node-opcua-server 2.73.1 → 2.76.0

package/source/opcua_server.ts

@@ -1,3 +1,4 @@
+/* eslint-disable complexity */
 /**
  * @module node-opcua-server
  */
@@ -38,7 +39,8 @@ import {
     ISessionContext,
     UAView,
     EventTypeLike,
-    UAObjectType
+    UAObjectType,
+    PseudoVariantStringPredefined
 } from "node-opcua-address-space";
 import { getDefaultCertificateManager, OPCUACertificateManager } from "node-opcua-certificate-manager";
 import { ServerState } from "node-opcua-common";
@@ -145,13 +147,16 @@ import {
     BuildInfoOptions,
     MonitoredItemCreateResult,
     IssuedIdentityToken,
-    BrowseResultOptions
+    BrowseResultOptions,
+    ServiceFault,
+    ServerDiagnosticsSummaryDataType
 } from "node-opcua-types";
 import { DataType } from "node-opcua-variant";
 import { VariantArrayType } from "node-opcua-variant";
 import { matchUri } from "node-opcua-utils";
 
 import { UAString } from "node-opcua-basic-types";
+import { ObjectIds, ObjectTypeIds } from "node-opcua-constants";
 import { OPCUABaseServer, OPCUABaseServerOptions } from "./base_server";
 import { Factory } from "./factory";
 import { IRegisterServerManager } from "./i_register_server_manager";
@@ -184,7 +189,7 @@ const warningLog = make_warningLog(__filename);
 const default_maxConnectionsPerEndpoint = 10;
 
 function g_sendError(channel: ServerSecureChannelLayer, message: Message, ResponseClass: any, statusCode: StatusCode): void {
-    const response = new ResponseClass({
+    const response = new ServiceFault({
         responseHeader: { serviceResult: statusCode }
     });
     return channel.send_response("MSG", response, message);
@@ -261,11 +266,8 @@ async function _attempt_to_close_some_old_unactivated_session(server: OPCUAServe
 
 function getRequiredEndpointInfo(endpoint: EndpointDescription) {
     assert(endpoint instanceof EndpointDescription);
-    // It is recommended that Servers only include the server.applicationUri,  endpointUrl, securityMode,
-    // securityPolicyUri, userIdentityTokens, transportProfileUri and securityLevel with all
-    // other parameters set to null. Only the recommended parameters shall be verified by
-    // the client.
-
+    // https://reference.opcfoundation.org/v104/Core/docs/Part4/5.6.2/
+    // https://reference.opcfoundation.org/v105/Core/docs/Part4/5.6.2/
     const e = new EndpointDescription({
         endpointUrl: endpoint.endpointUrl,
         securityLevel: endpoint.securityLevel,
@@ -274,14 +276,13 @@ function getRequiredEndpointInfo(endpoint: EndpointDescription) {
         server: {
             applicationUri: endpoint.server.applicationUri,
             applicationType: endpoint.server.applicationType,
-            applicationName: endpoint.server.applicationName
-            // ... to be continued after verifying what fields are actually needed
+            applicationName: endpoint.server.applicationName,
+            productUri: endpoint.server.productUri
         },
         transportProfileUri: endpoint.transportProfileUri,
         userIdentityTokens: endpoint.userIdentityTokens
     });
     // reduce even further by explicitly setting unwanted members to null
-    e.server.productUri = null;
     e.server.applicationName = null as any;
     // xx e.server.applicationType = null as any;
     e.server.gatewayServerUri = null;
@@ -298,10 +299,8 @@ function getRequiredEndpointInfo(endpoint: EndpointDescription) {
 function _serverEndpointsForCreateSessionResponse(server: OPCUAServer, endpointUrl: string | null, serverUri: string | null) {
     serverUri = null; // unused then
 
