private ServiceResult Open(
ISystemContext context,
MethodState method,
NodeId objectId,
OpenFileMode mode,
TrustListMasks masks,
ref uint fileHandle)
{
HasSecureReadAccess(context);
if (mode == OpenFileMode.Read)
{
HasSecureReadAccess(context);
}
else if (mode == (OpenFileMode.Write | OpenFileMode.EraseExisting))
{
HasSecureWriteAccess(context);
}
else
{
return(StatusCodes.BadNotWritable);
}
lock (m_lock)
{
if (m_sessionId != null)
{
// to avoid deadlocks, last open always wins
m_sessionId = null;
m_strm = null;
m_node.OpenCount.Value = 0;
}
m_readMode = mode == OpenFileMode.Read;
m_sessionId = context.SessionId;
fileHandle = ++m_fileHandle;
TrustListDataType trustList = new TrustListDataType()
{
SpecifiedLists = (uint)masks
};
using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(m_trustedStorePath))
{
if ((masks & TrustListMasks.TrustedCertificates) != 0)
{
X509Certificate2Collection certificates = store.Enumerate().Result;
foreach (var certificate in certificates)
{
trustList.TrustedCertificates.Add(certificate.RawData);
}
}
if ((masks & TrustListMasks.TrustedCrls) != 0)
{
foreach (var crl in store.EnumerateCRLs())
{
trustList.TrustedCrls.Add(crl.RawData);
}
}
}
using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(m_issuerStorePath))
{
if ((masks & TrustListMasks.IssuerCertificates) != 0)
{
X509Certificate2Collection certificates = store.Enumerate().Result;
foreach (var certificate in certificates)
{
trustList.IssuerCertificates.Add(certificate.RawData);
}
}
if ((masks & TrustListMasks.IssuerCrls) != 0)
{
foreach (var crl in store.EnumerateCRLs())
{
trustList.IssuerCrls.Add(crl.RawData);
}
}
}
if (m_readMode)
{
m_strm = EncodeTrustListData(context, trustList);
}
else
{
m_strm = new MemoryStream(DefaultTrustListCapacity);
}
m_node.OpenCount.Value = 1;
}
return(ServiceResult.Good);
}
private bool AddTrustListToStore(SecurityConfiguration config, TrustListDataType trustList)
{
TrustListMasks masks = (TrustListMasks)trustList.SpecifiedLists;
X509Certificate2Collection issuerCertificates = null;
List <X509CRL> issuerCrls = null;
X509Certificate2Collection trustedCertificates = null;
List <X509CRL> trustedCrls = null;
// test integrity of all CRLs
if ((masks & TrustListMasks.IssuerCertificates) != 0)
{
issuerCertificates = new X509Certificate2Collection();
foreach (var cert in trustList.IssuerCertificates)
{
issuerCertificates.Add(new X509Certificate2(cert));
}
}
if ((masks & TrustListMasks.IssuerCrls) != 0)
{
issuerCrls = new List <X509CRL>();
foreach (var crl in trustList.IssuerCrls)
{
issuerCrls.Add(new X509CRL(crl));
}
}
if ((masks & TrustListMasks.TrustedCertificates) != 0)
{
trustedCertificates = new X509Certificate2Collection();
foreach (var cert in trustList.TrustedCertificates)
{
trustedCertificates.Add(new X509Certificate2(cert));
}
}
if ((masks & TrustListMasks.TrustedCrls) != 0)
{
trustedCrls = new List <X509CRL>();
foreach (var crl in trustList.TrustedCrls)
{
trustedCrls.Add(new X509CRL(crl));
}
}
// update store
// test integrity of all CRLs
TrustListMasks updateMasks = TrustListMasks.None;
if ((masks & TrustListMasks.IssuerCertificates) != 0)
{
if (UpdateStoreCertificates(config.TrustedIssuerCertificates.StorePath, issuerCertificates))
{
updateMasks |= TrustListMasks.IssuerCertificates;
}
}
if ((masks & TrustListMasks.IssuerCrls) != 0)
{
if (UpdateStoreCrls(config.TrustedIssuerCertificates.StorePath, issuerCrls))
{
updateMasks |= TrustListMasks.IssuerCrls;
}
}
if ((masks & TrustListMasks.TrustedCertificates) != 0)
{
if (UpdateStoreCertificates(config.TrustedPeerCertificates.StorePath, trustedCertificates))
{
updateMasks |= TrustListMasks.TrustedCertificates;
}
}
if ((masks & TrustListMasks.TrustedCrls) != 0)
{
if (UpdateStoreCrls(config.TrustedPeerCertificates.StorePath, trustedCrls))
{
updateMasks |= TrustListMasks.TrustedCrls;
}
}
return(masks == updateMasks);
}
private ServiceResult CloseAndUpdate(
ISystemContext context,
MethodState method,
NodeId objectId,
uint fileHandle,
ref bool restartRequired)
{
HasSecureWriteAccess(context);
ServiceResult result = StatusCodes.Good;
lock (m_lock)
{
if (m_sessionId != context.SessionId)
{
return(StatusCodes.BadUserAccessDenied);
}
if (m_fileHandle != fileHandle)
