private void UnregisterButton_Click(object sender, EventArgs e)
{
try
{
if (ApplicationRecordDataGridView.SelectedRows.Count == 0)
{
return;
}
List <DataRow> rowsToDelete = new List <DataRow>();
foreach (DataGridViewRow row in ApplicationRecordDataGridView.SelectedRows)
{
DataRowView source = row.DataBoundItem as DataRowView;
ApplicationRecordDataType argument = (ApplicationRecordDataType)source.Row[6];
m_gds.UnregisterApplication(argument.ApplicationId);
rowsToDelete.Add(source.Row);
}
foreach (var rowToDelete in rowsToDelete)
{
rowToDelete.Delete();
}
m_dataset.AcceptChanges();
}
catch (Exception ex)
{
Opc.Ua.Client.Controls.ExceptionDlg.Show(Text, ex);
}
}
private string[] GetDefaultDomainNames(ApplicationRecordDataType application)
{
List <string> names = new List <string>();
if (application.DiscoveryUrls != null && application.DiscoveryUrls.Count > 0)
{
foreach (var discoveryUrl in application.DiscoveryUrls)
{
if (Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute))
{
Uri url = new Uri(discoveryUrl);
foreach (var name in names)
{
if (Utils.AreDomainsEqual(name, url.DnsSafeHost))
{
url = null;
break;
}
}
if (url != null)
{
names.Add(url.DnsSafeHost);
}
}
}
}
return(names.ToArray());
}
private void RegisterPushServerApplication(string discoveryUrl)
{
if (_applicationRecord == null && discoveryUrl != null)
{
EndpointDescription endpointDescription = CoreClientUtils.SelectEndpoint(discoveryUrl, true);
ApplicationDescription description = endpointDescription.Server;
_applicationRecord = new ApplicationRecordDataType
{
ApplicationNames = new LocalizedTextCollection {
description.ApplicationName
},
ApplicationUri = description.ApplicationUri,
ApplicationType = description.ApplicationType,
ProductUri = description.ProductUri,
DiscoveryUrls = description.DiscoveryUrls,
ServerCapabilities = new StringCollection {
"NA"
},
};
}
Assert.IsNotNull(_applicationRecord);
Assert.IsNull(_applicationRecord.ApplicationId);
NodeId id = _gdsClient.GDSClient.RegisterApplication(_applicationRecord);
Assert.IsNotNull(id);
_applicationRecord.ApplicationId = id;
// add issuer and trusted certs to client stores
NodeId trustListId = _gdsClient.GDSClient.GetTrustList(id, null);
var trustList = _gdsClient.GDSClient.ReadTrustList(trustListId);
AddTrustListToStore(_gdsClient.Config.SecurityConfiguration, trustList);
AddTrustListToStore(_pushClient.Config.SecurityConfiguration, trustList);
}
public string ServerCapabilities(ApplicationRecordDataType application)
{
if (application.ApplicationType != ApplicationType.Client)
{
if (application.ServerCapabilities == null || application.ServerCapabilities.Count == 0)
{
throw new ArgumentException("At least one Server Capability must be provided.", "ServerCapabilities");
}
}
StringBuilder capabilities = new StringBuilder();
if (application.ServerCapabilities != null)
{
application.ServerCapabilities.Sort();
foreach (var capability in application.ServerCapabilities)
{
if (String.IsNullOrEmpty(capability))
{
continue;
}
if (capabilities.Length > 0)
{
capabilities.Append(',');
}
capabilities.Append(capability);
}
}
return(capabilities.ToString());
}
public virtual async Task <X509Certificate2> SigningRequestAsync(
ApplicationRecordDataType application,
string[] domainNames,
byte[] certificateRequest)
{
Pkcs10CertificationRequest pkcs10CertificationRequest = new Pkcs10CertificationRequest(certificateRequest);
CertificationRequestInfo info = pkcs10CertificationRequest.GetCertificationRequestInfo();
DateTime yesterday = DateTime.UtcNow.AddDays(-1);
return(CertificateFactory.CreateCertificate(
null,
null,
null,
application.ApplicationUri ?? "urn:ApplicationURI",
application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName",
info.Subject.ToString(),
domainNames,
Configuration.DefaultCertificateKeySize,
yesterday,
Configuration.DefaultCertificateLifetime,
Configuration.DefaultCertificateHashSize,
false,
await LoadSigningKeyAsync(Certificate, string.Empty),
info.SubjectPublicKeyInfo.GetEncoded()));
}
public void RegisterDuplicateGoodApplications()
{
AssertIgnoreTestWithoutGoodRegistration();
ConnectGDS(true);
foreach (var application in _goodApplicationTestSet)
{
ApplicationRecordDataType newRecord = (ApplicationRecordDataType)application.ApplicationRecord.MemberwiseClone();
newRecord.ApplicationId = null;
NodeId id = _gdsClient.GDSClient.RegisterApplication(newRecord);
Assert.NotNull(id);
Assert.IsFalse(id.IsNullNodeId);
Assert.That(id.IdType == IdType.Guid || id.IdType == IdType.String);
newRecord.ApplicationId = id;
var applicationDataRecords = _gdsClient.GDSClient.FindApplication(newRecord.ApplicationUri);
Assert.NotNull(applicationDataRecords);
bool newIdFound = false;
bool registeredIdFound = false;
foreach (var applicationDataRecord in applicationDataRecords)
{
if (applicationDataRecord.ApplicationId == newRecord.ApplicationId)
{
_gdsClient.GDSClient.UnregisterApplication(id);
newIdFound = true;
}
else if (applicationDataRecord.ApplicationId == application.ApplicationRecord.ApplicationId)
{
registeredIdFound = true;
}
}
Assert.IsTrue(newIdFound);
Assert.IsTrue(registeredIdFound);
}
}
/// <summary>
/// Creates a new key pair with certificate offline and signs it with KeyVault.
