>
+  </UAObject>
+  <UAObject BrowseName="2:Customer" NodeId="ns=2;i=5" ParentNodeId="ns=2;i=1">
+    <DisplayName>Customer</DisplayName>
+    <Description>The base type for all object nodes.</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=1</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=58</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;i=20</Reference>
+    </References>
+  </UAObject>
+  <UAObject BrowseName="2:Measurement_stats" NodeId="ns=2;i=6" ParentNodeId="ns=2;i=2">
+    <DisplayName>Measurement_stats</DisplayName>
+    <Description>Measurement_stats</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=2</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=61</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;i=7</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;i=21</Reference>
+    </References>
+  </UAObject>
+  <UAVariable AccessLevel="15" BrowseName="2:temp_mean" DataType="Float" NodeId="ns=2;i=7" ParentNodeId="ns=2;i=6" UserAccessLevel="15">
+    <DisplayName>temp_mean</DisplayName>
+    <Description>temp_mean</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=6</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=63</Reference>
+      <Reference ReferenceType="HasProperty">ns=2;i=8</Reference>
+      <Reference ReferenceType="HasProperty">ns=2;i=9</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable BrowseName="2:aproperty_float" DataType="Float" NodeId="ns=2;i=8" ParentNodeId="ns=2;i=7">
+    <DisplayName>aproperty_float</DisplayName>
+    <Description>aproperty_float</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasProperty">ns=2;i=7</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=68</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable BrowseName="2:aproperty_string" DataType="String" NodeId="ns=2;i=9" ParentNodeId="ns=2;i=7">
+    <DisplayName>aproperty_string</DisplayName>
+    <Description>aproperty_string</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasProperty">ns=2;i=7</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=68</Reference>
+    </References>
+    <Value>
+      <uax:String>9.99</uax:String>
+    </Value>
+  </UAVariable>
+  <UAObject BrowseName="2:measurements" NodeId="ns=2;i=10" ParentNodeId="ns=2;i=3">
+    <DisplayName>measurements</DisplayName>
+    <Description>measurements</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=3</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=61</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;i=12</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;i=15</Reference>
+      <Reference ReferenceType="HasProperty">ns=2;i=18</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;s=testvariable</Reference>
+      <Reference ReferenceType="HasComponent">ns=2;s=anothertest</Reference>
+    </References>
+  </UAObject>
+  <UAVariable AccessLevel="15" BrowseName="2:temperature" DataType="Float" Historizing="True" NodeId="ns=2;i=12" ParentNodeId="ns=2;i=10" UserAccessLevel="15">
+    <DisplayName>temperature</DisplayName>
+    <Description>temperature</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=10</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=63</Reference>
+      <Reference ReferenceType="HasProperty">ns=2;i=13</Reference>
+      <Reference ReferenceType="HasProperty">ns=2;i=14</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable BrowseName="2:range" DataType="Float" NodeId="ns=2;i=13" ParentNodeId="ns=2;i=12">
+    <DisplayName>range</DisplayName>
+    <Description>range</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasProperty">ns=2;i=12</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=68</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable BrowseName="2:accuracy" DataType="Float" NodeId="ns=2;i=14" ParentNodeId="ns=2;i=12">
+    <DisplayName>accuracy</DisplayName>
+    <Description>accuracy</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasProperty">ns=2;i=12</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=68</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable AccessLevel="15" BrowseName="2:vibration" DataType="Float" Historizing="True" NodeId="ns=2;i=15" ParentNodeId="ns=2;i=10" UserAccessLevel="15">
+    <DisplayName>vibration</DisplayName>
+    <Description>vibration</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=10</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=63</Reference>
