private void UnregisterButton_Click(object sender, EventArgs e) { try { if (ApplicationRecordDataGridView.SelectedRows.Count == 0) { return; } List <DataRow> rowsToDelete = new List <DataRow>(); foreach (DataGridViewRow row in ApplicationRecordDataGridView.SelectedRows) { DataRowView source = row.DataBoundItem as DataRowView; ApplicationRecordDataType argument = (ApplicationRecordDataType)source.Row[6]; m_gds.UnregisterApplication(argument.ApplicationId); rowsToDelete.Add(source.Row); } foreach (var rowToDelete in rowsToDelete) { rowToDelete.Delete(); } m_dataset.AcceptChanges(); } catch (Exception ex) { Opc.Ua.Client.Controls.ExceptionDlg.Show(Text, ex); } }
private string[] GetDefaultDomainNames(ApplicationRecordDataType application) { List <string> names = new List <string>(); if (application.DiscoveryUrls != null && application.DiscoveryUrls.Count > 0) { foreach (var discoveryUrl in application.DiscoveryUrls) { if (Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute)) { Uri url = new Uri(discoveryUrl); foreach (var name in names) { if (Utils.AreDomainsEqual(name, url.DnsSafeHost)) { url = null; break; } } if (url != null) { names.Add(url.DnsSafeHost); } } } } return(names.ToArray()); }
private void RegisterPushServerApplication(string discoveryUrl) { if (_applicationRecord == null && discoveryUrl != null) { EndpointDescription endpointDescription = CoreClientUtils.SelectEndpoint(discoveryUrl, true); ApplicationDescription description = endpointDescription.Server; _applicationRecord = new ApplicationRecordDataType { ApplicationNames = new LocalizedTextCollection { description.ApplicationName }, ApplicationUri = description.ApplicationUri, ApplicationType = description.ApplicationType, ProductUri = description.ProductUri, DiscoveryUrls = description.DiscoveryUrls, ServerCapabilities = new StringCollection { "NA" }, }; } Assert.IsNotNull(_applicationRecord); Assert.IsNull(_applicationRecord.ApplicationId); NodeId id = _gdsClient.GDSClient.RegisterApplication(_applicationRecord); Assert.IsNotNull(id); _applicationRecord.ApplicationId = id; // add issuer and trusted certs to client stores NodeId trustListId = _gdsClient.GDSClient.GetTrustList(id, null); var trustList = _gdsClient.GDSClient.ReadTrustList(trustListId); AddTrustListToStore(_gdsClient.Config.SecurityConfiguration, trustList); AddTrustListToStore(_pushClient.Config.SecurityConfiguration, trustList); }
public string ServerCapabilities(ApplicationRecordDataType application) { if (application.ApplicationType != ApplicationType.Client) { if (application.ServerCapabilities == null || application.ServerCapabilities.Count == 0) { throw new ArgumentException("At least one Server Capability must be provided.", "ServerCapabilities"); } } StringBuilder capabilities = new StringBuilder(); if (application.ServerCapabilities != null) { application.ServerCapabilities.Sort(); foreach (var capability in application.ServerCapabilities) { if (String.IsNullOrEmpty(capability)) { continue; } if (capabilities.Length > 0) { capabilities.Append(','); } capabilities.Append(capability); } } return(capabilities.ToString()); }
public virtual async Task <X509Certificate2> SigningRequestAsync( ApplicationRecordDataType application, string[] domainNames, byte[] certificateRequest) { Pkcs10CertificationRequest pkcs10CertificationRequest = new Pkcs10CertificationRequest(certificateRequest); CertificationRequestInfo info = pkcs10CertificationRequest.GetCertificationRequestInfo(); DateTime yesterday = DateTime.UtcNow.AddDays(-1); return(CertificateFactory.CreateCertificate( null, null, null, application.ApplicationUri ?? "urn:ApplicationURI", application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName", info.Subject.ToString(), domainNames, Configuration.DefaultCertificateKeySize, yesterday, Configuration.DefaultCertificateLifetime, Configuration.DefaultCertificateHashSize, false, await LoadSigningKeyAsync(Certificate, string.Empty), info.SubjectPublicKeyInfo.GetEncoded())); }
public void RegisterDuplicateGoodApplications() { AssertIgnoreTestWithoutGoodRegistration(); ConnectGDS(true); foreach (var application in _goodApplicationTestSet) { ApplicationRecordDataType newRecord = (ApplicationRecordDataType)application.ApplicationRecord.MemberwiseClone(); newRecord.ApplicationId = null; NodeId id = _gdsClient.GDSClient.RegisterApplication(newRecord); Assert.NotNull(id); Assert.IsFalse(id.IsNullNodeId); Assert.That(id.IdType == IdType.Guid || id.IdType == IdType.String); newRecord.ApplicationId = id; var applicationDataRecords = _gdsClient.GDSClient.FindApplication(newRecord.ApplicationUri); Assert.NotNull(applicationDataRecords); bool newIdFound = false; bool registeredIdFound = false; foreach (var applicationDataRecord in applicationDataRecords) { if (applicationDataRecord.ApplicationId == newRecord.ApplicationId) { _gdsClient.GDSClient.UnregisterApplication(id); newIdFound = true; } else if (applicationDataRecord.ApplicationId == application.ApplicationRecord.ApplicationId) { registeredIdFound = true; } } Assert.IsTrue(newIdFound); Assert.IsTrue(registeredIdFound); } }