/// </summary>
public override async Task <Opc.Ua.Gds.Server.X509Certificate2KeyPair> NewKeyPairRequestAsync(
ApplicationRecordDataType application,
string subjectName,
string[] domainNames,
string privateKeyFormat,
string privateKeyPassword)
{
if (!privateKeyFormat.Equals("PFX", StringComparison.OrdinalIgnoreCase) &&
!privateKeyFormat.Equals("PEM", StringComparison.OrdinalIgnoreCase))
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format");
}
DateTime notBefore = DateTime.UtcNow.AddDays(-1);
// create public/private key pair
using (RSA keyPair = RSA.Create(Configuration.DefaultCertificateKeySize))
{
await LoadPublicAssets().ConfigureAwait(false);
string authorityInformationAccess = BuildAuthorityInformationAccessUrl();
// sign public key with KeyVault
var signedCert = await KeyVaultCertFactory.CreateSignedCertificate(
application.ApplicationUri,
application.ApplicationNames.Count > 0?application.ApplicationNames[0].Text : "ApplicationName",
subjectName,
domainNames,
Configuration.DefaultCertificateKeySize,
notBefore,
notBefore.AddMonths(Configuration.DefaultCertificateLifetime),
Configuration.DefaultCertificateHashSize,
Certificate,
keyPair,
new KeyVaultSignatureGenerator(_keyVaultServiceClient, _caCertKeyIdentifier, Certificate),
extensionUrl : authorityInformationAccess);
// Create a PEM or PFX
using (var signedCertWithPrivateKey = CreateCertificateWithPrivateKey(signedCert, keyPair))
{
byte[] privateKey;
if (privateKeyFormat.Equals("PFX", StringComparison.OrdinalIgnoreCase))
{
privateKey = signedCertWithPrivateKey.Export(X509ContentType.Pfx, privateKeyPassword);
}
else if (privateKeyFormat.Equals("PEM", StringComparison.OrdinalIgnoreCase))
{
privateKey = CertificateFactory.ExportPrivateKeyAsPEM(signedCertWithPrivateKey);
}
else
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format");
}
return(new Opc.Ua.Gds.Server.X509Certificate2KeyPair(new X509Certificate2(signedCertWithPrivateKey.RawData), privateKeyFormat, privateKey));
}
}
}
private ServiceResult OnGetApplication(
ISystemContext context,
MethodState method,
NodeId objectId,
NodeId applicationId,
ref ApplicationRecordDataType application)
{
HasApplicationUserAccess(context);
Utils.Trace(Utils.TraceMasks.Information, "OnGetApplication: {0}", applicationId);
application = m_database.GetApplication(applicationId);
return(ServiceResult.Good);
}
/// <summary>
/// Updates the application.
/// </summary>
/// <param name="application">The application.</param>
public void UpdateApplication(ApplicationRecordDataType application)
{
if (!IsConnected)
{
Connect();
}
Session.Call(
ExpandedNodeId.ToNodeId(Opc.Ua.Gds.ObjectIds.Directory, Session.NamespaceUris),
ExpandedNodeId.ToNodeId(Opc.Ua.Gds.MethodIds.Directory_UpdateApplication, Session.NamespaceUris),
application);
}
private void Initialize()
{
ApplicationRecord = new ApplicationRecordDataType();
CertificateGroupId = null;
CertificateTypeId = null;
CertificateRequestId = null;
DomainNames = new StringCollection();
Subject = null;
PrivateKeyFormat = "PFX";
PrivateKeyPassword = "";
Certificate = null;
PrivateKey = null;
IssuerCertificates = null;
}
private ServiceResult OnRegisterApplication(
ISystemContext context,
MethodState method,
NodeId objectId,
ApplicationRecordDataType application,
ref NodeId applicationId)
{
HasApplicationAdminAccess(context);
Utils.Trace(Utils.TraceMasks.Information, "OnRegisterApplication: {0}", application.ApplicationUri);
applicationId = m_database.RegisterApplication(application);
return(ServiceResult.Good);
}
/// <summary>
/// Creates a new key pair as KeyVault certificate and signs it with KeyVault.