-    // The Server shall return a set of EndpointDescriptions available for the serverUri specified in the request.
-    // It is recommended that Servers only include the endpointUrl, securityMode,
-    // securityPolicyUri, userIdentityTokens, transportProfileUri and securityLevel with all other parameters
-    // set to null. Only the recommended parameters shall be verified by the client.
+    // https://reference.opcfoundation.org/v104/Core/docs/Part4/5.6.2/
+    // https://reference.opcfoundation.org/v105/Core/docs/Part4/5.6.2/
     return server
         ._get_endpoints(endpointUrl)
         .filter((e) => !(e as any).restricted) // remove restricted endpoints
@@ -1355,6 +1354,19 @@ export class OPCUAServer extends OPCUABaseServer {
         }
     }
 
+    public raiseEvent(eventType: "AuditSessionEventType", options: RaiseEventAuditSessionEventData): void;
+    public raiseEvent(eventType: "AuditCreateSessionEventType", options: RaiseEventAuditCreateSessionEventData): void;
+    public raiseEvent(eventType: "AuditActivateSessionEventType", options: RaiseEventAuditActivateSessionEventData): void;
+    public raiseEvent(eventType: "AuditCreateSessionEventType", options: RaiseEventData): void;
+    public raiseEvent(eventType: "AuditConditionCommentEventType", options: RaiseEventAuditConditionCommentEventData): void;
+    public raiseEvent(eventType: "AuditUrlMismatchEventType", options: RaiseEventAuditUrlMismatchEventTypeData): void;
+    public raiseEvent(eventType: "TransitionEventType", options: RaiseEventTransitionEventData): void;
+    public raiseEvent(eventType: "AuditCertificateInvalidEventType", options: RaiseAuditCertificateInvalidEventData): void;
+    public raiseEvent(eventType: "AuditCertificateExpiredEventType", options: RaiseAuditCertificateExpiredEventData): void;
+    public raiseEvent(eventType: "AuditCertificateUntrustedEventType", options: RaiseAuditCertificateUntrustedEventData): void;
+    public raiseEvent(eventType: "AuditCertificateRevokedEventType", options: RaiseAuditCertificateRevokedEventData): void;
+    public raiseEvent(eventType: "AuditCertificateMismatchEventType", options: RaiseAuditCertificateMismatchEventData): void;
+
     public raiseEvent(eventType: EventTypeLike | UAObjectType, options: RaiseEventData): void {
         /* istanbul ignore next */
         if (!this.engine.addressSpace) {
@@ -1495,6 +1507,8 @@ export class OPCUAServer extends OPCUABaseServer {
         }
 
         if (!userTokenSignature || !userTokenSignature.signature) {
+            this.raiseEvent("AuditCreateSessionEventType", {});
+
             return callback(null, StatusCodes.BadUserSignatureInvalid);
         }
 
