/// <summary>
/// Creates a certificate signing request from an existing certificate.
/// </summary>
public static byte[] CreateSigningRequest(
X509Certificate2 certificate,
IList <String> domainNames = null
)
{
if (!certificate.HasPrivateKey)
{
throw new NotSupportedException("Need a certificate with a private key.");
}
RSA rsaPublicKey = certificate.GetRSAPublicKey();
var request = new CertificateRequest(certificate.SubjectName, rsaPublicKey,
Oids.GetHashAlgorithmName(certificate.SignatureAlgorithm.Value), RSASignaturePadding.Pkcs1);
var alternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(certificate);
domainNames = domainNames ?? new List <String>();
if (alternateName != null)
{
foreach (var name in alternateName.DomainNames)
{
if (!domainNames.Any(s => s.Equals(name, StringComparison.OrdinalIgnoreCase)))
{
domainNames.Add(name);
}
}
foreach (var ipAddress in alternateName.IPAddresses)
{
if (!domainNames.Any(s => s.Equals(ipAddress, StringComparison.OrdinalIgnoreCase)))
{
domainNames.Add(ipAddress);
}
}
}
string applicationUri = X509Utils.GetApplicationUriFromCertificate(certificate);
// Subject Alternative Name
var subjectAltName = new X509SubjectAltNameExtension(applicationUri, domainNames);
request.CertificateExtensions.Add(new X509Extension(subjectAltName, false));
using (RSA rsa = certificate.GetRSAPrivateKey())
{
var x509SignatureGenerator = X509SignatureGenerator.CreateForRSA(rsa, RSASignaturePadding.Pkcs1);
return(request.CreateSigningRequest(x509SignatureGenerator));
}
}
/// <summary>
/// Called before the server starts.
/// </summary>
/// <param name="configuration">The object that stores the configurable configuration information for a UA application.</param>
protected virtual void OnServerStarting(ApplicationConfiguration configuration)
{
// fetch properties and configuration.
Configuration = configuration;
ServerProperties = LoadServerProperties();
// ensure at least one security policy exists.
if (configuration.ServerConfiguration != null)
{
if (configuration.ServerConfiguration.SecurityPolicies.Count == 0)
{
configuration.ServerConfiguration.SecurityPolicies.Add(new ServerSecurityPolicy());
}
// ensure at least one user token policy exists.
if (configuration.ServerConfiguration.UserTokenPolicies.Count == 0)
{
UserTokenPolicy userTokenPolicy = new UserTokenPolicy();
userTokenPolicy.TokenType = UserTokenType.Anonymous;
userTokenPolicy.PolicyId = userTokenPolicy.TokenType.ToString();
configuration.ServerConfiguration.UserTokenPolicies.Add(userTokenPolicy);
}
}
// load the instance certificate.
if (configuration.SecurityConfiguration.ApplicationCertificate != null)
{
InstanceCertificate = configuration.SecurityConfiguration.ApplicationCertificate.Find(true).Result;
}
if (InstanceCertificate == null)
{
throw new ServiceResultException(
StatusCodes.BadConfigurationError,
"Server does not have an instance certificate assigned.");
}
if (!InstanceCertificate.HasPrivateKey)
{
throw new ServiceResultException(
StatusCodes.BadConfigurationError,
"Server does not have access to the private key for the instance certificate.");
}
// load certificate chain.
InstanceCertificateChain = new X509Certificate2Collection(InstanceCertificate);
List <CertificateIdentifier> issuers = new List <CertificateIdentifier>();
configuration.CertificateValidator.GetIssuers(InstanceCertificateChain, issuers).Wait();
for (int i = 0; i < issuers.Count; i++)
{
InstanceCertificateChain.Add(issuers[i].Certificate);
}
// use the message context from the configuration to ensure the channels are using the same one.
MessageContext = configuration.CreateMessageContext();
// assign a unique identifier if none specified.
if (String.IsNullOrEmpty(configuration.ApplicationUri))
{
configuration.ApplicationUri = X509Utils.GetApplicationUriFromCertificate(InstanceCertificate);
if (String.IsNullOrEmpty(configuration.ApplicationUri))
{
configuration.ApplicationUri = Utils.Format(
"http://{0}/{1}/{2}",
Utils.GetHostName(),
configuration.ApplicationName,
Guid.NewGuid());
}
}
// initialize namespace table.
MessageContext.NamespaceUris = new NamespaceTable();
MessageContext.NamespaceUris.Append(configuration.ApplicationUri);
// assign an instance name.
if (String.IsNullOrEmpty(configuration.ApplicationName) && InstanceCertificate != null)
{
configuration.ApplicationName = InstanceCertificate.GetNameInfo(X509NameType.DnsName, false);
}
// save the certificate validator.
CertificateValidator = configuration.CertificateValidator;
}