/// </summary>
public async Task <Opc.Ua.Gds.Server.X509Certificate2KeyPair> NewKeyPairRequestKeyVaultCertAsync(
ApplicationRecordDataType application,
string subjectName,
string[] domainNames,
string privateKeyFormat,
string privateKeyPassword)
{
await LoadPublicAssets().ConfigureAwait(false);
DateTime notBefore = TrimmedNotBeforeDate();
DateTime notAfter = notBefore.AddMonths(Configuration.DefaultCertificateLifetime);
string authorityInformationAccess = BuildAuthorityInformationAccessUrl();
// create new cert with KeyVault
using (var signedCertWithPrivateKey = await _keyVaultServiceClient.CreateSignedKeyPairCertAsync(
Configuration.Id,
Certificate,
application.ApplicationUri,
application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName",
subjectName,
domainNames,
notBefore,
notAfter,
Configuration.DefaultCertificateKeySize,
Configuration.DefaultCertificateHashSize,
new KeyVaultSignatureGenerator(_keyVaultServiceClient, _caCertKeyIdentifier, Certificate),
authorityInformationAccess
).ConfigureAwait(false))
{
byte[] privateKey;
if (privateKeyFormat == "PFX")
{
privateKey = signedCertWithPrivateKey.Export(X509ContentType.Pfx, privateKeyPassword);
}
else if (privateKeyFormat == "PEM")
{
privateKey = CertificateFactory.ExportPrivateKeyAsPEM(signedCertWithPrivateKey);
}
else
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format");
}
return(new Opc.Ua.Gds.Server.X509Certificate2KeyPair(new X509Certificate2(signedCertWithPrivateKey.RawData), privateKeyFormat, privateKey));
}
}
public IList <ApplicationTestData> ApplicationTestSet(int count, bool invalidateSet)
{
var testDataSet = new List <ApplicationTestData>();
for (int i = 0; i < count; i++)
{
var testData = RandomApplicationTestData();
if (invalidateSet)
{
ApplicationRecordDataType appRecord = testData.ApplicationRecord;
appRecord.ApplicationId = new NodeId(Guid.NewGuid());
switch (i % 4)
{
case 0:
appRecord.ApplicationUri = _dataGenerator.GetRandomString();
break;
case 1:
appRecord.ApplicationType = (ApplicationType)_randomSource.NextInt32(100) + 8;
break;
case 2:
appRecord.ProductUri = _dataGenerator.GetRandomString();
break;
case 3:
appRecord.DiscoveryUrls = appRecord.ApplicationType == ApplicationType.Client ?
RandomDiscoveryUrl(new StringCollection {
"xxxyyyzzz"
}, _randomSource.NextInt32(0x7fff), "TestClient") : null;
break;
case 4:
appRecord.ServerCapabilities = appRecord.ApplicationType == ApplicationType.Client ?
RandomServerCapabilities() : null;
break;
case 5:
appRecord.ApplicationId = new NodeId(100);
break;
}
}
testDataSet.Add(testData);
}
return(testDataSet);
}
private string GetSubjectName(ApplicationRecordDataType application, CertificateGroup certificateGroup, string subjectName)
{
bool contextFound = false;
var fields = Utils.ParseDistinguishedName(subjectName);
StringBuilder builder = new StringBuilder();
foreach (var field in fields)
{
if (builder.Length > 0)
{
builder.Append(",");
}
if (field.StartsWith("CN=", StringComparison.Ordinal))
{
if (certificateGroup.Id == DefaultHttpsGroupId)
{
var error = CheckHttpsDomain(application, field.Substring(3));
if (StatusCode.IsBad(error.StatusCode))
{
builder.Append("CN=");
builder.Append(GetDefaultHttpsDomain(application));
continue;
}
}
}
contextFound |= (field.StartsWith("DC=", StringComparison.Ordinal) || field.StartsWith("O=", StringComparison.Ordinal));
builder.Append(field);
}
if (!contextFound)
{
if (!String.IsNullOrEmpty(m_configuration.DefaultSubjectNameContext))
{
builder.Append(m_configuration.DefaultSubjectNameContext);
}
}
return(builder.ToString());
}
/// <summary>
/// Create a certificate with a new key pair signed by the CA of the cert group.
/// </summary>
/// <param name="application">The application record.</param>
/// <param name="subjectName">The subject of the certificate.</param>
/// <param name="domainNames">The domain names for the subject alt name extension.</param>
/// <param name="privateKeyFormat">The private key format as PFX or PEM.</param>
/// <param name="privateKeyPassword">A password for the private key.</param>
public virtual async Task <X509Certificate2KeyPair> NewKeyPairRequestAsync(
ApplicationRecordDataType application,
string subjectName,
string[] domainNames,
string privateKeyFormat,
string privateKeyPassword)
{
if (application == null)
{
throw new ArgumentNullException(nameof(application));
}
if (application.ApplicationUri == null)
{
throw new ArgumentNullException(nameof(application.ApplicationUri));
}
if (application.ApplicationNames == null)
{
throw new ArgumentNullException(nameof(application.ApplicationNames));
}
using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty).ConfigureAwait(false))
using (var certificate = CertificateFactory.CreateCertificate(
application.ApplicationUri,
application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName",
subjectName,
domainNames)
.SetIssuer(signingKey)
.CreateForRSA())
{
byte[] privateKey;
if (privateKeyFormat == "PFX")
{
privateKey = certificate.Export(X509ContentType.Pfx, privateKeyPassword);
}
else if (privateKeyFormat == "PEM")
{
privateKey = PEMWriter.ExportPrivateKeyAsPEM(certificate, privateKeyPassword);
}
else
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format");
}
return(new X509Certificate2KeyPair(new X509Certificate2(certificate.RawData), privateKeyFormat, privateKey));
}
}
/// <summary>
/// Registers the application.