/// <summary> /// Creates a new key pair with certificate offline and signs it with KeyVault. /// </summary> public override async Task <Opc.Ua.Gds.Server.X509Certificate2KeyPair> NewKeyPairRequestAsync( ApplicationRecordDataType application, string subjectName, string[] domainNames, string privateKeyFormat, string privateKeyPassword) { if (!privateKeyFormat.Equals("PFX", StringComparison.OrdinalIgnoreCase) && !privateKeyFormat.Equals("PEM", StringComparison.OrdinalIgnoreCase)) { throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format"); } DateTime notBefore = DateTime.UtcNow.AddDays(-1); // create public/private key pair using (RSA keyPair = RSA.Create(Configuration.DefaultCertificateKeySize)) { await LoadPublicAssets().ConfigureAwait(false); string authorityInformationAccess = BuildAuthorityInformationAccessUrl(); // sign public key with KeyVault var signedCert = await KeyVaultCertFactory.CreateSignedCertificate( application.ApplicationUri, application.ApplicationNames.Count > 0?application.ApplicationNames[0].Text : "ApplicationName", subjectName, domainNames, Configuration.DefaultCertificateKeySize, notBefore, notBefore.AddMonths(Configuration.DefaultCertificateLifetime), Configuration.DefaultCertificateHashSize, Certificate, keyPair, new KeyVaultSignatureGenerator(_keyVaultServiceClient, _caCertKeyIdentifier, Certificate), extensionUrl : authorityInformationAccess); // Create a PEM or PFX using (var signedCertWithPrivateKey = CreateCertificateWithPrivateKey(signedCert, keyPair)) { byte[] privateKey; if (privateKeyFormat.Equals("PFX", StringComparison.OrdinalIgnoreCase)) { privateKey = signedCertWithPrivateKey.Export(X509ContentType.Pfx, privateKeyPassword); } else if (privateKeyFormat.Equals("PEM", StringComparison.OrdinalIgnoreCase)) { privateKey = CertificateFactory.ExportPrivateKeyAsPEM(signedCertWithPrivateKey); } else { throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format"); } return(new Opc.Ua.Gds.Server.X509Certificate2KeyPair(new X509Certificate2(signedCertWithPrivateKey.RawData), privateKeyFormat, privateKey)); } } }
private ServiceResult OnGetApplication( ISystemContext context, MethodState method, NodeId objectId, NodeId applicationId, ref ApplicationRecordDataType application) { HasApplicationUserAccess(context); Utils.Trace(Utils.TraceMasks.Information, "OnGetApplication: {0}", applicationId); application = m_database.GetApplication(applicationId); return(ServiceResult.Good); }
/// <summary> /// Updates the application. /// </summary> /// <param name="application">The application.</param> public void UpdateApplication(ApplicationRecordDataType application) { if (!IsConnected) { Connect(); } Session.Call( ExpandedNodeId.ToNodeId(Opc.Ua.Gds.ObjectIds.Directory, Session.NamespaceUris), ExpandedNodeId.ToNodeId(Opc.Ua.Gds.MethodIds.Directory_UpdateApplication, Session.NamespaceUris), application); }
private void Initialize() { ApplicationRecord = new ApplicationRecordDataType(); CertificateGroupId = null; CertificateTypeId = null; CertificateRequestId = null; DomainNames = new StringCollection(); Subject = null; PrivateKeyFormat = "PFX"; PrivateKeyPassword = ""; Certificate = null; PrivateKey = null; IssuerCertificates = null; }
private ServiceResult OnRegisterApplication( ISystemContext context, MethodState method, NodeId objectId, ApplicationRecordDataType application, ref NodeId applicationId) { HasApplicationAdminAccess(context); Utils.Trace(Utils.TraceMasks.Information, "OnRegisterApplication: {0}", application.ApplicationUri); applicationId = m_database.RegisterApplication(application); return(ServiceResult.Good); }
/// <summary> /// Creates a new key pair as KeyVault certificate and signs it with KeyVault. /// </summary> public async Task <Opc.Ua.Gds.Server.X509Certificate2KeyPair> NewKeyPairRequestKeyVaultCertAsync( ApplicationRecordDataType application, string subjectName, string[] domainNames, string privateKeyFormat, string privateKeyPassword) { await LoadPublicAssets().ConfigureAwait(false); DateTime notBefore = TrimmedNotBeforeDate(); DateTime notAfter = notBefore.AddMonths(Configuration.DefaultCertificateLifetime); string authorityInformationAccess = BuildAuthorityInformationAccessUrl(); // create new cert with KeyVault using (var signedCertWithPrivateKey = await _keyVaultServiceClient.CreateSignedKeyPairCertAsync( Configuration.Id, Certificate, application.ApplicationUri, application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName", subjectName, domainNames, notBefore, notAfter, Configuration.DefaultCertificateKeySize, Configuration.DefaultCertificateHashSize, new KeyVaultSignatureGenerator(_keyVaultServiceClient, _caCertKeyIdentifier, Certificate), authorityInformationAccess ).ConfigureAwait(false)) { byte[] privateKey; if (privateKeyFormat == "PFX") { privateKey = signedCertWithPrivateKey.Export(X509ContentType.Pfx, privateKeyPassword); } else if (privateKeyFormat == "PEM") { privateKey = CertificateFactory.ExportPrivateKeyAsPEM(signedCertWithPrivateKey); } else { throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format"); } return(new Opc.Ua.Gds.Server.X509Certificate2KeyPair(new X509Certificate2(signedCertWithPrivateKey.RawData), privateKeyFormat, privateKey)); } }
