/// <summary>
/// Encrypts the DecryptedPassword using the EncryptionAlgorithm and places the result in Password
/// </summary>
public override void Encrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri)
{
if (m_decryptedPassword == null)
{
m_password = null;
return;
}
// handle no encryption.
if (String.IsNullOrEmpty(securityPolicyUri) || securityPolicyUri == SecurityPolicies.None)
{
m_password = new UTF8Encoding().GetBytes(DecryptedPassword);
m_encryptionAlgorithm = null;
return;
}
// encrypt the password.
byte[] dataToEncrypt = Utils.Append(new UTF8Encoding().GetBytes(DecryptedPassword), senderNonce);
EncryptedData encryptedData = SecurityPolicies.Encrypt(
certificate,
securityPolicyUri,
dataToEncrypt);
m_password = encryptedData.Data;
m_encryptionAlgorithm = encryptedData.Algorithm;
}
/// <summary>
/// Verifies a signature created with the token.
/// </summary>
public override bool Verify(byte[] dataToVerify, SignatureData signatureData, string securityPolicyUri)
{
try
{
X509Certificate2 certificate = m_certificate;
if (certificate == null)
{
certificate = CertificateFactory.Create(m_certificateData, true);
}
bool valid = SecurityPolicies.Verify(
certificate,
securityPolicyUri,
dataToVerify,
signatureData);
m_certificateData = certificate.RawData;
return(valid);
}
catch (Exception e)
{
throw ServiceResultException.Create(StatusCodes.BadIdentityTokenInvalid, e, "Could not verify user signature!");
}
}
/// <summary>
/// Decrypts the Password using the EncryptionAlgorithm and places the result in DecryptedPassword
/// </summary>
public override void Decrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri)
{
EncryptedData encryptedData = new EncryptedData();
encryptedData.Data = m_tokenData;
encryptedData.Algorithm = m_encryptionAlgorithm;
byte[] decryptedTokenData = SecurityPolicies.Decrypt(
certificate,
securityPolicyUri,
encryptedData);
// verify the sender's nonce.
int startOfNonce = decryptedTokenData.Length;
if (senderNonce != null)
{
startOfNonce -= senderNonce.Length;
for (int ii = 0; ii < senderNonce.Length; ii++)
{
if (senderNonce[ii] != decryptedTokenData[ii + startOfNonce])
{
throw new ServiceResultException(StatusCodes.BadSecurityChecksFailed);
}
}
}
// copy results.
m_decryptedTokenData = new byte[startOfNonce];
Array.Copy(decryptedTokenData, m_decryptedTokenData, startOfNonce);
}
/// <summary>
/// Encrypts the DecryptedTokenData using the EncryptionAlgorithm and places the result in Password
/// </summary>
public override void Encrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri)
{
byte[] dataToEncrypt = Utils.Append(m_decryptedTokenData, senderNonce);
EncryptedData encryptedData = SecurityPolicies.Encrypt(
certificate,
securityPolicyUri,
dataToEncrypt);
m_tokenData = encryptedData.Data;
m_encryptionAlgorithm = encryptedData.Algorithm;
}
/// <summary>
/// Returns the string representation of the object.
/// </summary>
/// <param name="format">(Unused). Always pass NULL/NOTHING</param>
/// <param name="formatProvider">(Unused). Always pass NULL/NOTHING</param>
/// <exception cref="FormatException">Thrown if non-null parameters are used</exception>
public string ToString(string format, IFormatProvider formatProvider)
{
if (format == null)
{
return(Utils.Format(
"{0} - [{1}:{2}:{3}]",
m_description.EndpointUrl,
m_description.SecurityMode,
SecurityPolicies.GetDisplayName(m_description.SecurityPolicyUri),
(m_configuration != null && m_configuration.UseBinaryEncoding)?"Binary":"XML"));
}
throw new FormatException(Utils.Format("Invalid format string: '{0}'.", format));
}
/// <summary>
/// Decrypts the Password using the EncryptionAlgorithm and places the result in DecryptedPassword
/// </summary>
public override void Decrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri)
{
// handle no encryption.
if (String.IsNullOrEmpty(securityPolicyUri) || securityPolicyUri == SecurityPolicies.None)
{
m_decryptedPassword = new UTF8Encoding().GetString(m_password, 0, m_password.Length);
return;
}
// decrypt.