/// </summary>
/// <param name="application">The application.</param>
/// <returns>The application id assigned to the application.</returns>
public NodeId RegisterApplication(ApplicationRecordDataType application)
{
if (!IsConnected)
{
Connect();
}
var outputArguments = Session.Call(
ExpandedNodeId.ToNodeId(Opc.Ua.Gds.ObjectIds.Directory, Session.NamespaceUris),
ExpandedNodeId.ToNodeId(Opc.Ua.Gds.MethodIds.Directory_RegisterApplication, Session.NamespaceUris),
application);
if (outputArguments.Count >= 1)
{
return(outputArguments[0] as NodeId);
}
return(null);
}
private string GetDefaultHttpsDomain(ApplicationRecordDataType application)
{
if (application.DiscoveryUrls != null)
{
foreach (var discoveryUrl in application.DiscoveryUrls)
{
if (Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute))
{
Uri url = new Uri(discoveryUrl);
if (url.Scheme == Utils.UriSchemeHttps)
{
return(url.DnsSafeHost);
}
}
}
}
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Cannot issue HTTPS certificates to server applications without a HTTPS discovery URL.");
}
private ServiceResult OnUpdateApplication(
ISystemContext context,
MethodState method,
NodeId objectId,
ApplicationRecordDataType application)
{
HasApplicationAdminAccess(context);
Utils.Trace(Utils.TraceMasks.Information, "OnUpdateApplication: {0}", application.ApplicationUri);
var record = m_database.GetApplication(application.ApplicationId);
if (record == null)
{
return(new ServiceResult(StatusCodes.BadNotFound, "The application id does not exist."));
}
m_database.RegisterApplication(application);
return(ServiceResult.Good);
}
public virtual async Task <X509Certificate2KeyPair> NewKeyPairRequestAsync(
ApplicationRecordDataType application,
string subjectName,
string[] domainNames,
string privateKeyFormat,
string privateKeyPassword)
{
using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty))
using (var certificate = CertificateFactory.CreateCertificate(
null,
null,
null,
application.ApplicationUri ?? "urn:ApplicationURI",
application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName",
subjectName,
domainNames,
Configuration.DefaultCertificateKeySize,
DateTime.UtcNow.AddDays(-1),
Configuration.DefaultCertificateLifetime,
Configuration.DefaultCertificateHashSize,
false,
signingKey,
null))
{
byte[] privateKey;
if (privateKeyFormat == "PFX")
{
privateKey = certificate.Export(X509ContentType.Pfx, privateKeyPassword);
}
else if (privateKeyFormat == "PEM")
{
privateKey = CertificateFactory.ExportPrivateKeyAsPEM(certificate);
}
else
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format");
}
return(new X509Certificate2KeyPair(new X509Certificate2(certificate.RawData), privateKeyFormat, privateKey));
}
}
public virtual async Task <X509Certificate2> NewKeyPairRequestAsync(
ApplicationRecordDataType application,
string subjectName,
string[] domainNames,
string privateKeyFormat,
string privateKeyPassword)
{
return(CertificateFactory.CreateCertificate(
null,
null,
null,
application.ApplicationUri ?? "urn:ApplicationURI",
application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName",
subjectName,
domainNames,
Configuration.DefaultCertificateKeySize,
DateTime.UtcNow.AddDays(-1),
Configuration.DefaultCertificateLifetime,
Configuration.DefaultCertificateHashSize,
false,
await LoadSigningKeyAsync(Certificate, string.Empty),
null));
}
public virtual Task VerifySigningRequestAsync(
ApplicationRecordDataType application,
byte[] certificateRequest)
{
try
{
var pkcs10CertificationRequest = new Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest(certificateRequest);
if (!pkcs10CertificationRequest.Verify())
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "CSR signature invalid.");
}
var info = pkcs10CertificationRequest.GetCertificationRequestInfo();
var altNameExtension = GetAltNameExtensionFromCSRInfo(info);
if (altNameExtension != null)
{
if (altNameExtension.Uris.Count > 0)
{
if (!altNameExtension.Uris.Contains(application.ApplicationUri))
{
throw new ServiceResultException(StatusCodes.BadCertificateUriInvalid,
"CSR AltNameExtension does not match " + application.ApplicationUri);
}
}
}
return(Task.CompletedTask);
}
catch (Exception ex)
{
if (ex is ServiceResultException)
{
throw ex as ServiceResultException;
}
throw new ServiceResultException(StatusCodes.BadInvalidArgument, ex.Message);
}
}
private ServiceResult CheckHttpsDomain(ApplicationRecordDataType application, string commonName)
{
if (application.ApplicationType == ApplicationType.Client)
{
return(new ServiceResult(StatusCodes.BadInvalidArgument, "Cannot issue HTTPS certificates to client applications."));
}
bool found = false;
if (application.DiscoveryUrls != null)
{
foreach (var discoveryUrl in application.DiscoveryUrls)
{
if (Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute))
{
Uri url = new Uri(discoveryUrl);
if (url.Scheme == Utils.UriSchemeHttps)
{
if (Utils.AreDomainsEqual(commonName, url.DnsSafeHost))
