private ServiceResult Open( ISystemContext context, MethodState method, NodeId objectId, OpenFileMode mode, TrustListMasks masks, ref uint fileHandle) { HasSecureReadAccess(context); if (mode == OpenFileMode.Read) { HasSecureReadAccess(context); } else if (mode == (OpenFileMode.Write | OpenFileMode.EraseExisting)) { HasSecureWriteAccess(context); } else { return(StatusCodes.BadNotWritable); } lock (m_lock) { if (m_sessionId != null) { // to avoid deadlocks, last open always wins m_sessionId = null; m_strm = null; m_node.OpenCount.Value = 0; } m_readMode = mode == OpenFileMode.Read; m_sessionId = context.SessionId; fileHandle = ++m_fileHandle; TrustListDataType trustList = new TrustListDataType() { SpecifiedLists = (uint)masks }; using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(m_trustedStorePath)) { if ((masks & TrustListMasks.TrustedCertificates) != 0) { X509Certificate2Collection certificates = store.Enumerate().Result; foreach (var certificate in certificates) { trustList.TrustedCertificates.Add(certificate.RawData); } } if ((masks & TrustListMasks.TrustedCrls) != 0) { foreach (var crl in store.EnumerateCRLs()) { trustList.TrustedCrls.Add(crl.RawData); } } } using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(m_issuerStorePath)) { if ((masks & TrustListMasks.IssuerCertificates) != 0) { X509Certificate2Collection certificates = store.Enumerate().Result; foreach (var certificate in certificates) { trustList.IssuerCertificates.Add(certificate.RawData); } } if ((masks & TrustListMasks.IssuerCrls) != 0) { foreach (var crl in store.EnumerateCRLs()) { trustList.IssuerCrls.Add(crl.RawData); } } } if (m_readMode) { m_strm = EncodeTrustListData(context, trustList); } else { m_strm = new MemoryStream(DefaultTrustListCapacity); } m_node.OpenCount.Value = 1; } return(ServiceResult.Good); }
private bool AddTrustListToStore(SecurityConfiguration config, TrustListDataType trustList) { TrustListMasks masks = (TrustListMasks)trustList.SpecifiedLists; X509Certificate2Collection issuerCertificates = null; List <X509CRL> issuerCrls = null; X509Certificate2Collection trustedCertificates = null; List <X509CRL> trustedCrls = null; // test integrity of all CRLs if ((masks & TrustListMasks.IssuerCertificates) != 0) { issuerCertificates = new X509Certificate2Collection(); foreach (var cert in trustList.IssuerCertificates) { issuerCertificates.Add(new X509Certificate2(cert)); } } if ((masks & TrustListMasks.IssuerCrls) != 0) { issuerCrls = new List <X509CRL>(); foreach (var crl in trustList.IssuerCrls) { issuerCrls.Add(new X509CRL(crl)); } } if ((masks & TrustListMasks.TrustedCertificates) != 0) { trustedCertificates = new X509Certificate2Collection(); foreach (var cert in trustList.TrustedCertificates) { trustedCertificates.Add(new X509Certificate2(cert)); } } if ((masks & TrustListMasks.TrustedCrls) != 0) { trustedCrls = new List <X509CRL>(); foreach (var crl in trustList.TrustedCrls) { trustedCrls.Add(new X509CRL(crl)); } } // update store // test integrity of all CRLs TrustListMasks updateMasks = TrustListMasks.None; if ((masks & TrustListMasks.IssuerCertificates) != 0) { if (UpdateStoreCertificates(config.TrustedIssuerCertificates.StorePath, issuerCertificates)) { updateMasks |= TrustListMasks.IssuerCertificates; } } if ((masks & TrustListMasks.IssuerCrls) != 0) { if (UpdateStoreCrls(config.TrustedIssuerCertificates.StorePath, issuerCrls)) { updateMasks |= TrustListMasks.IssuerCrls; } } if ((masks & TrustListMasks.TrustedCertificates) != 0) { if (UpdateStoreCertificates(config.TrustedPeerCertificates.StorePath, trustedCertificates)) { updateMasks |= TrustListMasks.TrustedCertificates; } } if ((masks & TrustListMasks.TrustedCrls) != 0) { if (UpdateStoreCrls(config.TrustedPeerCertificates.StorePath, trustedCrls)) { updateMasks |= TrustListMasks.TrustedCrls; } } return(masks == updateMasks); }