public IList <ApplicationTestData> ApplicationTestSet(int count, bool invalidateSet) { var testDataSet = new List <ApplicationTestData>(); for (int i = 0; i < count; i++) { var testData = RandomApplicationTestData(); if (invalidateSet) { ApplicationRecordDataType appRecord = testData.ApplicationRecord; appRecord.ApplicationId = new NodeId(Guid.NewGuid()); switch (i % 4) { case 0: appRecord.ApplicationUri = _dataGenerator.GetRandomString(); break; case 1: appRecord.ApplicationType = (ApplicationType)_randomSource.NextInt32(100) + 8; break; case 2: appRecord.ProductUri = _dataGenerator.GetRandomString(); break; case 3: appRecord.DiscoveryUrls = appRecord.ApplicationType == ApplicationType.Client ? RandomDiscoveryUrl(new StringCollection { "xxxyyyzzz" }, _randomSource.NextInt32(0x7fff), "TestClient") : null; break; case 4: appRecord.ServerCapabilities = appRecord.ApplicationType == ApplicationType.Client ? RandomServerCapabilities() : null; break; case 5: appRecord.ApplicationId = new NodeId(100); break; } } testDataSet.Add(testData); } return(testDataSet); }
private string GetSubjectName(ApplicationRecordDataType application, CertificateGroup certificateGroup, string subjectName) { bool contextFound = false; var fields = Utils.ParseDistinguishedName(subjectName); StringBuilder builder = new StringBuilder(); foreach (var field in fields) { if (builder.Length > 0) { builder.Append(","); } if (field.StartsWith("CN=", StringComparison.Ordinal)) { if (certificateGroup.Id == DefaultHttpsGroupId) { var error = CheckHttpsDomain(application, field.Substring(3)); if (StatusCode.IsBad(error.StatusCode)) { builder.Append("CN="); builder.Append(GetDefaultHttpsDomain(application)); continue; } } } contextFound |= (field.StartsWith("DC=", StringComparison.Ordinal) || field.StartsWith("O=", StringComparison.Ordinal)); builder.Append(field); } if (!contextFound) { if (!String.IsNullOrEmpty(m_configuration.DefaultSubjectNameContext)) { builder.Append(m_configuration.DefaultSubjectNameContext); } } return(builder.ToString()); }
/// <summary> /// Create a certificate with a new key pair signed by the CA of the cert group. /// </summary> /// <param name="application">The application record.</param> /// <param name="subjectName">The subject of the certificate.</param> /// <param name="domainNames">The domain names for the subject alt name extension.</param> /// <param name="privateKeyFormat">The private key format as PFX or PEM.</param> /// <param name="privateKeyPassword">A password for the private key.</param> public virtual async Task <X509Certificate2KeyPair> NewKeyPairRequestAsync( ApplicationRecordDataType application, string subjectName, string[] domainNames, string privateKeyFormat, string privateKeyPassword) { if (application == null) { throw new ArgumentNullException(nameof(application)); } if (application.ApplicationUri == null) { throw new ArgumentNullException(nameof(application.ApplicationUri)); } if (application.ApplicationNames == null) { throw new ArgumentNullException(nameof(application.ApplicationNames)); } using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty).ConfigureAwait(false)) using (var certificate = CertificateFactory.CreateCertificate( application.ApplicationUri, application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName", subjectName, domainNames) .SetIssuer(signingKey) .CreateForRSA()) { byte[] privateKey; if (privateKeyFormat == "PFX") { privateKey = certificate.Export(X509ContentType.Pfx, privateKeyPassword); } else if (privateKeyFormat == "PEM") { privateKey = PEMWriter.ExportPrivateKeyAsPEM(certificate, privateKeyPassword); } else { throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format"); } return(new X509Certificate2KeyPair(new X509Certificate2(certificate.RawData), privateKeyFormat, privateKey)); } }
/// <summary> /// Registers the application. /// </summary> /// <param name="application">The application.</param> /// <returns>The application id assigned to the application.</returns> public NodeId RegisterApplication(ApplicationRecordDataType application) { if (!IsConnected) { Connect(); } var outputArguments = Session.Call( ExpandedNodeId.ToNodeId(Opc.Ua.Gds.ObjectIds.Directory, Session.NamespaceUris), ExpandedNodeId.ToNodeId(Opc.Ua.Gds.MethodIds.Directory_RegisterApplication, Session.NamespaceUris), application); if (outputArguments.Count >= 1) { return(outputArguments[0] as NodeId); } return(null); }