{
found = true;
break;
}
}
}
}
}
if (!found)
{
return(new ServiceResult(StatusCodes.BadInvalidArgument, "Cannot issue HTTPS certificates to server applications without a matching HTTPS discovery URL."));
}
return(ServiceResult.Good);
}
public override NodeId RegisterApplication(
ApplicationRecordDataType application
)
{
NodeId appNodeId = base.RegisterApplication(application);
if (NodeId.IsNull(appNodeId))
{
appNodeId = new NodeId(Guid.NewGuid(), NamespaceIndex);
}
Guid applicationId = GetNodeIdGuid(appNodeId);
string capabilities = base.ServerCapabilities(application);
lock (Lock)
{
Application record = null;
if (applicationId != Guid.Empty)
{
var results = from ii in Applications
where ii.ApplicationId == applicationId
select ii;
record = results.SingleOrDefault();
if (record != null)
{
var endpoints = (from ii in ServerEndpoints
where ii.ApplicationId == record.ApplicationId
select ii).ToList <ServerEndpoint>();
foreach (var endpoint in endpoints)
{
ServerEndpoints.Remove(endpoint);
}
var names = (from ii in ApplicationNames
where ii.ApplicationId == record.ApplicationId
select ii).ToList <ApplicationName>();
foreach (var name in names)
{
ApplicationNames.Remove(name);
}
SaveChanges();
}
}
bool isNew = false;
if (record == null)
{
applicationId = Guid.NewGuid();
record = new Application()
{
ApplicationId = applicationId,
ID = 0
};
isNew = true;
}
record.ApplicationUri = application.ApplicationUri;
record.ApplicationName = application.ApplicationNames[0].Text;
record.ApplicationType = (int)application.ApplicationType;
record.ProductUri = application.ProductUri;
record.ServerCapabilities = capabilities;
if (isNew)
{
Applications.Add(record);
}
SaveChanges();
if (application.DiscoveryUrls != null)
{
foreach (var discoveryUrl in application.DiscoveryUrls)
{
ServerEndpoints.Add(
new ServerEndpoint()
{
ApplicationId = record.ApplicationId,
DiscoveryUrl = discoveryUrl
});
}
}
if (application.ApplicationNames != null && application.ApplicationNames.Count > 0)
{
foreach (var applicationName in application.ApplicationNames)
{
ApplicationNames.Add(new ApplicationName()
{
ApplicationId = record.ApplicationId,
Locale = applicationName.Locale,
Text = applicationName.Text
});
}
}
SaveChanges();
return(new NodeId(applicationId, NamespaceIndex));
}
}
public virtual NodeId RegisterApplication(
ApplicationRecordDataType application
)
{
if (application == null)
{
throw new ArgumentNullException(nameof(application));
}
if (application.ApplicationUri == null)
{
throw new ArgumentNullException("ApplicationUri");
}
if (!Uri.IsWellFormedUriString(application.ApplicationUri, UriKind.Absolute))
{
throw new ArgumentException(application.ApplicationUri + " is not a valid URI.", "ApplicationUri");
}
if (application.ApplicationType < ApplicationType.Server || application.ApplicationType > ApplicationType.DiscoveryServer)
{
throw new ArgumentException(application.ApplicationType.ToString() + " is not a valid ApplicationType.", "ApplicationType");
}
if (application.ApplicationNames == null || application.ApplicationNames.Count == 0 || LocalizedText.IsNullOrEmpty(application.ApplicationNames[0]))
{
throw new ArgumentException("At least one ApplicationName must be provided.", "ApplicationNames");
}
if (String.IsNullOrEmpty(application.ProductUri))
{
throw new ArgumentException("A ProductUri must be provided.", "ProductUri");
}
if (!Uri.IsWellFormedUriString(application.ProductUri, UriKind.Absolute))
{
throw new ArgumentException(application.ProductUri + " is not a valid URI.", "ProductUri");
}
if (application.DiscoveryUrls != null)
{
foreach (var discoveryUrl in application.DiscoveryUrls)
{
if (String.IsNullOrEmpty(discoveryUrl))
{
continue;
}
if (!Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute))
{
throw new ArgumentException(discoveryUrl + " is not a valid URL.", "DiscoveryUrls");
}
}
}
if (application.ApplicationType != ApplicationType.Client)
{
if (application.DiscoveryUrls == null || application.DiscoveryUrls.Count == 0)
{
throw new ArgumentException("At least one DiscoveryUrl must be provided.", "DiscoveryUrls");
}
if (application.ServerCapabilities == null || application.ServerCapabilities.Count == 0)
{
application.ServerCapabilities = new StringCollection()
{
"NA"
};
}
}
else
{
if (application.DiscoveryUrls != null && application.DiscoveryUrls.Count > 0)
{
throw new ArgumentException("DiscoveryUrls must not be specified for clients.", "DiscoveryUrls");
}
}
NodeId nodeId = new NodeId();
if (!NodeId.IsNull(application.ApplicationId))
{
// verify node integrity
switch (application.ApplicationId.IdType)
{
case IdType.Guid:
nodeId = new NodeId((Guid)application.ApplicationId.Identifier, NamespaceIndex);
break;
case IdType.String:
nodeId = new NodeId((string)application.ApplicationId.Identifier, NamespaceIndex);
break;
default:
throw new ArgumentException("The ApplicationId has invalid type {0}", application.ApplicationId.ToString());
