|
public static Create ( byte encodedData, bool useCache ) : |
||
| encodedData | byte | The encoded data. |
| useCache | bool | if set to |
| return | ||
/// <summary>
/// Verifies a signature created with the token.
/// </summary>
public override bool Verify(byte[] dataToVerify, SignatureData signatureData, string securityPolicyUri)
{
try
{
X509Certificate2 certificate = m_certificate;
if (certificate == null)
{
certificate = CertificateFactory.Create(m_certificateData, true);
}
bool valid = SecurityPolicies.Verify(
certificate,
securityPolicyUri,
dataToVerify,
signatureData);
m_certificateData = certificate.RawData;
return(valid);
}
catch (Exception e)
{
throw ServiceResultException.Create(StatusCodes.BadIdentityTokenInvalid, e, "Could not verify user signature!");
}
}
/// <summary>
/// Validates a software certificate.
/// </summary>
public static ServiceResult Validate(
CertificateValidator validator,
byte[] signedCertificate,
out SoftwareCertificate softwareCertificate)
{
softwareCertificate = null;
// validate the certificate.
X509Certificate2 certificate = null;
try
{
certificate = CertificateFactory.Create(signedCertificate, true);
validator.Validate(certificate);
}
catch (Exception e)
{
return(ServiceResult.Create(e, StatusCodes.BadDecodingError, "Could not decode software certificate body."));
}
// find the software certficate.
byte[] encodedData = null;
foreach (X509Extension extension in certificate.Extensions)
{
if (extension.Oid.Value == "0.0.0.0.0")
{
encodedData = extension.RawData;
break;
}
}
if (encodedData == null)
{
return(ServiceResult.Create(StatusCodes.BadCertificateInvalid, "Could not find extension containing the software certficate."));
}
try
{
MemoryStream istrm = new MemoryStream(encodedData, false);
DataContractSerializer serializer = new DataContractSerializer(typeof(SoftwareCertificate));
softwareCertificate = (SoftwareCertificate)serializer.ReadObject(istrm);
softwareCertificate.SignedCertificate = certificate;
}
catch (Exception e)
{
return(ServiceResult.Create(e, StatusCodes.BadCertificateInvalid, "Certificate does not contain a valid SoftwareCertificate body."));
}
// certificate is valid.
return(ServiceResult.Good);
}
/// <summary>
/// Initializes the object with a UA identity token
/// </summary>
private void Initialize(UserIdentityToken token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
m_policyId = token.PolicyId;
UserNameIdentityToken usernameToken = token as UserNameIdentityToken;
if (usernameToken != null)
{
Initialize(new UserNameSecurityToken(usernameToken.UserName, usernameToken.DecryptedPassword));
return;
}
X509IdentityToken x509Token = token as X509IdentityToken;
if (x509Token != null)
{
X509Certificate2 certificate = CertificateFactory.Create(x509Token.CertificateData, true);
Initialize(new X509SecurityToken(certificate));
return;
}
IssuedIdentityToken wssToken = token as IssuedIdentityToken;
if (wssToken != null)
{
Initialize(wssToken, WSSecurityTokenSerializer.DefaultInstance, null);
return;
}
AnonymousIdentityToken anonymousToken = token as AnonymousIdentityToken;
if (anonymousToken != null)
{
m_tokenType = UserTokenType.Anonymous;
m_issuedTokenType = null;
m_displayName = "Anonymous";
m_token = null;
return;
}
throw new ArgumentException("Unrecognized UA user identity token type.", "token");
}
/// <summary>
/// Creates a signature with the token.
/// </summary>
public override SignatureData Sign(byte[] dataToSign, string securityPolicyUri)
{
X509Certificate2 certificate = m_certificate;
if (certificate == null)
{
certificate = CertificateFactory.Create(m_certificateData, true);
}
SignatureData signatureData = SecurityPolicies.Sign(
certificate,
securityPolicyUri,
dataToSign);
m_certificateData = certificate.GetRawCertData();
return(signatureData);
}
/// <summary>
/// Verifies a signature created with the token.