@@ -1524,6 +1538,45 @@ export class OPCUAServer extends OPCUABaseServer {
             if (err) {
                 return callback(err);
             }
+            if (this.isAuditing) {
+                switch (certificateStatus) {
+                    case StatusCodes.Good:
+                        break;
+                    case StatusCodes.BadCertificateUntrusted:
+                        this.raiseEvent("AuditCertificateUntrustedEventType", {
+                            certificate: { dataType: DataType.ByteString, value: certificate },
+                            sourceName: { dataType: DataType.String, value: "Security/Certificate" }
+                        });
+                        break;
+                    case StatusCodes.BadCertificateTimeInvalid:
+                    case StatusCodes.BadCertificateIssuerTimeInvalid:
+                        this.raiseEvent("AuditCertificateExpiredEventType", {
+                            certificate: { dataType: DataType.ByteString, value: certificate },
+                            sourceName: { dataType: DataType.String, value: "Security/Certificate" },
+                            comment: { dataType: DataType.String, value: certificateStatus.toString() }
+                        });
+                        break;
+                    case StatusCodes.BadCertificateRevoked:
+                    case StatusCodes.BadCertificateRevocationUnknown:
+                    case StatusCodes.BadCertificateIssuerRevocationUnknown:
+                        this.raiseEvent("AuditCertificateRevokedEventType", {
+                            certificate: { dataType: DataType.ByteString, value: certificate },
+                            sourceName: { dataType: DataType.String, value: "Security/Certificate" },
+                            comment: { dataType: DataType.String, value: certificateStatus.toString() }
+                        });
+                        break;
+                    case StatusCodes.BadCertificateIssuerUseNotAllowed:
+                    case StatusCodes.BadCertificateUseNotAllowed:
+                    case StatusCodes.BadSecurityChecksFailed:
+                        this.raiseEvent("AuditCertificateMismatchEventType", {
+                            certificate: { dataType: DataType.ByteString, value: certificate },
+                            sourceName: { dataType: DataType.String, value: "Security/Certificate" },
+                            comment: { dataType: DataType.String, value: certificateStatus.toString() }
+                        });
+                        break;
+                    
+                }
+            }
             if (
                 StatusCodes.BadCertificateUntrusted === certificateStatus ||
                 StatusCodes.BadCertificateTimeInvalid === certificateStatus ||
@@ -1537,6 +1590,7 @@ export class OPCUAServer extends OPCUABaseServer {
                 StatusCodes.Good !== certificateStatus
             ) {
                 debugLog("isValidX509IdentityToken => certificateStatus = ", certificateStatus?.toString());
+
                 return callback(null, StatusCodes.BadIdentityTokenRejected);
             }
             if (StatusCodes.Good !== certificateStatus) {
@@ -2233,7 +2287,7 @@ export class OPCUAServer extends OPCUABaseServer {
 
         function sendResponse(response1: Response) {
             try {
-                assert(response1 instanceof ResponseClass);
+                assert(response1 instanceof ResponseClass || response1 instanceof ServiceFault);
                 if (message.session) {
                     const counterName = ResponseClass.name.replace("Response", "");
                     message.session.incrementRequestTotalCounter(counterName);
@@ -3071,7 +3125,7 @@ export class OPCUAServer extends OPCUABaseServer {
             (session: ServerSession, sendResponse: (response: Response) => void, sendError: (statusCode: StatusCode) => void) => {
                 assert(session);
                 assert(session.publishEngine); // server.publishEngine doesn't exists, OPCUAServer has probably shut down already
-                session.publishEngine._on_PublishRequest(request, (request1: PublishRequest, response: PublishResponse) => {
+                session.publishEngine._on_PublishRequest(request, (_request1, response) => {
                     sendResponse(response);
                 });
             }
@@ -3180,16 +3234,20 @@ export class OPCUAServer extends OPCUABaseServer {
                     linksToAdd,
                     linksToRemove
                 );
-                const response = new SetTriggeringResponse({
-                    responseHeader: { serviceResult: statusCode },
-
-                    addResults,
-                    removeResults,
-                    addDiagnosticInfos: null,
-                    removeDiagnosticInfos: null
-                });
+                if (statusCode !== StatusCodes.Good) {
+                    const response = new ServiceFault({ responseHeader: { serviceResult: statusCode } });
+                    sendResponse(response);
+                } else {
+                    const response = new SetTriggeringResponse({
+                        responseHeader: { serviceResult: statusCode },
 
-                sendResponse(response);
+                        addResults,
+                        removeResults,
+                        addDiagnosticInfos: null,
+                        removeDiagnosticInfos: null
+                    });
+                    sendResponse(response);
+                }
             }
         );
     }
@@ -3390,11 +3448,8 @@ export class OPCUAServer extends OPCUABaseServer {
             message,
             channel,
             (session: ServerSession, sendResponse: (response: Response) => void, sendError: (statusCode: StatusCode) => void) => {
-                let response;
-
                 if (!request.nodesToRegister || request.nodesToRegister.length === 0) {
-                    response = new RegisterNodesResponse({ responseHeader: { serviceResult: StatusCodes.BadNothingToDo } });
-                    return sendResponse(response);
+                    return sendError(StatusCodes.BadNothingToDo);
                 }
                 if (this.engine.serverCapabilities.operationLimits.maxNodesPerRegisterNodes > 0) {
                     if (request.nodesToRegister.length > this.engine.serverCapabilities.operationLimits.maxNodesPerRegisterNodes) {
@@ -3410,7 +3465,7 @@ export class OPCUAServer extends OPCUABaseServer {
                 // NodeId from the request.
                 const registeredNodeIds = request.nodesToRegister.map((nodeId) => session.registerNode(nodeId));
 