}
}
return(nodeId);
}
public NodeId RegisterApplication(ApplicationRecordDataType application)
{
if (application == null)
{
throw new ArgumentNullException(nameof(application));
}
if (application.ApplicationUri == null)
{
throw new ArgumentNullException("ApplicationUri");
}
if (!Uri.IsWellFormedUriString(application.ApplicationUri, UriKind.Absolute))
{
throw new ArgumentException(application.ApplicationUri + " is not a valid URI.", "ApplicationUri");
}
if (application.ApplicationType < ApplicationType.Server || application.ApplicationType > ApplicationType.DiscoveryServer)
{
throw new ArgumentException(application.ApplicationType.ToString() + " is not a valid ApplicationType.", "ApplicationType");
}
if (application.ApplicationNames == null || application.ApplicationNames.Count == 0 || LocalizedText.IsNullOrEmpty(application.ApplicationNames[0]))
{
throw new ArgumentException("At least one ApplicationName must be provided.", "ApplicationNames");
}
if (String.IsNullOrEmpty(application.ProductUri))
{
throw new ArgumentException("A ProductUri must be provided.", "ProductUri");
}
if (!Uri.IsWellFormedUriString(application.ProductUri, UriKind.Absolute))
{
throw new ArgumentException(application.ProductUri + " is not a valid URI.", "ProductUri");
}
if (application.DiscoveryUrls != null)
{
foreach (var discoveryUrl in application.DiscoveryUrls)
{
if (String.IsNullOrEmpty(discoveryUrl))
{
continue;
}
if (!Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute))
{
throw new ArgumentException(discoveryUrl + " is not a valid URL.", "DiscoveryUrls");
}
}
}
if (application.ApplicationType != ApplicationType.Client)
{
if (application.DiscoveryUrls == null || application.DiscoveryUrls.Count == 0)
{
throw new ArgumentException("At least one DiscoveryUrl must be provided.", "DiscoveryUrls");
}
}
else
{
if (application.DiscoveryUrls != null && application.DiscoveryUrls.Count > 0)
{
throw new ArgumentException("DiscoveryUrls must not be specified for clients.", "DiscoveryUrls");
}
}
StringBuilder capabilities = new StringBuilder();
if (application.ServerCapabilities != null)
{
foreach (var capability in application.ServerCapabilities)
{
if (String.IsNullOrEmpty(capability))
{
continue;
}
if (capabilities.Length > 0)
{
capabilities.Append(',');
}
capabilities.Append(capability);
}
}
if (application.ApplicationType != ApplicationType.Client)
{
if (application.ServerCapabilities == null || application.ServerCapabilities.Count == 0)
{
throw new ArgumentException("At least one Server Capability must be provided.", "ServerCapabilities");
}
}
Guid applicationId = Guid.Empty;
if (!NodeId.IsNull(application.ApplicationId))
{
if (application.ApplicationId.IdType != IdType.Guid)
{
throw new ArgumentException("The ApplicationId to does refer to a existing record.", "ApplicationId");
}
applicationId = (Guid)application.ApplicationId.Identifier;
}
using (gdsdbEntities entities = new gdsdbEntities())
{
Application record = null;
if (applicationId != Guid.Empty)
{
var results = from ii in entities.Applications
where ii.ApplicationId == applicationId
select ii;
record = results.SingleOrDefault();
if (record != null)
{
var endpoints = from ii in entities.ServerEndpoints
where ii.ApplicationId == record.ID
select ii;
foreach (var endpoint in endpoints)
{
entities.ServerEndpoints.Remove(endpoint);
}
var names = from ii in entities.ApplicationNames
where ii.ApplicationId == record.ID
select ii;
foreach (var name in names)
{
entities.ApplicationNames.Remove(name);
}
entities.SaveChanges();
}
}
bool isNew = false;
if (record == null)
{
record = new Application()
{
ApplicationId = Guid.NewGuid()
};
isNew = true;
}
record.ApplicationUri = application.ApplicationUri;
record.ApplicationName = application.ApplicationNames[0].Text;
record.ApplicationType = (int)application.ApplicationType;
record.ProductUri = application.ProductUri;
record.ServerCapabilities = capabilities.ToString();
if (isNew)
{
entities.Applications.Add(record);
}
entities.SaveChanges();
if (application.DiscoveryUrls != null)
{
foreach (var discoveryUrl in application.DiscoveryUrls)
{
entities.ServerEndpoints.Add(new ServerEndpoint()
{
ApplicationId = record.ID, DiscoveryUrl = discoveryUrl
});
}
}
if (application.ApplicationNames != null && application.ApplicationNames.Count > 1)
{
foreach (var applicationName in application.ApplicationNames)
{
entities.ApplicationNames.Add(new ApplicationName()
{
ApplicationId = record.ID, Locale = applicationName.Locale, Text = applicationName.Text
});
}
}
entities.SaveChanges();
return(new NodeId(record.ApplicationId, NamespaceIndex));
}
}
public virtual async Task <X509Certificate2> SigningRequestAsync(
ApplicationRecordDataType application,
string[] domainNames,
byte[] certificateRequest)
{
try
{
var pkcs10CertificationRequest = new Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest(certificateRequest);
if (!pkcs10CertificationRequest.Verify())