EncryptedData encryptedData = new EncryptedData();
encryptedData.Data = m_password;
encryptedData.Algorithm = m_encryptionAlgorithm;
byte[] decryptedPassword = SecurityPolicies.Decrypt(
certificate,
securityPolicyUri,
encryptedData);
if (decryptedPassword == null)
{
m_decryptedPassword = null;
return;
}
// verify the sender's nonce.
int startOfNonce = decryptedPassword.Length;
if (senderNonce != null)
{
startOfNonce -= senderNonce.Length;
int result = 0;
for (int ii = 0; ii < senderNonce.Length; ii++)
{
result |= senderNonce[ii] ^ decryptedPassword[ii + startOfNonce];
}
if (result != 0)
{
throw new ServiceResultException(StatusCodes.BadIdentityTokenRejected);
}
}
// convert to UTF-8.
m_decryptedPassword = new UTF8Encoding().GetString(decryptedPassword, 0, startOfNonce);
}
/// <summary>
/// Creates a signature with the token.
/// </summary>
public override SignatureData Sign(byte[] dataToSign, string securityPolicyUri)
{
X509Certificate2 certificate = m_certificate;
if (certificate == null)
{
certificate = CertificateFactory.Create(m_certificateData, true);
}
SignatureData signatureData = SecurityPolicies.Sign(
certificate,
securityPolicyUri,
dataToSign);
m_certificateData = certificate.GetRawCertData();
return(signatureData);
}
/// <summary>
/// Creates a signature with the token.
/// </summary>
public override SignatureData Sign(byte[] dataToSign, string securityPolicyUri)
{
X509Certificate2 certificate = m_certificate;
if (certificate == null)
{
certificate = new X509Certificate2(m_certificateData);
}
SignatureData signatureData = SecurityPolicies.Sign(
certificate,
securityPolicyUri,
dataToSign);
m_certificateData = certificate.RawData;
return(signatureData);
}
/// <summary>
/// Verifies a signature created with the token.
/// </summary>
public override bool Verify(byte[] dataToVerify, SignatureData signatureData, string securityPolicyUri)
{
X509Certificate2 certificate = m_certificate;
if (certificate == null)
{
certificate = CertificateFactory.Create(m_certificateData, true);
}
bool valid = SecurityPolicies.Verify(
certificate,
securityPolicyUri,
dataToVerify,
signatureData);
m_certificateData = certificate.GetRawCertData();
return(valid);
}
/// <summary>
/// Verifies a signature created with the token.
/// </summary>
public override bool Verify(byte[] dataToVerify, SignatureData signatureData, string securityPolicyUri)
{
X509Certificate2 certificate = m_certificate;
if (certificate == null)
{
certificate = new X509Certificate2(m_certificateData);
}
bool valid = SecurityPolicies.Verify(
certificate,
securityPolicyUri,
dataToVerify,
signatureData);
m_certificateData = certificate.RawData;
return(valid);
}
/// <summary>
/// Encrypts the DecryptedTokenData using the EncryptionAlgorithm and places the result in Password
/// </summary>
public override void Encrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri)
{
// handle no encryption.
if (String.IsNullOrEmpty(securityPolicyUri) || securityPolicyUri == SecurityPolicies.None)
{
m_tokenData = m_decryptedTokenData;
m_encryptionAlgorithm = String.Empty;
return;
}
byte[] dataToEncrypt = Utils.Append(m_decryptedTokenData, senderNonce);
EncryptedData encryptedData = SecurityPolicies.Encrypt(
certificate,
securityPolicyUri,
dataToEncrypt);
m_tokenData = encryptedData.Data;
m_encryptionAlgorithm = encryptedData.Algorithm;
}
/// <summary>
/// Decrypts the Password using the EncryptionAlgorithm and places the result in DecryptedPassword
/// </summary>
public override void Decrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri)
{
// handle no encryption.
