/// <summary>
/// Creates the session.
/// </summary>
public void Create(
EndpointDescription endpoint,
ApplicationDescription client,
byte[] clientCertificate,
string sessionName,
double sessionTimeout,
out NodeId sessionId,
out NodeId authenticationToken,
out byte[] serverNonce,
out double revisedSessionTimeout)
{
lock (m_lock)
{
// save the secure channel id.
m_secureChannelId = null;
if (OperationContext.Current != null)
{
m_secureChannelId = OperationContext.Current.Channel.SessionId;
}
m_endpoint = endpoint;
m_client = client;
m_sessionName = sessionName;
if (clientCertificate != null)
{
m_clientCertificate = new X509Certificate2(clientCertificate);
}
// Create a public and a private identifier for the session. The public identifier is visible in the
// address space and audit logs. The private identifier is only used by the client to identify itself
// when it sends a request. Clients and servers that do not keep the authentication token will be vulnerable
// to session hijacking when using transports such as SSL to implement the secure channel. It is not an
// issue for applications that use WS-Secure Conversation.
// create a guid for a session id. use it for an authentication token as well.
m_sessionId = new NodeId(System.Guid.NewGuid(), 1);
m_authenticationToken = authenticationToken = sessionId = m_sessionId;
// set a reasonable session timeout.
m_sessionTimeout = sessionTimeout;
if (m_sessionTimeout < 30000)
{
m_sessionTimeout = 30000;
}
revisedSessionTimeout = m_sessionTimeout;
// create a server nonce.
m_serverNonce = serverNonce = new byte[32];
RNGCryptoServiceProvider random = new RNGCryptoServiceProvider();
random.GetBytes(m_serverNonce);
}
}
/// <summary>
/// Loads the endpoint information from the registry.
/// </summary>
public static ConfiguredEndpoint Load(Guid clsid)
{
// load the configuration.
ConfiguredEndpoint endpoint = LoadConfiguredEndpoint(clsid);
// create a dummy configuration.
if (endpoint == null)
{
ApplicationDescription server = new ApplicationDescription();
server.ApplicationName = "(Missing Configuration File)";
server.ApplicationType = ApplicationType.Server;
server.ApplicationUri = clsid.ToString();
endpoint = new ConfiguredEndpoint(server, null);
}
// update the COM identity based on what is actually in the registry.
endpoint.ComIdentity = new EndpointComIdentity();
endpoint.ComIdentity.Clsid = clsid;
endpoint.ComIdentity.ProgId = ConfigUtils.ProgIDFromCLSID(clsid);
List<Guid> categories = ConfigUtils.GetImplementedCategories(clsid);
for (int ii = 0; ii < categories.Count; ii++)
{
if (categories[ii] == ConfigUtils.CATID_OPCDAServer20)
{
endpoint.ComIdentity.Specification = ComSpecification.DA;
break;
}
if (categories[ii] == ConfigUtils.CATID_OPCDAServer30)
{
endpoint.ComIdentity.Specification = ComSpecification.DA;
break;
}
if (categories[ii] == ConfigUtils.CATID_OPCAEServer10)
{
endpoint.ComIdentity.Specification = ComSpecification.AE;
break;
}
if (categories[ii] == ConfigUtils.CATID_OPCHDAServer10)
{
endpoint.ComIdentity.Specification = ComSpecification.HDA;
break;
}
}
return endpoint;
}
public async Task<IActionResult> Post([FromRoute] string tenantName, [FromBody] TenantApplicationParams parameters)
{
// First create the application instance.
// This won't actually create the services yet.
ApplicationDescription application = new ApplicationDescription(
new Uri($"{Names.TenantApplicationNamePrefix}/{tenantName}"),
Names.TenantApplicationTypeName,
parameters.Version);
await this.fabricClient.ApplicationManager.CreateApplicationAsync(application, this.operationTimeout, this.serviceCancellationToken);
// Now create the data service in the new application instance.
ServiceUriBuilder dataServiceNameUriBuilder = new ServiceUriBuilder(application.ApplicationName.ToString(), Names.TenantDataServiceName);
StatefulServiceDescription dataServiceDescription = new StatefulServiceDescription()
{
ApplicationName = application.ApplicationName,
HasPersistedState = true,
MinReplicaSetSize = 3,
TargetReplicaSetSize = 3,
PartitionSchemeDescription = new UniformInt64RangePartitionSchemeDescription(parameters.DataPartitionCount, Int64.MinValue, Int64.MaxValue),
ServiceName = dataServiceNameUriBuilder.Build(),
ServiceTypeName = Names.TenantDataServiceTypeName
};
await this.fabricClient.ServiceManager.CreateServiceAsync(dataServiceDescription, this.operationTimeout, this.serviceCancellationToken);
// And finally, create the web service in the new application instance.