private string GetDefaultHttpsDomain(ApplicationRecordDataType application) { if (application.DiscoveryUrls != null) { foreach (var discoveryUrl in application.DiscoveryUrls) { if (Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute)) { Uri url = new Uri(discoveryUrl); if (url.Scheme == Utils.UriSchemeHttps) { return(url.DnsSafeHost); } } } } throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Cannot issue HTTPS certificates to server applications without a HTTPS discovery URL."); }
private ServiceResult OnUpdateApplication( ISystemContext context, MethodState method, NodeId objectId, ApplicationRecordDataType application) { HasApplicationAdminAccess(context); Utils.Trace(Utils.TraceMasks.Information, "OnUpdateApplication: {0}", application.ApplicationUri); var record = m_database.GetApplication(application.ApplicationId); if (record == null) { return(new ServiceResult(StatusCodes.BadNotFound, "The application id does not exist.")); } m_database.RegisterApplication(application); return(ServiceResult.Good); }
public virtual async Task <X509Certificate2KeyPair> NewKeyPairRequestAsync( ApplicationRecordDataType application, string subjectName, string[] domainNames, string privateKeyFormat, string privateKeyPassword) { using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty)) using (var certificate = CertificateFactory.CreateCertificate( null, null, null, application.ApplicationUri ?? "urn:ApplicationURI", application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName", subjectName, domainNames, Configuration.DefaultCertificateKeySize, DateTime.UtcNow.AddDays(-1), Configuration.DefaultCertificateLifetime, Configuration.DefaultCertificateHashSize, false, signingKey, null)) { byte[] privateKey; if (privateKeyFormat == "PFX") { privateKey = certificate.Export(X509ContentType.Pfx, privateKeyPassword); } else if (privateKeyFormat == "PEM") { privateKey = CertificateFactory.ExportPrivateKeyAsPEM(certificate); } else { throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format"); } return(new X509Certificate2KeyPair(new X509Certificate2(certificate.RawData), privateKeyFormat, privateKey)); } }
public virtual async Task <X509Certificate2> NewKeyPairRequestAsync( ApplicationRecordDataType application, string subjectName, string[] domainNames, string privateKeyFormat, string privateKeyPassword) { return(CertificateFactory.CreateCertificate( null, null, null, application.ApplicationUri ?? "urn:ApplicationURI", application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName", subjectName, domainNames, Configuration.DefaultCertificateKeySize, DateTime.UtcNow.AddDays(-1), Configuration.DefaultCertificateLifetime, Configuration.DefaultCertificateHashSize, false, await LoadSigningKeyAsync(Certificate, string.Empty), null)); }
public virtual Task VerifySigningRequestAsync( ApplicationRecordDataType application, byte[] certificateRequest) { try { var pkcs10CertificationRequest = new Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest(certificateRequest); if (!pkcs10CertificationRequest.Verify()) { throw new ServiceResultException(StatusCodes.BadInvalidArgument, "CSR signature invalid."); } var info = pkcs10CertificationRequest.GetCertificationRequestInfo(); var altNameExtension = GetAltNameExtensionFromCSRInfo(info); if (altNameExtension != null) { if (altNameExtension.Uris.Count > 0) { if (!altNameExtension.Uris.Contains(application.ApplicationUri)) { throw new ServiceResultException(StatusCodes.BadCertificateUriInvalid, "CSR AltNameExtension does not match " + application.ApplicationUri); } } } return(Task.CompletedTask); } catch (Exception ex) { if (ex is ServiceResultException) { throw ex as ServiceResultException; } throw new ServiceResultException(StatusCodes.BadInvalidArgument, ex.Message); } }
private ServiceResult CheckHttpsDomain(ApplicationRecordDataType application, string commonName) { if (application.ApplicationType == ApplicationType.Client) { return(new ServiceResult(StatusCodes.BadInvalidArgument, "Cannot issue HTTPS certificates to client applications.")); } bool found = false; if (application.DiscoveryUrls != null) { foreach (var discoveryUrl in application.DiscoveryUrls) { if (Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute)) { Uri url = new Uri(discoveryUrl); if (url.Scheme == Utils.UriSchemeHttps) { if (Utils.AreDomainsEqual(commonName, url.DnsSafeHost)) { found = true; break; } } } } } if (!found) { return(new ServiceResult(StatusCodes.BadInvalidArgument, "Cannot issue HTTPS certificates to server applications without a matching HTTPS discovery URL.")); } return(ServiceResult.Good); }