if (String.IsNullOrEmpty(securityPolicyUri) || securityPolicyUri == SecurityPolicies.None)
{
m_decryptedTokenData = m_tokenData;
return;
}
EncryptedData encryptedData = new EncryptedData();
encryptedData.Data = m_tokenData;
encryptedData.Algorithm = m_encryptionAlgorithm;
byte[] decryptedTokenData = SecurityPolicies.Decrypt(
certificate,
securityPolicyUri,
encryptedData);
// verify the sender's nonce.
int startOfNonce = decryptedTokenData.Length;
if (senderNonce != null)
{
startOfNonce -= senderNonce.Length;
for (int ii = 0; ii < senderNonce.Length; ii++)
{
if (senderNonce[ii] != decryptedTokenData[ii + startOfNonce])
{
throw new ServiceResultException(StatusCodes.BadIdentityTokenRejected);
}
}
}
// copy results.
m_decryptedTokenData = new byte[startOfNonce];
Array.Copy(decryptedTokenData, m_decryptedTokenData, startOfNonce);
}
/// <summary>
/// Creates a new endpoint from a url that is not part of the collection.
/// </summary>
/// <remarks>
/// Call the Add() method to add it to the collection.
/// </remarks>
public ConfiguredEndpoint Create(string url)
{
// check for security parameters appended to the URL
string parameters = null;
int index = url.IndexOf("- [", StringComparison.Ordinal);
if (index != -1)
{
parameters = url.Substring(index + 3);
url = url.Substring(0, index).Trim();
}
MessageSecurityMode securityMode = MessageSecurityMode.SignAndEncrypt;
string securityPolicyUri = SecurityPolicies.Basic128Rsa15;
bool useBinaryEncoding = true;
if (!String.IsNullOrEmpty(parameters))
{
string[] fields = parameters.Split(new char[] { '-', '[', ':', ']' }, StringSplitOptions.RemoveEmptyEntries);
try
{
if (fields.Length > 0)
{
securityMode = (MessageSecurityMode)Enum.Parse(typeof(MessageSecurityMode), fields[0], false);
}
else
{
securityMode = MessageSecurityMode.None;
}
}
catch
{
securityMode = MessageSecurityMode.None;
}
try
{
if (fields.Length > 1)
{
securityPolicyUri = SecurityPolicies.GetUri(fields[1]);
}
else
{
securityPolicyUri = SecurityPolicies.None;
}
}
catch
{
securityPolicyUri = SecurityPolicies.None;
}
try
{
if (fields.Length > 2)
{
useBinaryEncoding = fields[2] == "Binary";
}
else
{
useBinaryEncoding = false;
}
}
catch
{
useBinaryEncoding = false;
}
}
Uri uri = new Uri(url);
EndpointDescription description = new EndpointDescription();
description.EndpointUrl = uri.ToString();
description.SecurityMode = securityMode;
description.SecurityPolicyUri = securityPolicyUri;
description.Server.ApplicationUri = Utils.UpdateInstanceUri(uri.ToString());
description.Server.ApplicationName = uri.AbsolutePath;
if (description.EndpointUrl.StartsWith(Utils.UriSchemeOpcTcp, StringComparison.Ordinal))
{
description.TransportProfileUri = Profiles.UaTcpTransport;
description.Server.DiscoveryUrls.Add(description.EndpointUrl);
}
else if (description.EndpointUrl.StartsWith(Utils.UriSchemeHttps, StringComparison.Ordinal))
{
description.TransportProfileUri = Profiles.HttpsBinaryTransport;
description.Server.DiscoveryUrls.Add(description.EndpointUrl);
}
ConfiguredEndpoint endpoint = new ConfiguredEndpoint(this, description, null);
endpoint.Configuration.UseBinaryEncoding = useBinaryEncoding;
endpoint.UpdateBeforeConnect = true;
return(endpoint);
}