ServiceUriBuilder webServiceNameUriBuilder = new ServiceUriBuilder(application.ApplicationName.ToString(), Names.TenantWebServiceName);
StatelessServiceDescription webServiceDescription = new StatelessServiceDescription()
{
ApplicationName = application.ApplicationName,
InstanceCount = parameters.WebInstanceCount,
PartitionSchemeDescription = new SingletonPartitionSchemeDescription(),
ServiceName = webServiceNameUriBuilder.Build(),
ServiceTypeName = Names.TenantWebServiceTypeName
};
await this.fabricClient.ServiceManager.CreateServiceAsync(webServiceDescription, this.operationTimeout, this.serviceCancellationToken);
return this.Ok();
}
/// <summary>
/// Displays the dialog.
/// </summary>
public ApplicationDescription ShowDialog(string hostname, ApplicationConfiguration configuration)
{
m_configuration = configuration;
if (String.IsNullOrEmpty(hostname))
{
hostname = Utils.GetHostName();
}
m_hostname = hostname;
m_server = null;
List <string> hostnames = new List <string>();
HostNameCTRL.Initialize(hostname, hostnames);
ServersCTRL.Initialize(hostname, configuration);
OkBTN.IsEnabled = false;
return(m_server);
}
/// <summary>
/// Displays the dialog.
/// </summary>
public ApplicationDescription ShowDialog(string hostname, ApplicationConfiguration configuration)
{
m_configuration = configuration;
if (String.IsNullOrEmpty(hostname))
{
hostname = Utils.GetHostName();
}
m_hostname = hostname;
m_server = null;
List<string> hostnames = new List<string>();
HostNameCTRL.Initialize(hostname, hostnames);
ServersCTRL.Initialize(hostname, configuration);
OkBTN.IsEnabled = false;
return m_server;
}
private string SelectDiscoveryUrl(ApplicationDescription server)
{
if (server == null || server.DiscoveryUrls == null)
{
return(null);
}
string url = null;
// always use opc.tcp by default.
foreach (string discoveryUrl in server.DiscoveryUrls)
{
if (discoveryUrl.StartsWith("opc.tcp://"))
{
url = discoveryUrl;
break;
}
}
// try HTTPS if no opc.tcp.
if (url == null)
{
foreach (string discoveryUrl in server.DiscoveryUrls)
{
if (discoveryUrl.StartsWith("https://"))
{
url = discoveryUrl;
break;
}
}
}
// use the first URL if nothing else.
if (url == null)
{
url = server.DiscoveryUrls[0];
}
return(url);
}
/// <summary>
/// Attempts fetch the list of servers from the discovery server.
/// </summary>
private void OnDiscoverEndpoints(object state)
{
int discoverCount = m_discoverCount;
// do nothing if a valid list is not provided.
ApplicationDescription server = state as ApplicationDescription;
if (server == null)
{
return;
}
OnUpdateStatus("Attempting to read latest configuration options from server.");
// process each url.
foreach (string discoveryUrl in server.DiscoveryUrls)
{
Uri url = Utils.ParseUri(discoveryUrl);
if (url != null)
{
if (DiscoverEndpoints(url))
{
m_discoverySucceeded = true;
m_discoveryUrl = url;
OnUpdateStatus("Configuration options are up to date.");
return;
}
// check if another discover operation has started.
if (discoverCount != m_discoverCount)
{
return;
}
}
}
OnUpdateEndpoints(null);
OnUpdateStatus("Configuration options may not be correct because the server is not available.");
}
private void ServersLV_SelectedIndexChanged(object sender, EventArgs e)
{
try {
if (ServerCTRL.Session == null)
{
return;
}
foreach (ListViewItem item in ServersLV.SelectedItems)
{
m_application = item.Tag as ApplicationDescription;
OkBTN.Enabled = m_application.ApplicationType == ApplicationType.Server ||
m_application.ApplicationType == ApplicationType.ClientAndServer;
return;
}
m_application = null;
OkBTN.Enabled = false;
} catch (Exception exception) {
ClientUtils.HandleException(this.Text, exception);
}
}
public async Task LoadCertificate()
{
using (var dir = TempDirectory.Create())
{
var store = new DirectoryStore(dir.Name, createLocalCertificateIfNotExist: true);
var app = new ApplicationDescription
{
ApplicationUri = "urn:hostname:appname",
};
var(cert1, key1) = await store.GetLocalCertificateAsync(app);
var(cert2, key2) = await store.GetLocalCertificateAsync(app);
cert1
.Should().Be(cert2);
key1
.Should().Be(key2);
}
}
public async Task Connect()
{
// describe this client application.
