/// <summary> /// Creates a ListOfSecurityProfiles object. /// </summary> public static ListOfSecurityProfiles ToListOfSecurityProfiles(ServerSecurityPolicyCollection policies) { ListOfSecurityProfiles profiles = new ListOfSecurityProfiles(); profiles.Add(CreateProfile(SecurityPolicies.None)); profiles.Add(CreateProfile(SecurityPolicies.Basic128Rsa15)); profiles.Add(CreateProfile(SecurityPolicies.Basic256)); profiles.Add(CreateProfile(SecurityPolicies.Basic256Sha256)); if (policies != null) { for (int ii = 0; ii < policies.Count; ii++) { for (int jj = 0; jj < profiles.Count; jj++) { if (policies[ii].SecurityPolicyUri == profiles[jj].ProfileUri) { profiles[jj].Enabled = true; } } } } return(profiles); }
/// <summary> /// Add security policy if it doesn't exist yet. /// </summary> /// <param name="policies">The collection to which the policies are added.</param> /// <param name="securityMode">The message security mode.</param> /// <param name="policyUri">The security policy Uri.</param> private bool InternalAddPolicy(ServerSecurityPolicyCollection policies, MessageSecurityMode securityMode, string policyUri) { if (securityMode == MessageSecurityMode.Invalid) { throw new ArgumentException("Invalid security mode selected", nameof(securityMode)); } var newPolicy = new ServerSecurityPolicy() { SecurityMode = securityMode, SecurityPolicyUri = policyUri }; if (policies.Find(s => s.SecurityMode == newPolicy.SecurityMode && string.Equals(s.SecurityPolicyUri, newPolicy.SecurityPolicyUri, StringComparison.Ordinal) ) == null) { policies.Add(newPolicy); return(true); } return(false); }
/// <summary> /// Creates a ServerSecurityPolicyCollection object. /// </summary> public static ServerSecurityPolicyCollection FromListOfSecurityProfiles(ListOfSecurityProfiles profiles) { ServerSecurityPolicyCollection policies = new ServerSecurityPolicyCollection(); if (profiles != null) { for (int ii = 0; ii < profiles.Count; ii++) { if (profiles[ii].Enabled) { policies.Add(CreatePolicy(profiles[ii].ProfileUri)); } } } if (policies.Count == 0) { policies.Add(CreatePolicy(SecurityPolicies.None)); } return(policies); }
private ApplicationConfiguration GetDefaultConfiguration(string url) { ApplicationConfiguration config = new ApplicationConfiguration(); // 签名及加密验证 ServerSecurityPolicyCollection policies = new ServerSecurityPolicyCollection( ); if (Util.SharpSettings.SecurityPolicyNone) { policies.Add(new ServerSecurityPolicy( ) { SecurityMode = MessageSecurityMode.None, SecurityPolicyUri = SecurityPolicies.None }); } if (Util.SharpSettings.SecurityPolicyBasic128_Sign) { policies.Add(new ServerSecurityPolicy( ) { SecurityMode = MessageSecurityMode.Sign, SecurityPolicyUri = SecurityPolicies.Basic128Rsa15 }); } if (Util.SharpSettings.SecurityPolicyBasic128_Sign_Encrypt) { policies.Add(new ServerSecurityPolicy( ) { SecurityMode = MessageSecurityMode.SignAndEncrypt, SecurityPolicyUri = SecurityPolicies.Basic128Rsa15 }); } if (Util.SharpSettings.SecurityPolicyBasic256_Sign) { policies.Add(new ServerSecurityPolicy( ) { SecurityMode = MessageSecurityMode.Sign, SecurityPolicyUri = SecurityPolicies.Basic256 }); } if (Util.SharpSettings.SecurityPolicyBasic256_Sign_Encrypt) { policies.Add(new ServerSecurityPolicy( ) { SecurityMode = MessageSecurityMode.SignAndEncrypt, SecurityPolicyUri = SecurityPolicies.Basic256 }); } // 用户名验证 UserTokenPolicyCollection userTokens = new UserTokenPolicyCollection( ); if (Util.SharpSettings.SecurityAnonymous) { userTokens.Add(new UserTokenPolicy(UserTokenType.Anonymous)); } if (Util.SharpSettings.SecurityAccount) { userTokens.Add(new UserTokenPolicy(UserTokenType.UserName)); } config.ApplicationName = "OpcUaServer"; config.ApplicationType = ApplicationType.Server; config.SecurityConfiguration = new SecurityConfiguration() { ApplicationCertificate = new CertificateIdentifier() { StoreType = "Directory", StorePath = @"%CommonApplicationData%\OPC Foundation\CertificateStores\MachineDefault", SubjectName = config.ApplicationName, }, TrustedPeerCertificates = new CertificateTrustList() { StoreType = "Directory", StorePath = @"%CommonApplicationData%\OPC Foundation\CertificateStores\UA Applications", }, TrustedIssuerCertificates = new CertificateTrustList() { StoreType = "Directory", StorePath = @"%CommonApplicationData%\OPC Foundation\CertificateStores\UA Certificate Authorities", }, RejectedCertificateStore = new CertificateStoreIdentifier() { StoreType = "Directory", StorePath = @"% CommonApplicationData%\OPC Foundation\CertificateStores\RejectedCertificates" } }; config.TransportConfigurations = new TransportConfigurationCollection(); config.TransportQuotas = new TransportQuotas(); config.ServerConfiguration = new ServerConfiguration( ) { // 配置登录的地址 BaseAddresses = new string[] { url }, SecurityPolicies = policies, UserTokenPolicies = userTokens, DiagnosticsEnabled = false, // 是否启用诊断 MaxSessionCount = 1000, // 最大打开会话数 MinSessionTimeout = 10000, // 允许该会话在与客户端断开时(单位毫秒)仍然保持连接的最小时间 MaxSessionTimeout = 60000, // 允许该会话在与客户端断开时(单位毫秒)仍然保持连接的最大时间 MaxBrowseContinuationPoints = 1000, // 用于Browse / BrowseNext操作的连续点的最大数量。 MaxQueryContinuationPoints = 1000, // 用于Query / QueryNext操作的连续点的最大数量 MaxHistoryContinuationPoints = 500, // 用于HistoryRead操作的最大连续点数。 MaxRequestAge = 1000000, // 传入请求的最大年龄(旧请求被拒绝)。 MinPublishingInterval = 100, // 服务器支持的最小发布间隔(以毫秒为单位) MaxPublishingInterval = 3600000, // 服务器支持的最大发布间隔(以毫秒为单位)1小时 PublishingResolution = 50, // 支持的发布间隔(以毫秒为单位)的最小差异 MaxSubscriptionLifetime = 3600000, // 订阅将在没有客户端发布的情况下保持打开多长时间 1小时 MaxMessageQueueSize = 100, // 每个订阅队列中保存的最大消息数 MaxNotificationQueueSize = 100, // 为每个被监视项目保存在队列中的最大证书数 MaxNotificationsPerPublish = 1000, // 每次发布的最大通知数 MinMetadataSamplingInterval = 1000, // 元数据的最小采样间隔 AvailableSamplingRates = new SamplingRateGroupCollection(new List <SamplingRateGroup>() { new SamplingRateGroup(5, 5, 20), new SamplingRateGroup(100, 100, 4), new SamplingRateGroup(500, 250, 2), new SamplingRateGroup(1000, 500, 20), }), // 可用的采样率 MaxRegistrationInterval = 30000, // 两次注册尝试之间的最大时间(以毫秒为单位) //NodeManagerSaveFile = string.Empty,// 包含节点的文件的路径由核心节点管理器持久化 ?? }; config.CertificateValidator = new CertificateValidator(); config.CertificateValidator.Update(config); config.Extensions = new XmlElementCollection(); return(config); }
/// <summary> /// Updates the application configuration with the values from the installation configuration. /// </summary> /// <param name="configuration">The configuration to update.</param> protected virtual void UpdateAppConfigWithInstallConfig(ApplicationConfiguration configuration) { // override the application name. if (InstallConfig.ApplicationName != null) { if (configuration.SecurityConfiguration != null && configuration.SecurityConfiguration.ApplicationCertificate != null) { if (configuration.SecurityConfiguration.ApplicationCertificate.SubjectName == configuration.ApplicationName) { configuration.SecurityConfiguration.ApplicationCertificate.SubjectName = InstallConfig.ApplicationName; } } configuration.ApplicationName = InstallConfig.ApplicationName; } if (InstallConfig.ApplicationUri != null) { configuration.ApplicationUri = InstallConfig.ApplicationUri; } // replace localhost with the current machine name. if (configuration.ApplicationUri != null) { int index = configuration.ApplicationUri.IndexOf("localhost", StringComparison.OrdinalIgnoreCase); if (index != -1) { StringBuilder buffer = new