{
return(StatusCodes.BadInvalidArgument);
}
try
{
TrustListDataType trustList = DecodeTrustListData(context, m_strm);
TrustListMasks masks = (TrustListMasks)trustList.SpecifiedLists;
X509Certificate2Collection issuerCertificates = null;
List <X509CRL> issuerCrls = null;
X509Certificate2Collection trustedCertificates = null;
List <X509CRL> trustedCrls = null;
// test integrity of all CRLs
if ((masks & TrustListMasks.IssuerCertificates) != 0)
{
issuerCertificates = new X509Certificate2Collection();
foreach (var cert in trustList.IssuerCertificates)
{
issuerCertificates.Add(new X509Certificate2(cert));
}
}
if ((masks & TrustListMasks.IssuerCrls) != 0)
{
issuerCrls = new List <X509CRL>();
foreach (var crl in trustList.IssuerCrls)
{
issuerCrls.Add(new X509CRL(crl));
}
}
if ((masks & TrustListMasks.TrustedCertificates) != 0)
{
trustedCertificates = new X509Certificate2Collection();
foreach (var cert in trustList.TrustedCertificates)
{
trustedCertificates.Add(new X509Certificate2(cert));
}
}
if ((masks & TrustListMasks.TrustedCrls) != 0)
{
trustedCrls = new List <X509CRL>();
foreach (var crl in trustList.TrustedCrls)
{
trustedCrls.Add(new X509CRL(crl));
}
}
// update store
// test integrity of all CRLs
TrustListMasks updateMasks = TrustListMasks.None;
if ((masks & TrustListMasks.IssuerCertificates) != 0)
{
if (UpdateStoreCertificates(m_issuerStorePath, issuerCertificates))
{
updateMasks |= TrustListMasks.IssuerCertificates;
}
}
if ((masks & TrustListMasks.IssuerCrls) != 0)
{
if (UpdateStoreCrls(m_issuerStorePath, issuerCrls))
{
updateMasks |= TrustListMasks.IssuerCrls;
}
}
if ((masks & TrustListMasks.TrustedCertificates) != 0)
{
if (UpdateStoreCertificates(m_trustedStorePath, trustedCertificates))
{
updateMasks |= TrustListMasks.TrustedCertificates;
}
}
if ((masks & TrustListMasks.TrustedCrls) != 0)
{
if (UpdateStoreCrls(m_trustedStorePath, trustedCrls))
{
updateMasks |= TrustListMasks.TrustedCrls;
}
}
if (masks != updateMasks)
{
result = StatusCodes.BadCertificateInvalid;
}
}
catch
{
result = StatusCodes.BadCertificateInvalid;
}
finally
{
m_sessionId = null;
m_strm = null;
m_node.LastUpdateTime.Value = DateTime.UtcNow;
m_node.OpenCount.Value = 0;
}
}
restartRequired = false;
return(result);
}
/// <summary>
/// Reads the trust list.
/// </summary>
public TrustListDataType ReadTrustList(TrustListMasks masks = TrustListMasks.All)
{
if (!IsConnected)
{
Connect();
}
IUserIdentity oldUser = ElevatePermissions();
try
{
var outputArguments = m_session.Call(
ExpandedNodeId.ToNodeId(Opc.Ua.ObjectIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList, m_session.NamespaceUris),
ExpandedNodeId.ToNodeId(Opc.Ua.MethodIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList_OpenWithMasks, m_session.NamespaceUris),
(uint)masks);
uint fileHandle = (uint)outputArguments[0];
MemoryStream ostrm = new MemoryStream();
try
{
while (true)
{
int length = 256;
outputArguments = m_session.Call(
ExpandedNodeId.ToNodeId(Opc.Ua.ObjectIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList, m_session.NamespaceUris),
ExpandedNodeId.ToNodeId(Opc.Ua.MethodIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList_Read, m_session.NamespaceUris),
fileHandle,
length);
byte[] bytes = (byte[])outputArguments[0];
ostrm.Write(bytes, 0, bytes.Length);
if (length != bytes.Length)
{
break;
}
}
m_session.Call(
ExpandedNodeId.ToNodeId(Opc.Ua.ObjectIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList, m_session.NamespaceUris),
ExpandedNodeId.ToNodeId(Opc.Ua.MethodIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList_Close, m_session.NamespaceUris),
fileHandle);
}
catch (Exception)
{
if (IsConnected)
{
m_session.Call(
ExpandedNodeId.ToNodeId(Opc.Ua.ObjectIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList, m_session.NamespaceUris),
ExpandedNodeId.ToNodeId(Opc.Ua.MethodIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList_Close, m_session.NamespaceUris),
fileHandle);
}
throw;
}
ostrm.Position = 0;
BinaryDecoder decoder = new BinaryDecoder(ostrm, m_session.MessageContext);
TrustListDataType trustList = new TrustListDataType();
trustList.Decode(decoder);
decoder.Close();
ostrm.Close();
return(trustList);
}
finally
{
RevertPermissions(oldUser);
}
}