+      <Reference ReferenceType="HasProperty">ns=2;i=16</Reference>
+      <Reference ReferenceType="HasProperty">ns=2;i=17</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable BrowseName="2:range" DataType="Float" NodeId="ns=2;i=16" ParentNodeId="ns=2;i=15">
+    <DisplayName>range</DisplayName>
+    <Description>range</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasProperty">ns=2;i=15</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=68</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable BrowseName="2:accuracy" DataType="Float" NodeId="ns=2;i=17" ParentNodeId="ns=2;i=15">
+    <DisplayName>accuracy</DisplayName>
+    <Description>accuracy</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasProperty">ns=2;i=15</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=68</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable BrowseName="2:timestep" DataType="Float" NodeId="ns=2;i=18" ParentNodeId="ns=2;i=10">
+    <DisplayName>timestep</DisplayName>
+    <Description>timestep</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasProperty">ns=2;i=10</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=68</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable BrowseName="2:testvariable" DataType="Float" NodeId="ns=2;i=19" ParentNodeId="ns=2;i=4">
+    <DisplayName>testvariable</DisplayName>
+    <Description>testvariable</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=4</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=63</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable BrowseName="2:testvariable" DataType="Float" NodeId="ns=2;i=20" ParentNodeId="ns=2;i=5">
+    <DisplayName>testvariable</DisplayName>
+    <Description>testvariable</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=5</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=63</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable AccessLevel="15" BrowseName="2:vibration_something" DataType="Float" NodeId="ns=2;i=21" ParentNodeId="ns=2;i=6" UserAccessLevel="15">
+    <DisplayName>vibration_something</DisplayName>
+    <Description>vibration_something</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=6</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=63</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable BrowseName="2:testvariable" DataType="Float" Historizing="True" NodeId="ns=2;s=testvariable" ParentNodeId="ns=2;i=10">
+    <DisplayName>testvariable</DisplayName>
+    <Description>testvariable</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=10</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=63</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+  <UAVariable BrowseName="2:anothertest" DataType="Float" NodeId="ns=2;s=anothertest" ParentNodeId="ns=2;i=10" UserAccessLevel="15">
+    <DisplayName>anothertest</DisplayName>
+    <Description>anothertest</Description>
+    <References>
+      <Reference IsForward="false" ReferenceType="HasComponent">ns=2;i=10</Reference>
+      <Reference ReferenceType="HasTypeDefinition">i=63</Reference>
+    </References>
+    <Value>
+      <uax:Float>9.99</uax:Float>
+    </Value>
+  </UAVariable>
+</UANodeSet>
diff --git a/examples/cert.pem b/examples/cert.pem
new file mode 100644
index 000000000..e453a8454
--- /dev/null
+++ b/examples/cert.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWzCCAcSgAwIBAgIJAI2vU+xObjKcMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTgwNDEwMTIzNzQ5WhcNMTkwNDEwMTIzNzQ5WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDWxSvyTgs3Dc0wcOk2TwTvozP49fCsV8RfMjuDl4wRJSFWNteH50bBmhUUXhWO
+5kFHwjCt0wBujjUfqg3vE3JY0+pa70X2iGXZ0Tk3/XSPUVE/cPa7DQleCTIhR5Di
+Mo5leg3O339c0BdskYsV6UvZVv3wO2j/8yhE+CfTkkKAgwIDAQABo1MwUTAdBgNV
+HQ4EFgQUqJSdMz0aYGfU5ySIBy2GA433BBMwHwYDVR0jBBgwFoAUqJSdMz0aYGfU
+5ySIBy2GA433BBMwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBp
+UU0+r7uisgdTgLEaEMU3acsgbd+VVULHJnvju3QVbPotRuhvjZsTiq934aYv9To0
+7V4ydPhi13sRu1tR89GX7u45Z0+uPBZI+yCLxxvCOBrA5THpM9yc2owhAbaIF/br
+tVKSYH/9WtFCxMjAXrCGzN7HJnRLmR8Gumkq1t/X3w==
+-----END CERTIFICATE-----
diff --git a/examples/client_encrypt_malicious.py b/examples/client_encrypt_malicious.py
new file mode 100644
index 000000000..9391c928a
--- /dev/null
+++ b/examples/client_encrypt_malicious.py
@@ -0,0 +1,36 @@
+from opcua import Client
+from opcua import ua
+import time