-                response = new RegisterNodesResponse({
+                const response = new RegisterNodesResponse({
                     registeredNodeIds
                 });
                 sendResponse(response);
@@ -3427,13 +3482,10 @@ export class OPCUAServer extends OPCUABaseServer {
             message,
             channel,
             (session: ServerSession, sendResponse: (response: Response) => void, sendError: (statusCode: StatusCode) => void) => {
-                let response;
-
                 request.nodesToUnregister = request.nodesToUnregister || [];
 
                 if (!request.nodesToUnregister || request.nodesToUnregister.length === 0) {
-                    response = new UnregisterNodesResponse({ responseHeader: { serviceResult: StatusCodes.BadNothingToDo } });
-                    return sendResponse(response);
+                    return sendError(StatusCodes.BadNothingToDo);
                 }
 
                 if (this.engine.serverCapabilities.operationLimits.maxNodesPerRegisterNodes > 0) {
@@ -3446,7 +3498,7 @@ export class OPCUAServer extends OPCUABaseServer {
 
                 request.nodesToUnregister.map((nodeId: NodeId) => session.unRegisterNode(nodeId));
 
-                response = new UnregisterNodesResponse({});
+                const response = new UnregisterNodesResponse({});
                 sendResponse(response);
             }
         );
@@ -3643,6 +3695,87 @@ export interface RaiseEventTransitionEventData extends RaiseEventData {}
 export interface RaiseEventAuditUrlMismatchEventTypeData extends RaiseEventData {
     endpointUrl: PseudoVariantString;
 }
+
+/**
+ * The SourceName for Events of this type shall be “Security/Certificate”.
+ */
+export interface RaiseAuditCertificateEventData extends RaiseEventData {
+    certificate: PseudoVariantByteString;
+    sourceName: PseudoVariantStringPredefined<"Security/Certificate">;
+}
+
+/**
+ * This EventType inherits all Properties of the AuditCertificateEventType.
+ * Either the InvalidHostname or InvalidUri shall be provided.
+ */
+export interface RaiseAuditCertificateDataMismatchEventData extends RaiseAuditCertificateEventData {
+    /**
+     * InvalidHostname is the string that represents the host name passed in as part of the URL
+     * that is found to be invalid. If the host name was not invalid it can be null.
+     */
+    invalidHostname: PseudoVariantString;
+    /*
+     * InvalidUri is the URI that was passed in and found to not match what is contained in
+     * the certificate. If the URI was not invalid it can be null.
+     */
+    invalidUri: PseudoVariantString;
+}
+export interface RaiseAuditCertificateUntrustedEventData extends RaiseAuditCertificateEventData {}
+/**
+ * This EventType inherits all Properties of the AuditCertificateEventType.
+ *
+ * The SourceName for Events of this type shall be “Security/Certificate”.
+ *
+ * The Message Variable shall include a description of why the certificate was expired
+ * (i.e. time before start or time after end).
+ *
+ * There are no additional Properties defined for this EventType.
+ *
+ */
+export interface RaiseAuditCertificateExpiredEventData extends RaiseAuditCertificateEventData {}
+/**
+ * This EventType inherits all Properties of the AuditCertificateEventType.
+ *
+ * The SourceName for Events of this type shall be “Security/Certificate”.
+ *
+ * The Message shall include a description of why the certificate is invalid.
+ *
+ * There are no additional Properties defined for this EventType.
+ */
+export interface RaiseAuditCertificateInvalidEventData extends RaiseAuditCertificateEventData {}
+/**
+ * This EventType inherits all Properties of the AuditCertificateEventType.
+ *
+ * The SourceName for Events of this type shall be “Security/Certificate”.
+ *
+ * The Message Variable shall include a description of why the certificate is not trusted.
+ * If a trust chain is involved then the certificate that failed in the trust chain should be described.
+ * There are no additional Properties defined for this EventType.
+ */
+export interface RaiseAuditCertificateUntrustedEventData extends RaiseAuditCertificateEventData {}
+/**
+ * This EventType inherits all Properties of the AuditCertificateEventType.
+ *
+ * The SourceName for Events of this type shall be “Security/Certificate”.
+ *
+ * The Message Variable shall include a description of why the certificate is revoked
+ * (was the revocation list unavailable or was the certificate on the list).
+ *
+ *  There are no additional Properties defined for this EventType.
+ */
+export interface RaiseAuditCertificateRevokedEventData extends RaiseAuditCertificateEventData {
+    sourceName: PseudoVariantStringPredefined<"Security/Certificate">;
+}
+/**
+ * This EventType inherits all Properties of the AuditCertificateEventType.
+ *
+ * The SourceName for Events of this type shall be “Security/Certificate”.
+ *
+ * The Message Variable shall include a description of misuse of the certificate.
+ *
+ * There are no additional Properties defined for this EventType
+ */
+export interface RaiseAuditCertificateMismatchEventData extends RaiseAuditCertificateEventData {}
 export interface OPCUAServer {
     /**
      * @internal
@@ -3662,6 +3795,12 @@ export interface OPCUAServer {
     raiseEvent(eventType: "AuditUrlMismatchEventType", options: RaiseEventAuditUrlMismatchEventTypeData): void;
 
