Beispiel #1
0
        /// <summary>
        /// Activates the session.
        /// </summary>
        public byte[] Activate(
            SignatureData signature,
            ListOfString localeIds,
            ExtensionObject userIdentityToken,
            SignatureData userTokenSignature)
        {
            lock (m_lock)
            {
                if (m_clientCertificate != null)
                {
                    // validate the client's signature.
                    byte[] dataToSign = SecurityUtils.Append(m_endpoint.ServerCertificate, m_serverNonce);

                    bool valid = SecurityUtils.Verify(
                        m_clientCertificate,
                        m_endpoint.SecurityPolicyUri,
                        dataToSign,
                        signature);

                    if (!valid)
                    {
                        throw new StatusCodeException(
                                  StatusCodes.BadSecurityChecksFailed,
                                  "Client did not provide a correct signature for the nonce data provided by the server.");
                    }
                }

                m_activated = true;
                m_localeIds = localeIds;

                // TBD - validate the user identity token.

                // return a new nonce.
                RNGCryptoServiceProvider random = new RNGCryptoServiceProvider();
                random.GetBytes(m_serverNonce);
                return(m_serverNonce);
            }
        }
Beispiel #2
0
        /// <summary>
        /// Creates a session with the server that is independent of the network connection.
        /// </summary>
        public CreateSessionResponseMessage CreateSession(CreateSessionMessage request)
        {
            try
            {
                lock (m_lock)
                {
                    InitializeApplicationDescription();

                    // create a new session object.
                    Session session = new Session();

                    NodeId sessionId;
                    NodeId authenticationToken;
                    byte[] serverNonce;
                    double revisedSessionTimeout;

                    EndpointDescription endpoint = m_endpoints[0];

                    // the session object validates the incoming parameters and produces faults on error.
                    session.Create(
                        endpoint,
                        request.ClientDescription,
                        request.ClientCertificate,
                        request.SessionName,
                        request.RequestedSessionTimeout,
                        out sessionId,
                        out authenticationToken,
                        out serverNonce,
                        out revisedSessionTimeout);

                    // save the session.
                    m_sessions.Add(authenticationToken.Identifier, session);

                    // the server application must authenticate itself to the client by providing a signature.
                    // this process is redundant for applications using WS-SecureConversation with mutual certificate
                    // exchange, however, the UA specification requires this step to ensure that secure channel
                    // technologies such as machine-to-machine VPNs can be used instead without sacrificing the
                    // ability to identify the remote applications.

                    byte[] dataToSign = SecurityUtils.Append(request.ClientCertificate, request.ClientNonce);

                    SignatureData serverSignature = SecurityUtils.Sign(
                        m_serverCertificate,
                        endpoint.SecurityPolicyUri,
                        dataToSign);

                    // contruct the response.
                    CreateSessionResponseMessage response = new CreateSessionResponseMessage();

                    response.ResponseHeader             = CreateResponseHeader(request.RequestHeader);
                    response.SessionId                  = sessionId;
                    response.AuthenticationToken        = authenticationToken;
                    response.MaxRequestMessageSize      = request.MaxResponseMessageSize;
                    response.RevisedSessionTimeout      = revisedSessionTimeout;
                    response.ServerNonce                = serverNonce;
                    response.ServerCertificate          = m_serverCertificate.GetRawCertData();
                    response.ServerSignature            = serverSignature;
                    response.ServerEndpoints            = m_endpoints;
                    response.ServerSoftwareCertificates = new ListOfSignedSoftwareCertificate();

                    return(response);
                }
            }
            catch (Exception e)
            {
                throw CreateSoapFault(request.RequestHeader, e);
            }
        }
Beispiel #3
0
        /// <summary>
        /// Creates a session with the server.
        /// </summary>
        public void CreateSession()
        {
            ApplicationDescription description = new ApplicationDescription();

            description.ApplicationName = new LocalizedText("UA Sample Client");
            description.ApplicationType = ApplicationType.Client_1;
            description.ApplicationUri  = "http://localhost/UASampleClient";

            byte[] serverCertificateData;
            ListOfEndpointDescription       serverEndpoints;
            ListOfSignedSoftwareCertificate serverSoftwareCertificates;
            SignatureData serverSignature;

            // create a client nonce.
            byte[] clientNonce = new byte[32];
            RNGCryptoServiceProvider random = new RNGCryptoServiceProvider();

            random.GetBytes(clientNonce);

            string endpointUrl = this.Endpoint.Address.Uri.ToString();

            // create the session.
            CreateSession(
                CreateRequestHeader(),
                description,
                null,
                this.Endpoint.Address.Uri.ToString(),
                "My Session",
                clientNonce,
                m_clientCertificate.RawData,
                600000,
                0,
                out m_sessionId,
                out m_authenticationToken,
                out m_sessionTimeout,
                out m_serverNonce,
                out serverCertificateData,
                out serverEndpoints,
                out serverSoftwareCertificates,
                out serverSignature,
                out m_maxRequestMessageSize);

            // find the endpoint description being used.
            string securityPolicyUri = "";

            Uri url = new Uri(endpointUrl);

            foreach (EndpointDescription serverEndpoint in serverEndpoints)
            {
                Uri url2 = new Uri(serverEndpoint.EndpointUrl);

                if (url2.Scheme == url.Scheme && url2.Port == url.Port && url2.PathAndQuery == url.PathAndQuery)
                {
                    securityPolicyUri = serverEndpoint.SecurityPolicyUri;
                    break;
                }
            }

            // validate the server's signature.
            byte[] dataToSign = SecurityUtils.Append(m_clientCertificate.RawData, clientNonce);

            bool valid = SecurityUtils.Verify(
                new X509Certificate2(serverCertificateData),
                securityPolicyUri,
                dataToSign,
                serverSignature);

            if (!valid)
            {
                throw new StatusCodeException(
                          StatusCodes.BadSecurityChecksFailed,
                          "Server did not provide a correct signature for the nonce data provided by the client.");
            }

            // create the client signature.
            dataToSign = SecurityUtils.Append(serverCertificateData, m_serverNonce);

            SignatureData clientSignature = SecurityUtils.Sign(
                m_clientCertificate,
                securityPolicyUri,
                dataToSign);

            // use an anonymous user identity token.
            ExtensionObject userIdentityToken = new ExtensionObject(
                new ExpandedNodeId(Objects.AnonymousIdentityToken_Encoding_DefaultXml),
                new AnonymousIdentityToken());

            ListOfStatusCode     results;
            ListOfDiagnosticInfo diagnosticInfos;

            // activate the session.
            ActivateSession(
                CreateRequestHeader(),
                clientSignature,
                new ListOfSignedSoftwareCertificate(),
                new ListOfString(),
                null,
                null,
                out m_serverNonce,
                out results,
                out diagnosticInfos);
        }