public override NodeId RegisterApplication( ApplicationRecordDataType application ) { NodeId appNodeId = base.RegisterApplication(application); if (NodeId.IsNull(appNodeId)) { appNodeId = new NodeId(Guid.NewGuid(), NamespaceIndex); } Guid applicationId = GetNodeIdGuid(appNodeId); string capabilities = base.ServerCapabilities(application); lock (Lock) { Application record = null; if (applicationId != Guid.Empty) { var results = from ii in Applications where ii.ApplicationId == applicationId select ii; record = results.SingleOrDefault(); if (record != null) { var endpoints = (from ii in ServerEndpoints where ii.ApplicationId == record.ApplicationId select ii).ToList <ServerEndpoint>(); foreach (var endpoint in endpoints) { ServerEndpoints.Remove(endpoint); } var names = (from ii in ApplicationNames where ii.ApplicationId == record.ApplicationId select ii).ToList <ApplicationName>(); foreach (var name in names) { ApplicationNames.Remove(name); } SaveChanges(); } } bool isNew = false; if (record == null) { applicationId = Guid.NewGuid(); record = new Application() { ApplicationId = applicationId, ID = 0 }; isNew = true; } record.ApplicationUri = application.ApplicationUri; record.ApplicationName = application.ApplicationNames[0].Text; record.ApplicationType = (int)application.ApplicationType; record.ProductUri = application.ProductUri; record.ServerCapabilities = capabilities; if (isNew) { Applications.Add(record); } SaveChanges(); if (application.DiscoveryUrls != null) { foreach (var discoveryUrl in application.DiscoveryUrls) { ServerEndpoints.Add( new ServerEndpoint() { ApplicationId = record.ApplicationId, DiscoveryUrl = discoveryUrl }); } } if (application.ApplicationNames != null && application.ApplicationNames.Count > 0) { foreach (var applicationName in application.ApplicationNames) { ApplicationNames.Add(new ApplicationName() { ApplicationId = record.ApplicationId, Locale = applicationName.Locale, Text = applicationName.Text }); } } SaveChanges(); return(new NodeId(applicationId, NamespaceIndex)); } }
public virtual NodeId RegisterApplication( ApplicationRecordDataType application ) { if (application == null) { throw new ArgumentNullException(nameof(application)); } if (application.ApplicationUri == null) { throw new ArgumentNullException("ApplicationUri"); } if (!Uri.IsWellFormedUriString(application.ApplicationUri, UriKind.Absolute)) { throw new ArgumentException(application.ApplicationUri + " is not a valid URI.", "ApplicationUri"); } if (application.ApplicationType < ApplicationType.Server || application.ApplicationType > ApplicationType.DiscoveryServer) { throw new ArgumentException(application.ApplicationType.ToString() + " is not a valid ApplicationType.", "ApplicationType"); } if (application.ApplicationNames == null || application.ApplicationNames.Count == 0 || LocalizedText.IsNullOrEmpty(application.ApplicationNames[0])) { throw new ArgumentException("At least one ApplicationName must be provided.", "ApplicationNames"); } if (String.IsNullOrEmpty(application.ProductUri)) { throw new ArgumentException("A ProductUri must be provided.", "ProductUri"); } if (!Uri.IsWellFormedUriString(application.ProductUri, UriKind.Absolute)) { throw new ArgumentException(application.ProductUri + " is not a valid URI.", "ProductUri"); } if (application.DiscoveryUrls != null) { foreach (var discoveryUrl in application.DiscoveryUrls) { if (String.IsNullOrEmpty(discoveryUrl)) { continue; } if (!Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute)) { throw new ArgumentException(discoveryUrl + " is not a valid URL.", "DiscoveryUrls"); } } } if (application.ApplicationType != ApplicationType.Client) { if (application.DiscoveryUrls == null || application.DiscoveryUrls.Count == 0) { throw new ArgumentException("At least one DiscoveryUrl must be provided.", "DiscoveryUrls"); } if (application.ServerCapabilities == null || application.ServerCapabilities.Count == 0) { application.ServerCapabilities = new StringCollection() { "NA" }; } } else { if (application.DiscoveryUrls != null && application.DiscoveryUrls.Count > 0) { throw new ArgumentException("DiscoveryUrls must not be specified for clients.", "DiscoveryUrls"); } } NodeId nodeId = new NodeId(); if (!NodeId.IsNull(application.ApplicationId)) { // verify node integrity switch (application.ApplicationId.IdType) { case IdType.Guid: nodeId = new NodeId((Guid)application.ApplicationId.Identifier, NamespaceIndex); break; case IdType.String: nodeId = new NodeId((string)application.ApplicationId.Identifier, NamespaceIndex); break; default: throw new ArgumentException("The ApplicationId has invalid type {0}", application.ApplicationId.ToString()); } } return(nodeId); }