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "CSR signature invalid.");
}
var info = pkcs10CertificationRequest.GetCertificationRequestInfo();
var altNameExtension = GetAltNameExtensionFromCSRInfo(info);
if (altNameExtension != null)
{
if (altNameExtension.Uris.Count > 0)
{
if (!altNameExtension.Uris.Contains(application.ApplicationUri))
{
throw new ServiceResultException(StatusCodes.BadCertificateUriInvalid,
"CSR AltNameExtension does not match " + application.ApplicationUri);
}
}
if (altNameExtension.IPAddresses.Count > 0 || altNameExtension.DomainNames.Count > 0)
{
var domainNameList = new List <string>();
domainNameList.AddRange(altNameExtension.DomainNames);
domainNameList.AddRange(altNameExtension.IPAddresses);
domainNames = domainNameList.ToArray();
}
}
DateTime yesterday = DateTime.UtcNow.AddDays(-1);
using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty))
{
return(CertificateFactory.CreateCertificate(
null,
null,
null,
application.ApplicationUri ?? "urn:ApplicationURI",
application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName",
info.Subject.ToString(),
domainNames,
Configuration.DefaultCertificateKeySize,
yesterday,
Configuration.DefaultCertificateLifetime,
Configuration.DefaultCertificateHashSize,
false,
signingKey,
info.SubjectPublicKeyInfo.GetEncoded()));
}
}
catch (Exception ex)
{
if (ex is ServiceResultException)
{
throw ex as ServiceResultException;
}
throw new ServiceResultException(StatusCodes.BadInvalidArgument, ex.Message);
}
}
public virtual NodeId RegisterApplication(
ApplicationRecordDataType application
)
{
if (application == null)
{
throw new ArgumentNullException(nameof(application));
}
if (application.ApplicationUri == null)
{
throw new ArgumentNullException("ApplicationUri");
}
if (!Uri.IsWellFormedUriString(application.ApplicationUri, UriKind.Absolute))
{
throw new ArgumentException(application.ApplicationUri + " is not a valid URI.", "ApplicationUri");
}
if (application.ApplicationType < ApplicationType.Server || application.ApplicationType > ApplicationType.DiscoveryServer)
{
throw new ArgumentException(application.ApplicationType.ToString() + " is not a valid ApplicationType.", "ApplicationType");
}
if (application.ApplicationNames == null || application.ApplicationNames.Count == 0 || LocalizedText.IsNullOrEmpty(application.ApplicationNames[0]))
{
throw new ArgumentException("At least one ApplicationName must be provided.", "ApplicationNames");
}
if (String.IsNullOrEmpty(application.ProductUri))
{
throw new ArgumentException("A ProductUri must be provided.", "ProductUri");
}
if (!Uri.IsWellFormedUriString(application.ProductUri, UriKind.Absolute))
{
throw new ArgumentException(application.ProductUri + " is not a valid URI.", "ProductUri");
}
if (application.DiscoveryUrls != null)
{
foreach (var discoveryUrl in application.DiscoveryUrls)
{
if (String.IsNullOrEmpty(discoveryUrl))
{
continue;
}
if (!Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute))
{
throw new ArgumentException(discoveryUrl + " is not a valid URL.", "DiscoveryUrls");
}
}
}
if (application.ApplicationType != ApplicationType.Client)
{
if (application.DiscoveryUrls == null || application.DiscoveryUrls.Count == 0)
{
throw new ArgumentException("At least one DiscoveryUrl must be provided.", "DiscoveryUrls");
}
if (application.ServerCapabilities == null || application.ServerCapabilities.Count == 0)
{
throw new ArgumentException("At least one Server Capability must be provided.", "ServerCapabilities");
}
}
else
{
if (application.DiscoveryUrls != null && application.DiscoveryUrls.Count > 0)
{
throw new ArgumentException("DiscoveryUrls must not be specified for clients.", "DiscoveryUrls");
}
}
Guid applicationId = Guid.Empty;
if (!NodeId.IsNull(application.ApplicationId))
{
if (application.ApplicationId.IdType != IdType.Guid)
{
throw new ArgumentException("The ApplicationId has not the type Guid.", "ApplicationId");
}
applicationId = (Guid)application.ApplicationId.Identifier;
}
return(new NodeId(applicationId, NamespaceIndex));
}
public NodeId RegisterApplication(ApplicationRecordDataType application)
{
NodeId appNodeId = application.ApplicationId;
if (NodeId.IsNull(appNodeId))
{
appNodeId = new NodeId(Guid.NewGuid(), NamespaceIndex);
}
Guid applicationId = (Guid)appNodeId.Identifier;
StringBuilder capabilities = new StringBuilder();
application.ServerCapabilities.Sort();
foreach (string capability in application.ServerCapabilities)
{
if (string.IsNullOrEmpty(capability))
{
continue;
}
if (capabilities.Length > 0)
{
capabilities.Append(',');
}
capabilities.Append(capability);
}
lock (Lock)
{
Application record = null;
if (applicationId != Guid.Empty)
{
IEnumerable <Application> results = from x in Applications
where x.ApplicationId == applicationId
select x;
record = results.SingleOrDefault();
if (record != null)
{
List <ServerEndpoint> endpoints = (from ii in ServerEndpoints