/// </summary>
public override bool Verify(byte[] dataToVerify, SignatureData signatureData, string securityPolicyUri)
{
X509Certificate2 certificate = m_certificate;
if (certificate == null)
{
certificate = CertificateFactory.Create(m_certificateData, true);
}
bool valid = SecurityPolicies.Verify(
certificate,
securityPolicyUri,
dataToVerify,
signatureData);
m_certificateData = certificate.GetRawCertData();
return(valid);
}
/// <summary>
/// Parses a blob with a list of DER encoded certificates.
/// </summary>
/// <param name="encodedData">The encoded data.</param>
/// <returns>
/// An object of <see cref="X509Certificate2Collection"/> containing <see cref="X509Certificate2"/>
/// certificates created from a buffer with DER encoded certificate
/// </returns>
/// <remarks>
/// Any supporting certificates found in the buffer are processed as well.
/// </remarks>
public static X509Certificate2Collection ParseBlob(byte[] encodedData)
{
if (!IsValidCertificateBlob(encodedData))
{
throw new CryptographicException("Primary certificate in blob is not valid.");
}
X509Certificate2Collection collection = new X509Certificate2Collection();
X509Certificate2 certificate = CertificateFactory.Create(encodedData, true);
collection.Add(certificate);
byte[] rawData = encodedData;
byte[] data = certificate.RawData;
int processedBytes = data.Length;
if (encodedData.Length < processedBytes)
{
byte[] buffer = new byte[encodedData.Length - processedBytes];
do
{
Array.Copy(encodedData, processedBytes, buffer, 0, encodedData.Length - processedBytes);
if (!IsValidCertificateBlob(buffer))
{
throw new CryptographicException("Supporting certificate in blob is not valid.");
}
X509Certificate2 issuerCertificate = CertificateFactory.Create(buffer, true);
collection.Add(issuerCertificate);
data = issuerCertificate.RawData;
processedBytes += data.Length;
}while (processedBytes < encodedData.Length);
}
return(collection);
}
/// <summary>
/// Initializes the object with a UA identity token
/// </summary>
private void Initialize(UserIdentityToken token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
m_token = token;
UserNameIdentityToken usernameToken = token as UserNameIdentityToken;
if (usernameToken != null)
{
m_tokenType = UserTokenType.UserName;
m_issuedTokenType = null;
m_displayName = usernameToken.UserName;
return;
}
X509IdentityToken x509Token = token as X509IdentityToken;
if (x509Token != null)
{
m_tokenType = UserTokenType.Certificate;
m_issuedTokenType = null;
if (x509Token.Certificate != null)
{
m_displayName = x509Token.Certificate.Subject;
}
else
{
X509Certificate2 cert = CertificateFactory.Create(x509Token.CertificateData, true);
m_displayName = cert.Subject;
}
return;
}
IssuedIdentityToken issuedToken = token as IssuedIdentityToken;
if (issuedToken != null)
{
if (issuedToken.IssuedTokenType == Ua.IssuedTokenType.JWT)
{
if (issuedToken.DecryptedTokenData == null || issuedToken.DecryptedTokenData.Length == 0)
{
throw new ArgumentException("JSON Web Token has no data associated with it.", "token");
}
m_tokenType = UserTokenType.IssuedToken;
m_issuedTokenType = new XmlQualifiedName("", Opc.Ua.Profiles.JwtUserToken);
m_displayName = "JWT";
return;
}
else
{
throw new NotSupportedException("Only JWT Issued Tokens are supported!");
}
}
AnonymousIdentityToken anonymousToken = token as AnonymousIdentityToken;
if (anonymousToken != null)
{
m_tokenType = UserTokenType.Anonymous;
m_issuedTokenType = null;
m_displayName = "Anonymous";
return;
}
throw new ArgumentException("Unrecognized UA user identity token type.", "token");
}