public NodeId RegisterApplication(ApplicationRecordDataType application) { if (application == null) { throw new ArgumentNullException(nameof(application)); } if (application.ApplicationUri == null) { throw new ArgumentNullException("ApplicationUri"); } if (!Uri.IsWellFormedUriString(application.ApplicationUri, UriKind.Absolute)) { throw new ArgumentException(application.ApplicationUri + " is not a valid URI.", "ApplicationUri"); } if (application.ApplicationType < ApplicationType.Server || application.ApplicationType > ApplicationType.DiscoveryServer) { throw new ArgumentException(application.ApplicationType.ToString() + " is not a valid ApplicationType.", "ApplicationType"); } if (application.ApplicationNames == null || application.ApplicationNames.Count == 0 || LocalizedText.IsNullOrEmpty(application.ApplicationNames[0])) { throw new ArgumentException("At least one ApplicationName must be provided.", "ApplicationNames"); } if (String.IsNullOrEmpty(application.ProductUri)) { throw new ArgumentException("A ProductUri must be provided.", "ProductUri"); } if (!Uri.IsWellFormedUriString(application.ProductUri, UriKind.Absolute)) { throw new ArgumentException(application.ProductUri + " is not a valid URI.", "ProductUri"); } if (application.DiscoveryUrls != null) { foreach (var discoveryUrl in application.DiscoveryUrls) { if (String.IsNullOrEmpty(discoveryUrl)) { continue; } if (!Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute)) { throw new ArgumentException(discoveryUrl + " is not a valid URL.", "DiscoveryUrls"); } } } if (application.ApplicationType != ApplicationType.Client) { if (application.DiscoveryUrls == null || application.DiscoveryUrls.Count == 0) { throw new ArgumentException("At least one DiscoveryUrl must be provided.", "DiscoveryUrls"); } } else { if (application.DiscoveryUrls != null && application.DiscoveryUrls.Count > 0) { throw new ArgumentException("DiscoveryUrls must not be specified for clients.", "DiscoveryUrls"); } } StringBuilder capabilities = new StringBuilder(); if (application.ServerCapabilities != null) { foreach (var capability in application.ServerCapabilities) { if (String.IsNullOrEmpty(capability)) { continue; } if (capabilities.Length > 0) { capabilities.Append(','); } capabilities.Append(capability); } } if (application.ApplicationType != ApplicationType.Client) { if (application.ServerCapabilities == null || application.ServerCapabilities.Count == 0) { throw new ArgumentException("At least one Server Capability must be provided.", "ServerCapabilities"); } } Guid applicationId = Guid.Empty; if (!NodeId.IsNull(application.ApplicationId)) { if (application.ApplicationId.IdType != IdType.Guid) { throw new ArgumentException("The ApplicationId to does refer to a existing record.", "ApplicationId"); } applicationId = (Guid)application.ApplicationId.Identifier; } using (gdsdbEntities entities = new gdsdbEntities()) { Application record = null; if (applicationId != Guid.Empty) { var results = from ii in entities.Applications where ii.ApplicationId == applicationId select ii; record = results.SingleOrDefault(); if (record != null) { var endpoints = from ii in entities.ServerEndpoints where ii.ApplicationId == record.ID select ii; foreach (var endpoint in endpoints) { entities.ServerEndpoints.Remove(endpoint); } var names = from ii in entities.ApplicationNames where ii.ApplicationId == record.ID select ii; foreach (var name in names) { entities.ApplicationNames.Remove(name); } entities.SaveChanges(); } } bool isNew = false; if (record == null) { record = new Application() { ApplicationId = Guid.NewGuid() }; isNew = true; } record.ApplicationUri = application.ApplicationUri; record.ApplicationName = application.ApplicationNames[0].Text; record.ApplicationType = (int)application.ApplicationType; record.ProductUri = application.ProductUri; record.ServerCapabilities = capabilities.ToString(); if (isNew) { entities.Applications.Add(record); } entities.SaveChanges(); if (application.DiscoveryUrls != null) { foreach (var discoveryUrl in application.DiscoveryUrls) { entities.ServerEndpoints.Add(new ServerEndpoint() { ApplicationId = record.ID, DiscoveryUrl = discoveryUrl }); } } if (application.ApplicationNames != null && application.ApplicationNames.Count > 1) { foreach (var applicationName in application.ApplicationNames) { entities.ApplicationNames.Add(new ApplicationName() { ApplicationId = record.ID, Locale = applicationName.Locale, Text = applicationName.Text }); } } entities.SaveChanges(); return(new NodeId(record.ApplicationId, NamespaceIndex)); } }
