From 3413ca4a8570ed122072167751df453acc657be9 Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sat, 1 Nov 2025 21:10:17 +0000
Subject: [PATCH] Fix OPC UA server security policy configuration

- Use correct SecurityPolicyType enum values instead of strings
- Server now properly offers NoSecurity (0) policy endpoint
- Fixes 'No matching endpoints' error in client connections
---
 src/protocols/opcua_server.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/protocols/opcua_server.py b/src/protocols/opcua_server.py
index f64e7f6..f6392f5 100644
--- a/src/protocols/opcua_server.py
+++ b/src/protocols/opcua_server.py
@@ -124,8 +124,9 @@ class OPCUAServer:
                 await self._configure_security()
             else:
                 # No security (for development only)
+                from asyncua.ua import SecurityPolicyType
                 self.server.set_security_policy([
-                    "http://opcfoundation.org/UA/SecurityPolicy#None"
+                    SecurityPolicyType.NoSecurity
                 ])
             
             # Setup namespace
@@ -172,6 +173,8 @@ class OPCUAServer:
     async def _configure_security(self):
         """Configure OPC UA security with certificates."""
         try:
+            from asyncua.ua import SecurityPolicyType
+            
             # Load or generate certificates
             if self.certificate_path and self.private_key_path:
                 # Load existing certificates
@@ -180,8 +183,8 @@ class OPCUAServer:
                 
                 # Set security policies for secure connections
                 self.server.set_security_policy([
-                    SecurityPolicyBasic256Sha256,
-                    "http://opcfoundation.org/UA/SecurityPolicy#None"
+                    SecurityPolicyType.Basic256Sha256_SignAndEncrypt,
+                    SecurityPolicyType.NoSecurity
                 ])
                 
                 # Configure certificate validation
@@ -202,8 +205,8 @@ class OPCUAServer:
                 
                 # Set security policies for secure connections
                 self.server.set_security_policy([
-                    SecurityPolicyBasic256Sha256,
-                    "http://opcfoundation.org/UA/SecurityPolicy#None"
+                    SecurityPolicyType.Basic256Sha256_SignAndEncrypt,
+                    SecurityPolicyType.NoSecurity
                 ])
                 
                 # Configure certificate validation
@@ -214,7 +217,7 @@ class OPCUAServer:
                 # Certificate generation not available, use only None security policy
                 logger.warning("certificate_generation_not_available")
                 self.server.set_security_policy([
-                    "http://opcfoundation.org/UA/SecurityPolicy#None"
+                    SecurityPolicyType.NoSecurity
                 ])
                 return