var clientDescription = new ApplicationDescription
{
ApplicationName = "Workstation.UaClient.FeatureTests",
ApplicationUri = $"urn:{System.Net.Dns.GetHostName()}:Workstation.UaClient.FeatureTests",
ApplicationType = ApplicationType.Client
};
// create a 'UaTcpSessionChannel', a client-side channel that opens a 'session' with the server.
var channel = new UaTcpSessionChannel(
clientDescription,
null, // no x509 client certificate
new AnonymousIdentity(), // the anonymous identity
"opc.tcp://localhost:48010", // the endpoint of Unified Automation's UaCPPServer.
SecurityPolicyUris.None);
try
{
// try opening a session and reading a few nodes.
await channel.OpenAsync();
// success! client session opened with these settings.
Console.WriteLine($"Opened session with endpoint '{channel.RemoteEndpoint.EndpointUrl}'.");
Console.WriteLine($"SecurityPolicy: '{channel.RemoteEndpoint.SecurityPolicyUri}'.");
Console.WriteLine($"SecurityMode: '{channel.RemoteEndpoint.SecurityMode}'.");
Console.WriteLine($"UserIdentityToken: '{channel.UserIdentity}'.");
Console.WriteLine($"Closing session '{channel.SessionId}'.");
await channel.CloseAsync();
}
catch (Exception ex)
{
await channel.AbortAsync();
Console.WriteLine(ex.Message);
}
}
public async Task CreateCertificate()
{
using (var dir = TempDirectory.Create())
{
var store = new DirectoryStore(dir.Name, createLocalCertificateIfNotExist: true);
var app = new ApplicationDescription
{
ApplicationUri = "http://hostname/appname",
};
var(cert, key) = await store.GetLocalCertificateAsync(app);
cert
.Should().NotBeNull();
key
.Should().NotBeNull();
cert.SubjectDN.ToString()
.Should().Be("CN=appname,DC=hostname");
}
}
public async Task ExecuteAsync(RestartApplication command, CancellationToken cancellationToken)
{
var types = await _fabricClient.QueryManager.GetApplicationTypeListAsync(command.ApplicationType);
if (types?.Any() ?? false)
{
var applications = await _fabricClient.QueryManager.GetApplicationListAsync(command.ApplicationUri);
if (applications?.Any() ?? false)
{
DeleteApplicationDescription delete = new DeleteApplicationDescription(command.ApplicationUri);
await _fabricClient.ApplicationManager.DeleteApplicationAsync(delete);
}
ApplicationDescription applicationDescription = new ApplicationDescription(command.ApplicationUri, command.ApplicationType, command.ApplicationVersion);
await _fabricClient.ApplicationManager.CreateApplicationAsync(applicationDescription);
}
else
{
throw new ArgumentException($"Application type '{command.ApplicationType}' not deployed to the cluster.");
}
}
/// <summary>
/// Initializes a new instance of the <see cref="UaTcpSessionChannel"/> class.