StringBuilder(); buffer.Append(configuration.ApplicationUri.Substring(0, index)); buffer.Append(System.Net.Dns.GetHostName()); buffer.Append(configuration.ApplicationUri.Substring(index+"localhost".Length)); configuration.ApplicationUri = buffer.ToString(); } } ServerBaseConfiguration serverConfiguration = null; if (configuration.ServerConfiguration != null) { serverConfiguration = configuration.ServerConfiguration; } else if (configuration.DiscoveryServerConfiguration != null) { serverConfiguration = configuration.DiscoveryServerConfiguration; } if (serverConfiguration != null) { if (InstallConfig.BaseAddresses != null && InstallConfig.BaseAddresses.Count > 0) { Dictionary<string, string> addresses = new Dictionary<string, string>(); serverConfiguration.BaseAddresses.Clear(); for (int ii = 0; ii < InstallConfig.BaseAddresses.Count; ii++) { Uri url = Utils.ParseUri(InstallConfig.BaseAddresses[ii]); if (url != null) { if (!addresses.ContainsKey(url.Scheme)) { serverConfiguration.BaseAddresses.Add(url.ToString()); addresses.Add(url.Scheme, String.Empty); } else { serverConfiguration.AlternateBaseAddresses.Add(url.ToString()); } } } } if (InstallConfig.SecurityProfiles != null && InstallConfig.SecurityProfiles.Count > 0) { ServerSecurityPolicyCollection securityPolicies = new ServerSecurityPolicyCollection(); for (int ii = 0; ii < InstallConfig.SecurityProfiles.Count; ii++) { for (int jj = 0; jj < serverConfiguration.SecurityPolicies.Count; jj++) { if (serverConfiguration.SecurityPolicies[jj].SecurityPolicyUri == InstallConfig.SecurityProfiles[ii].ProfileUri) { securityPolicies.Add(serverConfiguration.SecurityPolicies[jj]); } } } serverConfiguration.SecurityPolicies = securityPolicies; } } if (InstallConfig.ApplicationCertificate != null) { configuration.SecurityConfiguration.ApplicationCertificate.StoreType = InstallConfig.ApplicationCertificate.StoreType; configuration.SecurityConfiguration.ApplicationCertificate.StorePath = InstallConfig.ApplicationCertificate.StorePath; if (String.IsNullOrEmpty(InstallConfig.ApplicationCertificate.SubjectName)) { configuration.SecurityConfiguration.ApplicationCertificate.SubjectName = InstallConfig.ApplicationCertificate.SubjectName; } } if (InstallConfig.RejectedCertificatesStore != null) { configuration.SecurityConfiguration.RejectedCertificateStore = Opc.Ua.Security.SecuredApplication.FromCertificateStoreIdentifier(InstallConfig.RejectedCertificatesStore); } if (InstallConfig.IssuerCertificateStore != null) { configuration.SecurityConfiguration.TrustedIssuerCertificates.StoreType = InstallConfig.IssuerCertificateStore.StoreType; configuration.SecurityConfiguration.TrustedIssuerCertificates.StorePath = InstallConfig.IssuerCertificateStore.StorePath; configuration.SecurityConfiguration.TrustedIssuerCertificates.ValidationOptions = (CertificateValidationOptions)(int)InstallConfig.IssuerCertificateStore.ValidationOptions; } if (InstallConfig.TrustedCertificateStore != null) { configuration.SecurityConfiguration.TrustedPeerCertificates.StoreType = InstallConfig.TrustedCertificateStore.StoreType; configuration.SecurityConfiguration.TrustedPeerCertificates.StorePath = InstallConfig.TrustedCertificateStore.StorePath; configuration.SecurityConfiguration.TrustedPeerCertificates.ValidationOptions = (CertificateValidationOptions)(int)InstallConfig.TrustedCertificateStore.ValidationOptions; } configuration.CertificateValidator.Update(configuration); }
/// <summary> /// Creates a ServerSecurityPolicyCollection object. /// </summary> public static ServerSecurityPolicyCollection FromListOfSecurityProfiles(ListOfSecurityProfiles profiles) { ServerSecurityPolicyCollection policies = new ServerSecurityPolicyCollection(); if (profiles != null) { for (int ii = 0; ii < profiles.Count; ii++) { if (profiles[ii].Enabled) { policies.Add(CreatePolicy(profiles[ii].ProfileUri)); } } } if (policies.Count == 0) { policies.Add(CreatePolicy(SecurityPolicies.None)); } return policies; }