private ServiceResult CloseAndUpdate( ISystemContext context, MethodState method, NodeId objectId, uint fileHandle, ref bool restartRequired) { HasSecureWriteAccess(context); ServiceResult result = StatusCodes.Good; lock (m_lock) { if (m_sessionId != context.SessionId) { return(StatusCodes.BadUserAccessDenied); } if (m_fileHandle != fileHandle) { return(StatusCodes.BadInvalidArgument); } try { TrustListDataType trustList = DecodeTrustListData(context, m_strm); TrustListMasks masks = (TrustListMasks)trustList.SpecifiedLists; X509Certificate2Collection issuerCertificates = null; List <X509CRL> issuerCrls = null; X509Certificate2Collection trustedCertificates = null; List <X509CRL> trustedCrls = null; // test integrity of all CRLs if ((masks & TrustListMasks.IssuerCertificates) != 0) { issuerCertificates = new X509Certificate2Collection(); foreach (var cert in trustList.IssuerCertificates) { issuerCertificates.Add(new X509Certificate2(cert)); } } if ((masks & TrustListMasks.IssuerCrls) != 0) { issuerCrls = new List <X509CRL>(); foreach (var crl in trustList.IssuerCrls) { issuerCrls.Add(new X509CRL(crl)); } } if ((masks & TrustListMasks.TrustedCertificates) != 0) { trustedCertificates = new X509Certificate2Collection(); foreach (var cert in trustList.TrustedCertificates) { trustedCertificates.Add(new X509Certificate2(cert)); } } if ((masks & TrustListMasks.TrustedCrls) != 0) { trustedCrls = new List <X509CRL>(); foreach (var crl in trustList.TrustedCrls) { trustedCrls.Add(new X509CRL(crl)); } } // update store // test integrity of all CRLs TrustListMasks updateMasks = TrustListMasks.None; if ((masks & TrustListMasks.IssuerCertificates) != 0) { if (UpdateStoreCertificates(m_issuerStorePath, issuerCertificates)) { updateMasks |= TrustListMasks.IssuerCertificates; } } if ((masks & TrustListMasks.IssuerCrls) != 0) { if (UpdateStoreCrls(m_issuerStorePath, issuerCrls)) { updateMasks |= TrustListMasks.IssuerCrls; } } if ((masks & TrustListMasks.TrustedCertificates) != 0) { if (UpdateStoreCertificates(m_trustedStorePath, trustedCertificates)) { updateMasks |= TrustListMasks.TrustedCertificates; } } if ((masks & TrustListMasks.TrustedCrls) != 0) { if (UpdateStoreCrls(m_trustedStorePath, trustedCrls)) { updateMasks |= TrustListMasks.TrustedCrls; } } if (masks != updateMasks) { result = StatusCodes.BadCertificateInvalid; } } catch { result = StatusCodes.BadCertificateInvalid; } finally { m_sessionId = null; m_strm = null; m_node.LastUpdateTime.Value = DateTime.UtcNow; m_node.OpenCount.Value = 0; } } restartRequired = false; return(result); }
/// <summary> /// Reads the trust list. /// </summary> public TrustListDataType ReadTrustList(TrustListMasks masks = TrustListMasks.All) { if (!IsConnected) { Connect(); } IUserIdentity oldUser = ElevatePermissions(); try { var outputArguments = m_session.Call( ExpandedNodeId.ToNodeId(Opc.Ua.ObjectIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList, m_session.NamespaceUris), ExpandedNodeId.ToNodeId(Opc.Ua.MethodIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList_OpenWithMasks, m_session.NamespaceUris), (uint)masks); uint fileHandle = (uint)outputArguments[0]; MemoryStream ostrm = new MemoryStream(); try { while (true) { int length = 256; outputArguments = m_session.Call( ExpandedNodeId.ToNodeId(Opc.Ua.ObjectIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList, m_session.NamespaceUris), ExpandedNodeId.ToNodeId(Opc.Ua.MethodIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList_Read, m_session.NamespaceUris), fileHandle, length); byte[] bytes = (byte[])outputArguments[0]; ostrm.Write(bytes, 0, bytes.Length); if (length != bytes.Length) { break; } } m_session.Call( ExpandedNodeId.ToNodeId(Opc.Ua.ObjectIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList, m_session.NamespaceUris), ExpandedNodeId.ToNodeId(Opc.Ua.MethodIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList_Close, m_session.NamespaceUris), fileHandle); } catch (Exception) { if (IsConnected) { m_session.Call( ExpandedNodeId.ToNodeId(Opc.Ua.ObjectIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList, m_session.NamespaceUris), ExpandedNodeId.ToNodeId(Opc.Ua.MethodIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList_Close, m_session.NamespaceUris), fileHandle); } throw; } ostrm.Position = 0; BinaryDecoder decoder = new BinaryDecoder(ostrm, m_session.MessageContext); TrustListDataType trustList = new TrustListDataType(); trustList.Decode(decoder); decoder.Close(); ostrm.Close(); return(trustList); } finally { RevertPermissions(oldUser); } }