/// </summary>
/// <param name="localDescription">The <see cref="ApplicationDescription"/> of the local application.</param>
/// <param name="certificateStore">The local certificate store.</param>
/// <param name="userIdentityProvider">An asynchronous function that provides the user identity. Provide an <see cref="AnonymousIdentity"/>, <see cref="UserNameIdentity"/>, <see cref="IssuedIdentity"/> or <see cref="X509Identity"/>.</param>
/// <param name="endpointUrl">The url of the endpoint of the remote application</param>
/// <param name="securityPolicyUri">Optionally, filter by SecurityPolicyUri.</param>
/// <param name="loggerFactory">The logger factory.</param>
/// <param name="options">The session channel options.</param>
public UaTcpSessionChannel(
ApplicationDescription localDescription,
ICertificateStore certificateStore,
Func <EndpointDescription, Task <IUserIdentity> > userIdentityProvider,
string endpointUrl,
string securityPolicyUri = null,
ILoggerFactory loggerFactory = null,
UaTcpSessionChannelOptions options = null)
: base(localDescription, certificateStore, new EndpointDescription {
EndpointUrl = endpointUrl, SecurityPolicyUri = securityPolicyUri
}, loggerFactory, options)
{
this.UserIdentityProvider = userIdentityProvider;
this.options = options ?? new UaTcpSessionChannelOptions();
this.loggerFactory = loggerFactory;
this.logger = loggerFactory?.CreateLogger <UaTcpSessionChannel>();
this.actionBlock = new ActionBlock <PublishResponse>(pr => this.OnPublishResponse(pr));
this.stateMachineCts = new CancellationTokenSource();
this.publishResponses = new BroadcastBlock <PublishResponse>(null, new DataflowBlockOptions {
CancellationToken = this.stateMachineCts.Token
});
}
/// <summary>
/// Initializes a new instance of the <see cref="UaTcpSessionChannel"/> class.
/// </summary>
/// <param name="localDescription">The <see cref="ApplicationDescription"/> of the local application.</param>
/// <param name="certificateStore">The local certificate store.</param>
/// <param name="userIdentity">The user identity. Provide an <see cref="AnonymousIdentity"/>, <see cref="UserNameIdentity"/>, <see cref="IssuedIdentity"/> or <see cref="X509Identity"/>.</param>
/// <param name="endpointUrl">The url of the endpoint of the remote application</param>
/// <param name="securityPolicyUri">Optionally, filter by SecurityPolicyUri.</param>
/// <param name="loggerFactory">The logger factory.</param>
/// <param name="options">The session channel options.</param>
public UaTcpSessionChannel(
ApplicationDescription localDescription,
ICertificateStore?certificateStore,
IUserIdentity?userIdentity,
string endpointUrl,
string?securityPolicyUri = null,
ILoggerFactory?loggerFactory = null,
UaTcpSessionChannelOptions?options = null)
: base(localDescription, certificateStore, new EndpointDescription {
EndpointUrl = endpointUrl, SecurityPolicyUri = securityPolicyUri
}, loggerFactory, options)
{
UserIdentity = userIdentity;
_options = options ?? new UaTcpSessionChannelOptions();
_loggerFactory = loggerFactory;
_logger = loggerFactory?.CreateLogger <UaTcpSessionChannel>();
_actionBlock = new ActionBlock <PublishResponse>(pr => OnPublishResponse(pr));
_stateMachineCts = new CancellationTokenSource();
_publishResponses = new BroadcastBlock <PublishResponse>(null, new DataflowBlockOptions {
CancellationToken = _stateMachineCts.Token
});
}
/// <inheritdoc />
public Task CreateApplicationAsync(
ApplicationDescription applicationDescription,
long?serverTimeout = 60,
CancellationToken cancellationToken = default(CancellationToken))
{
applicationDescription.ThrowIfNull(nameof(applicationDescription));
serverTimeout?.ThrowIfOutOfInclusiveRange("serverTimeout", 1, 4294967295);
var requestId = Guid.NewGuid().ToString();
var url = "Applications/$/Create";
var queryParams = new List <string>();
// Append to queryParams if not null.
serverTimeout?.AddToQueryParameters(queryParams, $"timeout={serverTimeout}");
queryParams.Add("api-version=6.0");
url += "?" + string.Join("&", queryParams);
string content;
using (var sw = new StringWriter())
{
ApplicationDescriptionConverter.Serialize(new JsonTextWriter(sw), applicationDescription);
content = sw.ToString();
}
HttpRequestMessage RequestFunc()
{
var request = new HttpRequestMessage()
{
Method = HttpMethod.Post,
Content = new StringContent(content, Encoding.UTF8)
};
request.Content.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json; charset=utf-8");
return(request);
}
return(this.httpClient.SendAsync(RequestFunc, url, requestId, cancellationToken));
}
/// <summary>
/// Returns the endpoints that match the base addresss and endpoint url.
/// </summary>
protected EndpointDescriptionCollection GetEndpointDescriptions(
string endpointUrl,
IList <BaseAddress> baseAddresses,
StringCollection localeIds)
{
EndpointDescriptionCollection endpoints = null;
// parse the url provided by the client.