/// <summary> /// Creates a ListOfSecurityProfiles object. /// </summary> public static ListOfSecurityProfiles ToListOfSecurityProfiles(ServerSecurityPolicyCollection policies) { ListOfSecurityProfiles profiles = new ListOfSecurityProfiles(); profiles.Add(CreateProfile(SecurityPolicies.None)); profiles.Add(CreateProfile(SecurityPolicies.Basic128Rsa15)); profiles.Add(CreateProfile(SecurityPolicies.Basic256)); if (policies != null) { for (int ii = 0; ii < policies.Count; ii++) { for (int jj = 0; jj < profiles.Count; jj++) { if (policies[ii].SecurityPolicyUri == profiles[jj].ProfileUri) { profiles[jj].Enabled = true; } } } } return profiles; }
/// <summary> /// hardcoded application configuration of the collector server/client /// </summary> /// <returns>application configuration of the collector server/client</returns> public static ApplicationConfiguration getConfiguration() { //not fully implemented ApplicationConfiguration config = new ApplicationConfiguration(); config.ApplicationName = "Collector Server"; //config.ApplicationType = null; config.ApplicationUri = @"urn:localhost:UA:InformationModelServer"; //config.CertificateValidator = null; //config.ClientConfiguration = null; //config.DisableHiResClock = null; //config.DiscoveryServerConfiguration = null; #region Extensions List <XmlElement> config_extensions = new List <XmlElement>(); #endregion config.Extensions = new XmlElementCollection(); //config.MessageContext = null; config.ProductUri = @"http://opcfoundation.org/UA/InformationModelServer"; //config.Properties = null; //config.PropertiesLock = null; #region Security Configuration SecurityConfiguration config_security = new SecurityConfiguration(); CertificateIdentifier config_security_certificate = new CertificateIdentifier(); config_security_certificate.StoreType = "Directory"; config_security_certificate.StorePath = @"%CommonApplicationData%\OPC Foundation\pki\own"; config_security_certificate.SubjectName = @"CN = Demo Server, C = US, S = Arizona, O = OPC Foundation, DC = localhost"; config_security.ApplicationCertificate = config_security_certificate; CertificateTrustList config_trustedIssuer = new CertificateTrustList(); config_trustedIssuer.StoreType = "Directory"; config_trustedIssuer.StorePath = @"%CommonApplicationData%\OPC Foundation\pki\issuer"; config_security.TrustedIssuerCertificates = config_trustedIssuer; CertificateTrustList config_security_trustedPeer = new CertificateTrustList(); config_security_trustedPeer.StoreType = "Directory"; config_security_trustedPeer.StorePath = @"%CommonApplicationData%\OPC Foundation\pki\trusted"; config_security.TrustedPeerCertificates = config_security_trustedPeer; CertificateStoreIdentifier config_security_rejected = new CertificateStoreIdentifier(); config_security_rejected.StoreType = "Directory"; config_security_rejected.StorePath = @"%CommonApplicationData%\OPC Foundation\pki\rejected"; config_security.RejectedCertificateStore = config_security_rejected; #endregion config.SecurityConfiguration = config_security; //config_security.ApplicationCertificate = null; #region ServerConfiguration ServerConfiguration config_server = new ServerConfiguration(); List <string> config_server_baseAdress = new List <string>(); config_server_baseAdress.Add(@"https://*****:*****@"opc.tcp://localhost:51210/CollectorServer"); config_server.BaseAddresses = new StringCollection(config_server_baseAdress); List <ServerSecurityPolicy> config_server_policies = new List <ServerSecurityPolicy>(); ServerSecurityPolicy tmp_pol1 = new ServerSecurityPolicy(); tmp_pol1.SecurityMode = MessageSecurityMode.SignAndEncrypt; tmp_pol1.SecurityPolicyUri = @"http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"; config_server_policies.Add(tmp_pol1); ServerSecurityPolicy tmp_pol2 = new ServerSecurityPolicy(); tmp_pol2.SecurityMode = MessageSecurityMode.None; tmp_pol2.SecurityPolicyUri = @"http://opcfoundation.org/UA/SecurityPolicy#None"; config_server_policies.Add(tmp_pol2); ServerSecurityPolicy tmp_pol3 = new ServerSecurityPolicy(); tmp_pol3.SecurityMode = MessageSecurityMode.Sign; tmp_pol3.SecurityPolicyUri = @""; config_server_policies.Add(tmp_pol3); ServerSecurityPolicy tmp_pol4 = new ServerSecurityPolicy(); tmp_pol4.SecurityMode = MessageSecurityMode.SignAndEncrypt; tmp_pol4.SecurityPolicyUri = @""; ServerSecurityPolicyCollection config_server_policy = new ServerSecurityPolicyCollection(config_server_policies); config_server.SecurityPolicies = config_server_policy; List <UserTokenPolicy> config_server_userTokenPolicies = new List <UserTokenPolicy>(); config_server_userTokenPolicies.Add(new UserTokenPolicy(UserTokenType.Anonymous)); config_server_userTokenPolicies.Add(new UserTokenPolicy(UserTokenType.UserName)); config_server_userTokenPolicies.Add(new UserTokenPolicy(UserTokenType.Certificate)); config_server.UserTokenPolicies = new UserTokenPolicyCollection(config_server_userTokenPolicies); config_server.DiagnosticsEnabled = false; config_server.MaxSessionCount = 100; config_server.MinSessionTimeout = 10000; config_server.MaxSessionTimeout = 3600000; config_server.MaxBrowseContinuationPoints = 10; config_server.MaxQueryContinuationPoints = 10; config_server.MaxHistoryContinuationPoints = 100; config_server.MaxRequestAge = 600000; config_server.MinPublishingInterval = 100; config_server.MaxPublishingInterval = 3600000; config_server.PublishingResolution = 50; config_server.MaxSubscriptionLifetime = 3600000; config_server.MaxMessageQueueSize = 10; config_server.MaxNotificationQueueSize = 100; config_server.MaxNotificationsPerPublish = 1000; config_server.MinMetadataSamplingInterval = 1000; List <SamplingRateGroup> config_server_samplingRateGroups = new List <SamplingRateGroup>(); config_server_samplingRateGroups.Add(new SamplingRateGroup(5, 5, 20)); config_server_samplingRateGroups.Add(new SamplingRateGroup(100, 100, 4)); config_server_samplingRateGroups.Add(new SamplingRateGroup(500, 250, 2)); config_server_samplingRateGroups.Add(new SamplingRateGroup(1000, 500, 20)); config_server.AvailableSamplingRates = new SamplingRateGroupCollection(config_server_samplingRateGroups); config_server.MaxRegistrationInterval = 30000; #endregion config.ServerConfiguration = config_server; //config.SourceFilePath = null; #region TraceConfiguration TraceConfiguration config_traceConfiguration = new TraceConfiguration(); config_traceConfiguration.OutputFilePath = @"Logs\Quickstarts.BoilerServer.log.txt"; config_traceConfiguration.DeleteOnLoad = true; config_traceConfiguration.TraceMasks = 515; #endregion config.TraceConfiguration = config_traceConfiguration; config.TransportConfigurations = new TransportConfigurationCollection(); #region TransportQuotas TransportQuotas config_transportQuotas = new TransportQuotas(); config_transportQuotas.OperationTimeout = 600000; config_transportQuotas.MaxStringLength = 1048576; config_transportQuotas.MaxByteStringLength = 1048576; config_transportQuotas.MaxArrayLength = 65535; config_transportQuotas.ChannelLifetime = 300000; config_transportQuotas.SecurityTokenLifetime = 3600000; #endregion config.TransportQuotas = config_transportQuotas; return(config); }