     raiseEvent(eventType: "TransitionEventType", options: RaiseEventTransitionEventData): void;
+
+    raiseEvent(eventType: "AuditCertificateInvalidEventType", options: RaiseAuditCertificateInvalidEventData): void;
+    raiseEvent(eventType: "AuditCertificateExpiredEventType", options: RaiseAuditCertificateExpiredEventData): void;
+    raiseEvent(eventType: "AuditCertificateUntrustedEventType", options: RaiseAuditCertificateUntrustedEventData): void;
+    raiseEvent(eventType: "AuditCertificateRevokedEventType", options: RaiseAuditCertificateRevokedEventData): void;
+    raiseEvent(eventType: "AuditCertificateMismatchEventType", options: RaiseAuditCertificateMismatchEventData): void;
 }
 
 export interface OPCUAServer extends EventEmitter {

package/source/server_publish_engine.ts

@@ -11,7 +11,7 @@ import { checkDebugFlag, make_debugLog } from "node-opcua-debug";
 import { ObjectRegistry } from "node-opcua-object-registry";
 import { StatusCode, StatusCodes } from "node-opcua-status-code";
 
-import { PublishRequest, PublishResponse, SubscriptionAcknowledgement } from "node-opcua-types";
+import { PublishRequest, PublishResponse, ServiceFault, SubscriptionAcknowledgement } from "node-opcua-types";
 import { Subscription } from "./server_subscription";
 import { SubscriptionState } from "./server_subscription";
 import { IServerSidePublishEngine, INotifMsg, IClosedOrTransferredSubscription } from "./i_server_side_publish_engine";
@@ -36,7 +36,7 @@ interface PublishData {
     request: PublishRequest;
     serverTimeWhenReceived: number;
     results: StatusCode[];
-    callback: (request: PublishRequest, response: PublishResponse) => void;
+    callback: (request: PublishRequest, response: PublishResponse | ServiceFault) => void;
 }
 
 function _assertValidPublishData(publishData: PublishData) {
@@ -137,7 +137,7 @@ export class ServerSidePublishEngine extends EventEmitter implements IServerSide
 