Uri parsedEndpointUrl = Utils.ParseUri(endpointUrl);
if (parsedEndpointUrl != null)
{
baseAddresses = FilterByEndpointUrl(parsedEndpointUrl, baseAddresses);
}
// check if nothing to do.
if (baseAddresses.Count != 0)
{
// localize the application name if requested.
LocalizedText applicationName = this.ServerDescription.ApplicationName;
// translate the application description.
ApplicationDescription application = TranslateApplicationDescription(
parsedEndpointUrl,
ServerDescription,
baseAddresses,
applicationName);
// translate the endpoint descriptions.
endpoints = TranslateEndpointDescriptions(
parsedEndpointUrl,
baseAddresses,
Endpoints,
application);
}
return(endpoints);
}
/// <summary>
/// Initializes a new instance of the <see cref="ClientSessionChannel"/> class.
/// </summary>
/// <param name="localDescription">The <see cref="ApplicationDescription"/> of the local application.</param>
/// <param name="certificateStore">The local certificate store.</param>
/// <param name="userIdentityProvider">An asynchronous function that provides the user identity. Provide an <see cref="AnonymousIdentity"/>, <see cref="UserNameIdentity"/>, <see cref="IssuedIdentity"/> or <see cref="X509Identity"/>.</param>
/// <param name="endpointUrl">The url of the endpoint of the remote application</param>
/// <param name="securityPolicyUri">Optionally, filter by SecurityPolicyUri.</param>
/// <param name="loggerFactory">The logger factory.</param>
/// <param name="options">The session channel options.</param>
public ClientSessionChannel(
ApplicationDescription localDescription,
ICertificateStore certificateStore,
Func <EndpointDescription, Task <IUserIdentity> > userIdentityProvider,
string endpointUrl,
string?securityPolicyUri = null,
ILoggerFactory?loggerFactory = null,
ClientSessionChannelOptions?options = null,
StackProfile?stackProfile = null)
: base(localDescription, certificateStore, new EndpointDescription {
EndpointUrl = endpointUrl, SecurityPolicyUri = securityPolicyUri
}, loggerFactory, options, stackProfile)
{
UserIdentityProvider = userIdentityProvider;
_options = options ?? new ClientSessionChannelOptions();
_loggerFactory = loggerFactory;
_logger = loggerFactory?.CreateLogger <ClientSessionChannel>();
_actionBlock = new ActionBlock <PublishResponse>(pr => OnPublishResponse(pr));
_stateMachineCts = new CancellationTokenSource();
_publishResponses = new BroadcastBlock <PublishResponse>(null, new DataflowBlockOptions {
CancellationToken = _stateMachineCts.Token
});
}
static async Task DeployAsync(string applicationPackagePath, ApplicationDescription applicationDescription)
{
var clusterManifest = new XmlDocument();
var clusterManifestXml = await client.ClusterManager.GetClusterManifestAsync();
clusterManifest.LoadXml(clusterManifestXml);
var namespaceManager = new XmlNamespaceManager(clusterManifest.NameTable);
namespaceManager.AddNamespace("sf", "http://schemas.microsoft.com/2011/01/fabric");
var imageStoreConnectionStringPath = "/sf:ClusterManifest/sf:FabricSettings/sf:Section[@Name='Management']/sf:Parameter[@Name='ImageStoreConnectionString']";
var imageStoreConnectionStringNode = clusterManifest.DocumentElement.SelectSingleNode(imageStoreConnectionStringPath, namespaceManager);
var imageStoreConnectionString = imageStoreConnectionStringNode.Attributes["Value"].Value;
var path = Guid.NewGuid().ToString();
client.ApplicationManager.CopyApplicationPackage(imageStoreConnectionString, applicationPackagePath, path);
await client.ApplicationManager.ProvisionApplicationAsync(path);
client.ApplicationManager.RemoveApplicationPackage(imageStoreConnectionString, path);
await client.ApplicationManager.CreateApplicationAsync(applicationDescription);
}
public override async Task <Group[]> Initialize(Adapter config, AdapterCallback callback, DataItemInfo[] itemInfos)
{
this.config = config;
