Configurable client's secure channel Lifetime

lib/src/client/builder.rs

@@ -279,9 +279,15 @@ impl ClientBuilder {
         self
     }
 
-    /// Session name - the default name to use for a new session
+    /// Session name - the default name to use for a new session.
     pub fn session_name(mut self, session_name: impl Into<String>) -> Self {
         self.config.session_name = session_name.into();
         self
     }
+
+    /// Sets the secure channel lifetime, in milliseconds. Default is 1 minute.
+    pub fn secure_channel_lifetime(mut self, secure_channel_lifetime: u32) -> Self {
+        self.config.secure_channel_lifetime = secure_channel_lifetime;
+        self
+    }
 }

lib/src/client/config.rs

@@ -228,6 +228,8 @@ pub struct ClientConfig {
     pub(crate) performance: Performance,
     /// Session name
     pub(crate) session_name: String,
+    /// Secure channel lifetime in milliseconds
+    pub(crate) secure_channel_lifetime: u32,
 }
 
 impl Config for ClientConfig {
@@ -358,6 +360,7 @@ impl ClientConfig {
             request_timeout: Duration::from_secs(60),
             min_publish_interval: Duration::from_secs(1),
             publish_timeout: Duration::from_secs(60),
+            secure_channel_lifetime: 60000,
             max_inflight_publish: 2,
             session_timeout: 0,
             decoding_options: DecodingOptions {
@@ -540,4 +543,16 @@ mod tests {
         );
         assert!(!config.is_valid());
     }
+
+    #[test]
+    fn default_security_channel_lifetime_is_1_minute() {
+        let config = default_sample_config();
+        assert_eq!(config.secure_channel_lifetime, 60000);
+    }
+
+    #[test]
+    fn security_channel_lifetime_is_configurable() {
+        let config = sample_builder().secure_channel_lifetime(30000).config();
+        assert_eq!(config.secure_channel_lifetime, 30000);
+    }
 }

lib/src/client/session/client.rs

@@ -370,6 +370,7 @@ impl Client {
                 max_message_size: self.config.decoding_options.max_message_size,
                 max_chunk_count: self.config.decoding_options.max_chunk_count,
             },
+            self.config.secure_channel_lifetime
         )
     }
 

lib/src/client/session/session.rs

@@ -90,6 +90,7 @@ impl Session {
                     max_message_size: config.decoding_options.max_message_size,
                     max_chunk_count: config.decoding_options.max_chunk_count,
                 },
+                config.secure_channel_lifetime
             ),
             internal_session_id: AtomicU32::new(NEXT_SESSION_ID.fetch_add(1, Ordering::Relaxed)),
             state_watch_rx,

lib/src/client/transport/channel.rs

@@ -34,8 +34,8 @@ pub struct AsyncSecureChannel {
     transport_config: TransportConfiguration,
     state: SecureChannelState,
     issue_channel_lock: tokio::sync::Mutex<()>,
-
     request_send: ArcSwapOption<RequestSend>,
+    channel_lifetime: u32,
 }
 
 pub struct SecureChannelEventLoop {
@@ -57,6 +57,7 @@ impl AsyncSecureChannel {
         ignore_clock_skew: bool,
         auth_token: Arc<ArcSwap<NodeId>>,
         transport_config: TransportConfiguration,
+        channel_lifetime: u32,
     ) -> Self {
         let secure_channel = Arc::new(RwLock::new(SecureChannel::new(
             certificate_store.clone(),
@@ -73,6 +74,7 @@ impl AsyncSecureChannel {
             certificate_store,
             session_retry_policy,
             request_send: Default::default(),
+            channel_lifetime,
         }
     }
 
@@ -97,6 +99,7 @@ impl AsyncSecureChannel {
             // succession.
             // Also, if the channel is currently being renewed, we need to wait for the new security token.
             let guard = self.issue_channel_lock.lock().await;
+
             let should_renew_security_token = {
                 let secure_channel = trace_read_lock!(self.secure_channel);
                 secure_channel.should_renew_security_token()
@@ -107,6 +110,7 @@ impl AsyncSecureChannel {
                     SecurityTokenRequestType::Renew,
                     Duration::from_secs(30),
                     send.clone(),
+                    self.channel_lifetime,
                 );
 
                 let resp = request.send().await?;
@@ -176,6 +180,7 @@ impl AsyncSecureChannel {
             SecurityTokenRequestType::Issue,
             Duration::from_secs(30),
             send.clone(),
+            self.channel_lifetime,
         );
 
         let request_fut = request.send();

lib/src/client/transport/state.rs

@@ -117,11 +117,10 @@ impl SecureChannelState {
         request_type: SecurityTokenRequestType,
         timeout: Duration,
         sender: RequestSend,
+        requested_lifetime: u32,
     ) -> Request {
         trace!("issue_or_renew_secure_channel({:?})", request_type);
 
-        const REQUESTED_LIFETIME: u32 = 60000; // TODO
-
         let (security_mode, security_policy, client_nonce) = {
             let mut secure_channel = trace_write_lock!(self.secure_channel);
             let client_nonce = secure_channel.security_policy().random_nonce();
@@ -137,7 +136,6 @@ impl SecureChannelState {
         info!("security_mode = {:?}", security_mode);
         info!("security_policy = {:?}", security_policy);
 
-        let requested_lifetime = REQUESTED_LIFETIME;
         let request = OpenSecureChannelRequest {
             request_header: self.make_request_header(timeout),
             client_protocol_version: 0,

samples/client.conf

@@ -71,3 +71,4 @@ performance:
   recreate_monitored_items_chunk: 1000
   max_inflight_messages: 20
 session_name: Rust OPC UA Client
+secure_channel_lifetime: 60000