+import random
+import logging
+logging.basicConfig(level=logging.DEBUG)
+
+if __name__ == '__main__':
+    client = Client("opc.tcp://localhost:4841/freeopcua/server/")
+
+    ## one can set different sets of key/cert for testing
+
+    #client.load_private_key('key.pem')
+    #client.load_client_certificate('cert.pem')
+    client.load_private_key('private-key-example.pem')
+    client.load_client_certificate('certificate-example.der')
+
+    client.set_security_string("Basic256,SignAndEncrypt,cert.pem,key.pem")
+    #client.set_security_string("Basic256,SignAndEncrypt,certificate-example.der,private-key-example.pem")
+
+    ## this doesn't work because this cert.key pair is used for encryption of data
+    #client.set_security_string("Basic256,SignAndEncrypt,cert.pem,private-key-example.pem")
+
+    time.sleep(5)
+
+    client.connect()
+    print("connectedddd")
+
+    var_temp = client.get_node("ns=2;i=12")
+    var_vibration = client.get_node("ns=2;i=15")
+
+    while True:
+        var_temp.get_value()
+        time.sleep(10)
+    
+
diff --git a/examples/key.pem b/examples/key.pem
new file mode 100644
index 000000000..33253dc77
--- /dev/null
+++ b/examples/key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANbFK/JOCzcNzTBw
+6TZPBO+jM/j18KxXxF8yO4OXjBElIVY214fnRsGaFRReFY7mQUfCMK3TAG6ONR+q
+De8TcljT6lrvRfaIZdnROTf9dI9RUT9w9rsNCV4JMiFHkOIyjmV6Dc7ff1zQF2yR
+ixXpS9lW/fA7aP/zKET4J9OSQoCDAgMBAAECgYEAiTEaiYXhFCH02OTHlLGVbZ7L
+LFWuj+jgwA7OhZjhGHKngPM3atEKGdHbdU9EZiwftz8M6XzH4ddlh/yROg8qEvh5
+XC6fSr5sCHiwXs3Q22RtHbY1iGoB6oxe2q4U/ds7nGEOYaDKhFb+PjthjTwWSIho
+7DoQ+dKRRujyF5afGQECQQDrcUoYh4PIuh/PnwxxqB5OGmnHs9Aek1nUAqZt9l30
+Z00L+IDqP0+oFtfJ6k/lcHB2NxkbsOKVN4fydKlwEnNTAkEA6YXONaDLTvdELWF5
+fLu0DMyqGg1CsoT1TCtgWpvDsOkqKNgWu2aqxK2hGQhiCVCLqxosFIiW3QQzGjD7
+/1DIEQJASLg7HIxupcbnIGeNnmVAxvrdhTMCqw70Bcmzwe8AYgauA26D0tYvMkmr
+6M+YUdOCyOCHvsfJlDEMqlRiKR1pxQJBALdgo7XpNr4j3h3k1YnlvFXwwgMDNsUJ
+M7dEuL1uZBWgg8LfLbqrvJ4F2uPVeWbnIUaTntnhCNc2XQrMPJcZ0IECQH88VqZU
+azRaGQ1jy3HjmiuriFFDcw01vEsI+VIZMTnShixYxWm7n9w9tITyhIPAdt+Kc/4s
+dx8pcP9Gst8ldlI=
+-----END PRIVATE KEY-----
diff --git a/examples/server_encrypt_malicious.py b/examples/server_encrypt_malicious.py
new file mode 100644
index 000000000..6c3cb3940
--- /dev/null
+++ b/examples/server_encrypt_malicious.py
@@ -0,0 +1,74 @@
+import sys
+sys.path.insert(0, "..")
+from datetime import datetime
+from opcua import ua, uamethod, Server
+
+import logging
+import ipdb
+logging.basicConfig(level=logging.DEBUG)
+import time
+
+try:
+    from IPython import embed
+except ImportError:
+    import code
+
+    def embed():
+        vars = globals()
+        vars.update(locals())
+        shell = code.InteractiveConsole(vars)
+        shell.interact()
+
+# server definition
+server = Server()
+
+server.set_endpoint("opc.tcp://localhost:4841/freeopcua/server/")
+server.set_server_name("Test Turbo Server")
+
+server.set_security_policy([ua.SecurityPolicyType.Basic256_SignAndEncrypt])
+'''
+server.set_security_policy([
+                ua.SecurityPolicyType.NoSecurity,
+                ua.SecurityPolicyType.Basic128Rsa15_SignAndEncrypt,
+                ua.SecurityPolicyType.Basic128Rsa15_Sign,
+                ua.SecurityPolicyType.Basic256_SignAndEncrypt,
+                ua.SecurityPolicyType.Basic256_Sign])
+'''
+server.set_security_IDs(["Basic256"])
+
+server.load_certificate("certificate-example.der")
+server.load_private_key("private-key-example.pem")
+#server.load_private_key("key.pem")
+
+uri = "iab_namespace"
+idx = server.register_namespace(uri)
+
+##########################################################################
+server.import_xml("XMLSchemas/xml_opc_schema_test1.xml")
+##########################################################################
+# modeler can also set variables to writable
+#v1 = server.get_node("i=20004") 
+#v1.set_writable()
+
+v1 = server.get_node("ns=2;i=12") 
+v2 = server.get_node("ns=2;i=15") 
+
+if __name__ == "__main__":
+
+    server.start()
+
+    # TODO why can't set variables to writable before running the server????
+    server.historize_node_data_change(v1)
+    server.historize_node_data_change(v2)
+
+    
+    # in case we decide to use good old loop instead of interativeshell
+    try:
+        while True:
+            time.sleep(10)
+            v1.set_value(1111111)
+    finally:
+        server.stop()
+
+
+