this.callback = callback;
string appName = "Mediator.IO.OPC_UA";
appDescription = new ApplicationDescription {
ApplicationName = appName,
ApplicationUri = $"urn:{Dns.GetHostName()}:{appName}",
ApplicationType = ApplicationType.Client
};
this.mapId2Info = config.GetAllDataItems().Where(di => !string.IsNullOrEmpty(di.Address)).ToDictionary(
item => /* key */ item.ID,
item => /* val */ new ItemInfo(item.ID, item.Name, item.Type, item.Dimension, item.Address));
PrintLine(config.Address);
await TryConnect();
return(new Group[0]);
}
private void DiscoverServersOnNetworkMI_Click(object sender, EventArgs e)
{
try {
ServerOnNetwork serverOnNetwork =
new DiscoveredServerOnNetworkListDlg().ShowDialog(null, m_configuration);
if (serverOnNetwork != null)
{
ApplicationDescription server = new ApplicationDescription();
server.ApplicationName = serverOnNetwork.ServerName;
server.DiscoveryUrls.Add(serverOnNetwork.DiscoveryUrl);
ConfiguredEndpoint endpoint =
new ConfiguredEndpoint(server, EndpointConfiguration.Create(m_configuration));
this.EndpointSelectorCTRL.SelectedEndpoint = endpoint;
return;
}
} catch (Exception exception) {
GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception);
}
}
public async Task GivenTheServiceFabricApplicationInstanceExists(string applicationName, string applicationTypeName)
{
var types = await _fabricClient.QueryManager.GetApplicationTypeListAsync(applicationTypeName);
if (types?.Any() ?? false)
{
var applicationUri = new Uri(applicationName);
var applications = await _fabricClient.QueryManager.GetApplicationListAsync(applicationUri);
if (applications?.Any() ?? false)
{
DeleteApplicationDescription delete = new DeleteApplicationDescription(applicationUri);
await _fabricClient.ApplicationManager.DeleteApplicationAsync(delete);
}
ApplicationDescription applicationDescription = new ApplicationDescription(applicationUri, applicationTypeName, _applicationTypeVersion);
await _fabricClient.ApplicationManager.CreateApplicationAsync(applicationDescription);
}
else
{
throw new ArgumentException($"Application type '{applicationTypeName}' not deployed to the cluster.");
}
}
/// <summary>
/// Updates an item in the control.
/// </summary>
public void UpdateItem(ListViewItem listItem, object item)
{
ApplicationDescription server = listItem.Tag as ApplicationDescription;
if (server == null)
{
listItem.Tag = server;
return;
}
string hostname = "";
// extract host from application uri.
Uri uri = Utils.ParseUri(server.ApplicationUri);
if (uri != null)
{
hostname = uri.DnsSafeHost;
}
// get the host name from the discovery urls.
if (String.IsNullOrEmpty(hostname))
{
foreach (string discoveryUrl in server.DiscoveryUrls)
{
Uri url = Utils.ParseUri(discoveryUrl);
if (url != null)
{
hostname = url.DnsSafeHost;
break;
}
}
}
listItem.Content = String.Format("Name: {0}, type: {1}, host: {2}, URI: {3}", server.ApplicationName, server.ApplicationType, hostname, server.ApplicationUri);
}
static async Task Reset()
{
WriteConsole("Resetting test...");
FabricClient client = new FabricClient();
var types = await client.QueryManager.GetApplicationTypeListAsync(NoOpApplicationTypeName);
if (types?.Any() ?? false)
{
var applications = await client.QueryManager.GetApplicationListAsync(NoOpApplicationName);
if (applications?.Any() ?? false)
{
DeleteApplicationDescription delete = new DeleteApplicationDescription(NoOpApplicationName);
await client.ApplicationManager.DeleteApplicationAsync(delete);
}
ApplicationDescription applicationDescription = new ApplicationDescription(NoOpApplicationName, NoOpApplicationTypeName, NoOpApplicationVersion);
await client.ApplicationManager.CreateApplicationAsync(applicationDescription);
}
else
{
throw new ArgumentException($"Application type '{NoOpApplicationTypeName}' not deployed to the cluster.");
}
}
/// <summary>
/// Serializes the object to JSON.