         const tmp = srcPublishEngine.detach_subscription(subscription);
         destPublishEngine.add_subscription(tmp);
-        
+
         subscription.resetLifeTimeCounter();
         if (sendInitialValues) {
             /*  A Boolean parameter with the following values:
@@ -327,11 +327,12 @@ export class ServerSidePublishEngine extends EventEmitter implements IServerSide
     public on_close_subscription(subscription: IClosedOrTransferredSubscription): void {
         doDebug && debugLog("ServerSidePublishEngine#on_close_subscription", subscription.id);
         if (subscription.hasPendingNotifications) {
-            doDebug && debugLog(
-                "ServerSidePublishEngine#on_close_subscription storing subscription",
-                subscription.id,
-                " to _closed_subscriptions because it has pending notification"
-            );
+            doDebug &&
+                debugLog(
+                    "ServerSidePublishEngine#on_close_subscription storing subscription",
+                    subscription.id,
+                    " to _closed_subscriptions because it has pending notification"
+                );
             this._closed_subscriptions.push(subscription);
         } else {
             doDebug && debugLog("ServerSidePublishEngine#on_close_subscription disposing subscription", subscription.id);
@@ -402,7 +403,7 @@ export class ServerSidePublishEngine extends EventEmitter implements IServerSide
      */
     public _on_PublishRequest(
         request: PublishRequest,
-        callback?: (request1: PublishRequest, response: PublishResponse) => void
+        callback?: (request1: PublishRequest, response: PublishResponse| ServiceFault) => void
     ): void {
         callback = callback || dummy_function;
         assert(typeof callback === "function");
@@ -483,9 +484,10 @@ export class ServerSidePublishEngine extends EventEmitter implements IServerSide
                                 s.timeToKeepAlive +
                                 " m?=" +
                                 s.hasUncollectedMonitoredItemNotifications +
-                                " " + 
+                                " " +
                                 SubscriptionState[s.state] +
-                                " " + s.messageSent + 
+                                " " +
+                                s.messageSent +
                                 "]"
                         )
                         .join(" \n")
@@ -508,7 +510,8 @@ export class ServerSidePublishEngine extends EventEmitter implements IServerSide
             }
             const starving_subscription = this._find_starving_subscription();
             if (starving_subscription) {
-                doDebug && debugLog(chalk.bgWhite.red("feeding most late subscription subscriptionId  = "), starving_subscription.id);
+                doDebug &&
+                    debugLog(chalk.bgWhite.red("feeding most late subscription subscriptionId  = "), starving_subscription.id);
                 starving_subscription.process_subscription();
             }
         });
@@ -537,10 +540,10 @@ export class ServerSidePublishEngine extends EventEmitter implements IServerSide
 
     private _send_error_for_request(publishData: PublishData, statusCode: StatusCode): void {
         _assertValidPublishData(publishData);
-        const publishResponse = new PublishResponse({
+        const response = new ServiceFault({
             responseHeader: { serviceResult: statusCode }
         });
-        this._send_response_for_request(publishData, publishResponse);
+        this._send_response_for_request(publishData, response);
     }
 
     private _cancelPendingPublishRequest(statusCode: StatusCode): void {
@@ -629,7 +632,7 @@ export class ServerSidePublishEngine extends EventEmitter implements IServerSide
         assert(this.pendingPublishRequestCount > 0);
         assert(response.subscriptionId !== 0xffffff);
         const publishData = this._publish_request_queue.shift()!;
-        this._send_response_for_request(publishData, response);
+        this._send_valid_response_for_request(publishData, response);
     }
 