where ii.ApplicationId == record.ApplicationId
select ii).ToList();
foreach (var endpoint in endpoints)
{
ServerEndpoints.Remove(endpoint);
}
List <ApplicationName> names = (from ii in ApplicationNames
where ii.ApplicationId == record.ApplicationId
select ii).ToList();
foreach (var name in names)
{
ApplicationNames.Remove(name);
}
SaveChanges();
}
}
bool isNew = false;
if (record == null)
{
applicationId = Guid.NewGuid();
record = new Application()
{
ApplicationId = applicationId,
ID = 0
};
isNew = true;
}
record.ApplicationUri = application.ApplicationUri;
record.ApplicationName = application.ApplicationNames[0].Text;
record.ApplicationType = (int)application.ApplicationType;
record.ProductUri = application.ProductUri;
record.ServerCapabilities = capabilities.ToString();
if (isNew)
{
Applications.Add(record);
}
SaveChanges();
if (application.DiscoveryUrls != null)
{
foreach (var discoveryUrl in application.DiscoveryUrls)
{
ServerEndpoints.Add(new ServerEndpoint()
{
ApplicationId = record.ApplicationId,
DiscoveryUrl = discoveryUrl
});
}
}
if (application.ApplicationNames != null && application.ApplicationNames.Count > 0)
{
foreach (var applicationName in application.ApplicationNames)
{
ApplicationNames.Add(new ApplicationName()
{
ApplicationId = record.ApplicationId,
Locale = applicationName.Locale,
Text = applicationName.Text
});
}
}
SaveChanges();
return(new NodeId(applicationId, NamespaceIndex));
}
}
public virtual async Task <X509Certificate2> SigningRequestAsync(
ApplicationRecordDataType application,
string[] domainNames,
byte[] certificateRequest)
{
try
{
var pkcs10CertificationRequest = new Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest(certificateRequest);
if (!pkcs10CertificationRequest.Verify())
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "CSR signature invalid.");
}
var info = pkcs10CertificationRequest.GetCertificationRequestInfo();
var altNameExtension = GetAltNameExtensionFromCSRInfo(info);
if (altNameExtension != null)
{
if (altNameExtension.Uris.Count > 0)
{
if (!altNameExtension.Uris.Contains(application.ApplicationUri))
{
throw new ServiceResultException(StatusCodes.BadCertificateUriInvalid,
"CSR AltNameExtension does not match " + application.ApplicationUri);
}
}
if (altNameExtension.IPAddresses.Count > 0 || altNameExtension.DomainNames.Count > 0)
{
var domainNameList = new List <string>();
domainNameList.AddRange(altNameExtension.DomainNames);
domainNameList.AddRange(altNameExtension.IPAddresses);
domainNames = domainNameList.ToArray();
}
}
DateTime yesterday = DateTime.Today.AddDays(-1);
using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty).ConfigureAwait(false))
{
return(CertificateFactory.CreateCertificate(
application.ApplicationUri,
null,
info.Subject.ToString(),
domainNames)
.SetNotBefore(yesterday)
.SetLifeTime(Configuration.DefaultCertificateLifetime)
.SetHashAlgorithm(X509Utils.GetRSAHashAlgorithmName(Configuration.DefaultCertificateHashSize))
.SetIssuer(signingKey)
.SetRSAPublicKey(info.SubjectPublicKeyInfo.GetEncoded())
.CreateForRSA());
}
}
catch (Exception ex)
{
if (ex is ServiceResultException)
{
throw ex as ServiceResultException;
}
throw new ServiceResultException(StatusCodes.BadInvalidArgument, ex.Message);
}
}
public override NodeId RegisterApplication(
ApplicationRecordDataType application
)
{
bool isUpdate = true;
string applicationId = null;
NodeId appNodeId = base.RegisterApplication(application);
if (NodeId.IsNull(appNodeId))
{
isUpdate = false;
}
else
{
applicationId = OpcVaultClientHelper.GetServiceIdFromNodeId(appNodeId, NamespaceIndex);
}
string capabilities = base.ServerCapabilities(application);
ApplicationRecordApiModel applicationModel = new ApplicationRecordApiModel(
ApplicationState.New,
(Microsoft.Azure.IIoT.OpcUa.Api.Vault.Models.ApplicationType)application.ApplicationType,
applicationId
)
{
ApplicationUri = application.ApplicationUri,
ApplicationName = application.ApplicationNames[0].Text,
//ApplicationType = (ApplicationType)application.ApplicationType,
ProductUri = application.ProductUri,
ServerCapabilities = capabilities
};
if (application.DiscoveryUrls != null)
{
applicationModel.DiscoveryUrls = application.DiscoveryUrls.ToArray();
}
if (application.ApplicationNames != null && application.ApplicationNames.Count > 0)
{
var applicationNames = new List <ApplicationNameApiModel>();
foreach (var applicationName in application.ApplicationNames)
{
applicationNames.Add(new ApplicationNameApiModel()
{
Locale = applicationName.Locale,
Text = applicationName.Text
});
}
applicationModel.ApplicationNames = applicationNames.ToArray();
}
if (isUpdate)
{
applicationModel = _opcVaultServiceClient.UpdateApplication(applicationId, applicationModel);
}
else
{
applicationModel = _opcVaultServiceClient.RegisterApplication(applicationModel);
applicationId = applicationModel.ApplicationId;
}
return(OpcVaultClientHelper.GetNodeIdFromServiceId(applicationId, NamespaceIndex));
}