public virtual async Task <X509Certificate2> SigningRequestAsync( ApplicationRecordDataType application, string[] domainNames, byte[] certificateRequest) { try { var pkcs10CertificationRequest = new Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest(certificateRequest); if (!pkcs10CertificationRequest.Verify()) { throw new ServiceResultException(StatusCodes.BadInvalidArgument, "CSR signature invalid."); } var info = pkcs10CertificationRequest.GetCertificationRequestInfo(); var altNameExtension = GetAltNameExtensionFromCSRInfo(info); if (altNameExtension != null) { if (altNameExtension.Uris.Count > 0) { if (!altNameExtension.Uris.Contains(application.ApplicationUri)) { throw new ServiceResultException(StatusCodes.BadCertificateUriInvalid, "CSR AltNameExtension does not match " + application.ApplicationUri); } } if (altNameExtension.IPAddresses.Count > 0 || altNameExtension.DomainNames.Count > 0) { var domainNameList = new List <string>(); domainNameList.AddRange(altNameExtension.DomainNames); domainNameList.AddRange(altNameExtension.IPAddresses); domainNames = domainNameList.ToArray(); } } DateTime yesterday = DateTime.UtcNow.AddDays(-1); using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty)) { return(CertificateFactory.CreateCertificate( null, null, null, application.ApplicationUri ?? "urn:ApplicationURI", application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName", info.Subject.ToString(), domainNames, Configuration.DefaultCertificateKeySize, yesterday, Configuration.DefaultCertificateLifetime, Configuration.DefaultCertificateHashSize, false, signingKey, info.SubjectPublicKeyInfo.GetEncoded())); } } catch (Exception ex) { if (ex is ServiceResultException) { throw ex as ServiceResultException; } throw new ServiceResultException(StatusCodes.BadInvalidArgument, ex.Message); } }
public virtual NodeId RegisterApplication( ApplicationRecordDataType application ) { if (application == null) { throw new ArgumentNullException(nameof(application)); } if (application.ApplicationUri == null) { throw new ArgumentNullException("ApplicationUri"); } if (!Uri.IsWellFormedUriString(application.ApplicationUri, UriKind.Absolute)) { throw new ArgumentException(application.ApplicationUri + " is not a valid URI.", "ApplicationUri"); } if (application.ApplicationType < ApplicationType.Server || application.ApplicationType > ApplicationType.DiscoveryServer) { throw new ArgumentException(application.ApplicationType.ToString() + " is not a valid ApplicationType.", "ApplicationType"); } if (application.ApplicationNames == null || application.ApplicationNames.Count == 0 || LocalizedText.IsNullOrEmpty(application.ApplicationNames[0])) { throw new ArgumentException("At least one ApplicationName must be provided.", "ApplicationNames"); } if (String.IsNullOrEmpty(application.ProductUri)) { throw new ArgumentException("A ProductUri must be provided.", "ProductUri"); } if (!Uri.IsWellFormedUriString(application.ProductUri, UriKind.Absolute)) { throw new ArgumentException(application.ProductUri + " is not a valid URI.", "ProductUri"); } if (application.DiscoveryUrls != null) { foreach (var discoveryUrl in application.DiscoveryUrls) { if (String.IsNullOrEmpty(discoveryUrl)) { continue; } if (!Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute)) { throw new ArgumentException(discoveryUrl + " is not a valid URL.", "DiscoveryUrls"); } } } if (application.ApplicationType != ApplicationType.Client) { if (application.DiscoveryUrls == null || application.DiscoveryUrls.Count == 0) { throw new ArgumentException("At least one DiscoveryUrl must be provided.", "DiscoveryUrls"); } if (application.ServerCapabilities == null || application.ServerCapabilities.Count == 0) { throw new ArgumentException("At least one Server Capability must be provided.", "ServerCapabilities"); } } else { if (application.DiscoveryUrls != null && application.DiscoveryUrls.Count > 0) { throw new ArgumentException("DiscoveryUrls must not be specified for clients.", "DiscoveryUrls"); } } Guid applicationId = Guid.Empty; if (!NodeId.IsNull(application.ApplicationId)) { if (application.ApplicationId.IdType != IdType.Guid) { throw new ArgumentException("The ApplicationId has not the type Guid.", "ApplicationId"); } applicationId = (Guid)application.ApplicationId.Identifier; } return(new NodeId(applicationId, NamespaceIndex)); }
public NodeId RegisterApplication(ApplicationRecordDataType application) { NodeId appNodeId = application.ApplicationId; if (NodeId.IsNull(appNodeId)) { appNodeId = new NodeId(Guid.NewGuid(), NamespaceIndex); } Guid applicationId = (Guid)appNodeId.Identifier; StringBuilder capabilities = new StringBuilder(); application.ServerCapabilities.Sort(); foreach (string capability in application.ServerCapabilities) { if (string.IsNullOrEmpty(capability)) { continue; } if (capabilities.Length > 0) { capabilities.Append(','); } capabilities.Append(capability); } lock (Lock) { Application record = null; if (applicationId != Guid.Empty) { IEnumerable <Application> results = from x in Applications where x.ApplicationId == applicationId select x; record = results.SingleOrDefault(); if (record != null) { List <ServerEndpoint> endpoints = (from ii in ServerEndpoints where ii.ApplicationId == record.ApplicationId select ii).ToList(); foreach (var endpoint in