     public _on_tick(): void {
@@ -654,15 +657,17 @@ export class ServerSidePublishEngine extends EventEmitter implements IServerSide
             this._send_error_for_request(publishData, StatusCodes.BadTimeout);
         }
     }
-
-    public _send_response_for_request(publishData: PublishData, response: PublishResponse): void {
+    public _send_response_for_request(publishData: PublishData, response: PublishResponse | ServiceFault): void {
+        response.responseHeader.requestHandle = publishData.request.requestHeader.requestHandle;
+        publishData.callback(publishData.request, response);
+    }
+    public _send_valid_response_for_request(publishData: PublishData, response: PublishResponse): void {
         if (doDebug) {
             debugLog("_send_response_for_request ", response.toString());
         }
         _assertValidPublishData(publishData);
         // xx assert(response.responseHeader.requestHandle !== 0,"expecting a valid requestHandle");
         response.results = publishData.results;
-        response.responseHeader.requestHandle = publishData.request.requestHeader.requestHandle;
-        publishData.callback(publishData.request, response);
+        this._send_response_for_request(publishData, response);
     }
 }

package/source/server_subscription.ts

@@ -6,9 +6,7 @@
 import { EventEmitter } from "events";
 import * as chalk from "chalk";
 
-import { AddressSpace, BaseNode, Duration, UAObjectType } from "node-opcua-address-space";
-import { checkSelectClauses } from "node-opcua-address-space";
-import { SessionContext } from "node-opcua-address-space";
+import { SessionContext,AddressSpace, BaseNode, Duration, UAObjectType } from "node-opcua-address-space";
 import { assert } from "node-opcua-assert";
 import { Byte, UInt32 } from "node-opcua-basic-types";
 import { SubscriptionDiagnosticsDataType } from "node-opcua-common";
@@ -18,7 +16,7 @@ import { checkDebugFlag, make_debugLog, make_warningLog } from "node-opcua-debug
 import { NodeId } from "node-opcua-nodeid";
 import { ObjectRegistry } from "node-opcua-object-registry";
 import { SequenceNumberGenerator } from "node-opcua-secure-channel";
-import { EventFilter } from "node-opcua-service-filter";
+import { EventFilter, checkSelectClauses } from "node-opcua-service-filter";
 import { AggregateFilter } from "node-opcua-service-subscription";
 import {
     DataChangeNotification,
@@ -629,7 +627,7 @@ export class Subscription extends EventEmitter {
         this.messageSent = false;
 
         this.timerId = null;
-        this._start_timer();
+        this._start_timer({ firstTime: true });
 
         debugLog(chalk.green(`creating subscription ${this.id}`));
 
@@ -686,7 +684,7 @@ export class Subscription extends EventEmitter {
             // todo
         }
         this._stop_timer();
-        this._start_timer();
+        this._start_timer({ firstTime: false });
     }
 
     /**
@@ -732,7 +730,7 @@ export class Subscription extends EventEmitter {
     public increaseLifeTimeCounter(): void {
         this._life_time_counter += 1;
         if (this._life_time_counter >= this.lifeTimeCount) {
-           this.emit("lifeTimeExpired");
+            this.emit("lifeTimeExpired");
         }
         this.emit("lifeTimeCounterChanged", this._life_time_counter);
     }
@@ -1458,7 +1456,7 @@ export class Subscription extends EventEmitter {
         }
     }
 
-    private _start_timer() {
+    private _start_timer({ firstTime }: { firstTime: boolean }) {
         debugLog(
             chalk.bgWhite.blue("Subscription#_start_timer  subscriptionId="),
             this.id,
@@ -1478,8 +1476,11 @@ export class Subscription extends EventEmitter {
         // make sure that a keep-alive Message will be send at the end of the first publishing cycle
         // if there are no Notifications ready.
         this._keep_alive_counter = 0; // this.maxKeepAliveCount;
-        assert(this.messageSent === false);
-        assert(this.state === SubscriptionState.CREATING);
+
+        if (firstTime) {
+            assert(this.messageSent === false);
+            assert(this.state === SubscriptionState.CREATING);
+        }
 
         assert(this.publishingInterval >= Subscription.minimumPublishingInterval);
         this.timerId = setInterval(this._tick.bind(this), this.publishingInterval);