/// </summary>
/// <param name="writer">The <see cref="T: Newtonsoft.Json.JsonWriter" /> to write to.</param>
/// <param name="obj">The object to serialize to JSON.</param>
internal static void Serialize(JsonWriter writer, ApplicationDescription obj)
{
// Required properties are always serialized, optional properties are serialized when not null.
writer.WriteStartObject();
writer.WriteProperty(obj.Name, "Name", ApplicationNameConverter.Serialize);
writer.WriteProperty(obj.TypeName, "TypeName", JsonWriterExtensions.WriteStringValue);
writer.WriteProperty(obj.TypeVersion, "TypeVersion", JsonWriterExtensions.WriteStringValue);
if (obj.Parameters != null)
{
writer.WriteProperty(obj.Parameters, "ParameterList", ApplicationParametersConverter.Serialize);
}
if (obj.ApplicationCapacity != null)
{
writer.WriteProperty(obj.ApplicationCapacity, "ApplicationCapacity", ApplicationCapacityDescriptionConverter.Serialize);
}
if (obj.ManagedApplicationIdentity != null)
{
writer.WriteProperty(obj.ManagedApplicationIdentity, "ManagedApplicationIdentity", ManagedApplicationIdentityDescriptionConverter.Serialize);
}
writer.WriteEndObject();
}
private ApplicationDescription GetApplicationDescription(ServerOnNetwork server)
{
ApplicationDescription fallback = null;
try
{
foreach (var application in m_lds.FindServers(server.DiscoveryUrl, null))
{
if (fallback == null)
{
fallback = application;
}
if (application.DiscoveryUrls != null)
{
if (application.DiscoveryUrls.Contains(server.DiscoveryUrl))
{
return(application);
}
}
}
}
catch (Exception)
{
fallback = new ApplicationDescription()
{
ApplicationType = ApplicationType.Server,
ApplicationName = server.ServerName,
ApplicationUri = server.DiscoveryUrl
};
fallback.DiscoveryUrls.Add(server.DiscoveryUrl);
}
return(fallback);
}
public void Open(
string sessionName,
uint sessionTimeout,
IUserIdentity identity,
IList<string> preferredLocales,
bool checkDomain)
{
// check connection state.
lock (SyncRoot)
{
if (Connected)
{
throw new ServiceResultException(StatusCodes.BadInvalidState, "Already connected to server.");
}
}
string securityPolicyUri = m_endpoint.Description.SecurityPolicyUri;
// get the identity token.
if (identity == null)
{
identity = new UserIdentity();
}
// get identity token.
UserIdentityToken identityToken = identity.GetIdentityToken();
// check that the user identity is supported by the endpoint.
UserTokenPolicy identityPolicy = m_endpoint.Description.FindUserTokenPolicy(identityToken.PolicyId);
if (identityPolicy == null)
{
// try looking up by TokenType if the policy id was not found.
identityPolicy = m_endpoint.Description.FindUserTokenPolicy(identity.TokenType, identity.IssuedTokenType);
if (identityPolicy == null)
{
throw ServiceResultException.Create(
StatusCodes.BadUserAccessDenied,
"Endpoint does not supported the user identity type provided.");
}
identityToken.PolicyId = identityPolicy.PolicyId;
}
bool requireEncryption = securityPolicyUri != SecurityPolicies.None;
if (!requireEncryption)
{
requireEncryption = identityPolicy.SecurityPolicyUri != SecurityPolicies.None &&
!String.IsNullOrEmpty(identityPolicy.SecurityPolicyUri);
}
// validate the server certificate.
X509Certificate2 serverCertificate = null;
byte[] certificateData = m_endpoint.Description.ServerCertificate;
if (certificateData != null && certificateData.Length > 0 && requireEncryption)
{
serverCertificate = Utils.ParseCertificateBlob(certificateData);
m_configuration.CertificateValidator.Validate(serverCertificate);
if(checkDomain)
{
CheckCertificateDomain(m_endpoint);
}
//X509Certificate2Collection certificateChain = Utils.ParseCertificateChainBlob(certificateData);
//if (certificateChain.Count > 0)
// serverCertificate = certificateChain[0];
//m_configuration.CertificateValidator.Validate(certificateChain);
}
// create a nonce.
byte[] clientNonce = new byte[m_configuration.SecurityConfiguration.NonceLength];
new RNGCryptoServiceProvider().GetBytes(clientNonce);
NodeId sessionId = null;
NodeId sessionCookie = null;
byte[] serverNonce = new byte[0];
byte[] serverCertificateData = new byte[0];
SignatureData serverSignature = null;
EndpointDescriptionCollection serverEndpoints = null;
SignedSoftwareCertificateCollection serverSoftwareCertificates = null;
// send the application instance certificate for the client.