endpoints) { ServerEndpoints.Remove(endpoint); } List <ApplicationName> names = (from ii in ApplicationNames where ii.ApplicationId == record.ApplicationId select ii).ToList(); foreach (var name in names) { ApplicationNames.Remove(name); } SaveChanges(); } } bool isNew = false; if (record == null) { applicationId = Guid.NewGuid(); record = new Application() { ApplicationId = applicationId, ID = 0 }; isNew = true; } record.ApplicationUri = application.ApplicationUri; record.ApplicationName = application.ApplicationNames[0].Text; record.ApplicationType = (int)application.ApplicationType; record.ProductUri = application.ProductUri; record.ServerCapabilities = capabilities.ToString(); if (isNew) { Applications.Add(record); } SaveChanges(); if (application.DiscoveryUrls != null) { foreach (var discoveryUrl in application.DiscoveryUrls) { ServerEndpoints.Add(new ServerEndpoint() { ApplicationId = record.ApplicationId, DiscoveryUrl = discoveryUrl }); } } if (application.ApplicationNames != null && application.ApplicationNames.Count > 0) { foreach (var applicationName in application.ApplicationNames) { ApplicationNames.Add(new ApplicationName() { ApplicationId = record.ApplicationId, Locale = applicationName.Locale, Text = applicationName.Text }); } } SaveChanges(); return(new NodeId(applicationId, NamespaceIndex)); } }
public virtual async Task <X509Certificate2> SigningRequestAsync( ApplicationRecordDataType application, string[] domainNames, byte[] certificateRequest) { try { var pkcs10CertificationRequest = new Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest(certificateRequest); if (!pkcs10CertificationRequest.Verify()) { throw new ServiceResultException(StatusCodes.BadInvalidArgument, "CSR signature invalid."); } var info = pkcs10CertificationRequest.GetCertificationRequestInfo(); var altNameExtension = GetAltNameExtensionFromCSRInfo(info); if (altNameExtension != null) { if (altNameExtension.Uris.Count > 0) { if (!altNameExtension.Uris.Contains(application.ApplicationUri)) { throw new ServiceResultException(StatusCodes.BadCertificateUriInvalid, "CSR AltNameExtension does not match " + application.ApplicationUri); } } if (altNameExtension.IPAddresses.Count > 0 || altNameExtension.DomainNames.Count > 0) { var domainNameList = new List <string>(); domainNameList.AddRange(altNameExtension.DomainNames); domainNameList.AddRange(altNameExtension.IPAddresses); domainNames = domainNameList.ToArray(); } } DateTime yesterday = DateTime.Today.AddDays(-1); using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty).ConfigureAwait(false)) { return(CertificateFactory.CreateCertificate( application.ApplicationUri, null, info.Subject.ToString(), domainNames) .SetNotBefore(yesterday) .SetLifeTime(Configuration.DefaultCertificateLifetime) .SetHashAlgorithm(X509Utils.GetRSAHashAlgorithmName(Configuration.DefaultCertificateHashSize)) .SetIssuer(signingKey) .SetRSAPublicKey(info.SubjectPublicKeyInfo.GetEncoded()) .CreateForRSA()); } } catch (Exception ex) { if (ex is ServiceResultException) { throw ex as ServiceResultException; } throw new ServiceResultException(StatusCodes.BadInvalidArgument, ex.Message); } }
public override NodeId RegisterApplication( ApplicationRecordDataType application ) { bool isUpdate = true; string applicationId = null; NodeId appNodeId = base.RegisterApplication(application); if (NodeId.IsNull(appNodeId)) { isUpdate = false; } else { applicationId = OpcVaultClientHelper.GetServiceIdFromNodeId(appNodeId, NamespaceIndex); } string capabilities = base.ServerCapabilities(application); ApplicationRecordApiModel applicationModel = new ApplicationRecordApiModel( ApplicationState.New, (Microsoft.Azure.IIoT.OpcUa.Api.Vault.Models.ApplicationType)application.ApplicationType, applicationId ) { ApplicationUri = application.ApplicationUri, ApplicationName = application.ApplicationNames[0].Text, //ApplicationType = (ApplicationType)application.ApplicationType, ProductUri = application.ProductUri, ServerCapabilities = capabilities }; if (application.DiscoveryUrls != null) { applicationModel.DiscoveryUrls = application.DiscoveryUrls.ToArray(); } if (application.ApplicationNames != null && application.ApplicationNames.Count > 0) { var applicationNames = new List <ApplicationNameApiModel>(); foreach (var applicationName in application.ApplicationNames) { applicationNames.Add(new ApplicationNameApiModel() { Locale = applicationName.Locale, Text = applicationName.Text }); } applicationModel.ApplicationNames = applicationNames.ToArray(); } if (isUpdate) { applicationModel = _opcVaultServiceClient.UpdateApplication(applicationId, applicationModel); } else { applicationModel = _opcVaultServiceClient.RegisterApplication(applicationModel); applicationId = applicationModel.ApplicationId; } return(OpcVaultClientHelper.GetNodeIdFromServiceId(applicationId, NamespaceIndex)); }