byte[] clientCertificateData = m_instanceCertificate != null ? m_instanceCertificate.RawData : null;
//byte[] clientCertificateData = null;
//if (m_instanceCertificateChain != null)
//{
// List<byte> clientCertificateChainData = new List<byte>();
// for (int i = 0; i < m_instanceCertificateChain.Count; i++)
// {
// clientCertificateChainData.AddRange(m_instanceCertificateChain[i].RawData);
// }
// clientCertificateData = clientCertificateChainData.ToArray();
//}
ApplicationDescription clientDescription = new ApplicationDescription();
clientDescription.ApplicationUri = m_configuration.ApplicationUri;
clientDescription.ApplicationName = m_configuration.ApplicationName;
clientDescription.ApplicationType = ApplicationType.Client;
clientDescription.ProductUri = m_configuration.ProductUri;
if (sessionTimeout == 0)
{
sessionTimeout = (uint)m_configuration.ClientConfiguration.DefaultSessionTimeout;
}
bool successCreateSession = false;
//if security none, first try to connect without certificate
if (m_endpoint.Description.SecurityPolicyUri == SecurityPolicies.None)
{
//first try to connect with client certificate NULL
try
{
CreateSession(
null,
clientDescription,
m_endpoint.Description.Server.ApplicationUri,
m_endpoint.EndpointUrl.ToString(),
sessionName,
clientNonce,
null,
sessionTimeout,
(uint)MessageContext.MaxMessageSize,
out sessionId,
out sessionCookie,
out m_sessionTimeout,
out serverNonce,
out serverCertificateData,
out serverEndpoints,
out serverSoftwareCertificates,
out serverSignature,
out m_maxRequestMessageSize);
successCreateSession = true;
}
catch(Exception ex)
{
Utils.Trace("Create session failed with client certificate NULL. " + ex.Message);
successCreateSession = false;
}
}
if (!successCreateSession)
{
CreateSession(
null,
clientDescription,
m_endpoint.Description.Server.ApplicationUri,
m_endpoint.EndpointUrl.ToString(),
sessionName,
clientNonce,
clientCertificateData,
sessionTimeout,
(uint)MessageContext.MaxMessageSize,
out sessionId,
out sessionCookie,
out m_sessionTimeout,
out serverNonce,
out serverCertificateData,
out serverEndpoints,
out serverSoftwareCertificates,
out serverSignature,
out m_maxRequestMessageSize);
}
// save session id.
lock (SyncRoot)
{
base.SessionCreated(sessionId, sessionCookie);
}
Utils.Trace("Revised session timeout value: {0}. ", m_sessionTimeout);
Utils.Trace("Max response message size value: {0}. Max request message size: {1} ", MessageContext.MaxMessageSize, m_maxRequestMessageSize);
//we need to call CloseSession if CreateSession was successful but some other exception is thrown
try
{
// verify that the server returned the same instance certificate.
if (serverCertificateData != null && !Utils.IsEqual(serverCertificateData, m_endpoint.Description.ServerCertificate))
{
throw ServiceResultException.Create(
StatusCodes.BadCertificateInvalid,
"Server did not return the certificate used to create the secure channel." );
}
if (serverSignature == null || serverSignature.Signature == null)
{
Utils.Trace("Server signature is null or empty.");
//throw ServiceResultException.Create(
// StatusCodes.BadSecurityChecksFailed,
// "Server signature is null or empty.");
}
if (m_expectedServerEndpoints != null && m_expectedServerEndpoints.Count > 0)
{
// verify that the list of endpoints returned by CreateSession matches the list returned at GetEndpoints.
if (m_expectedServerEndpoints.Count != serverEndpoints.Count)
{
throw ServiceResultException.Create(
StatusCodes.BadSecurityChecksFailed,
"Server did not return a number of ServerEndpoints that matches the one from GetEndpoints.");
}
for (int ii = 0; ii < serverEndpoints.Count; ii++)
{
EndpointDescription serverEndpoint = serverEndpoints[ii];
EndpointDescription expectedServerEndpoint = m_expectedServerEndpoints[ii];
if (serverEndpoint.SecurityMode != expectedServerEndpoint.SecurityMode ||
serverEndpoint.SecurityPolicyUri != expectedServerEndpoint.SecurityPolicyUri ||
serverEndpoint.TransportProfileUri != expectedServerEndpoint.TransportProfileUri ||
serverEndpoint.SecurityLevel != expectedServerEndpoint.SecurityLevel)
{
throw ServiceResultException.Create(
StatusCodes.BadSecurityChecksFailed,
"The list of ServerEndpoints returned at CreateSession does not match the list from GetEndpoints.");
}
if (serverEndpoint.UserIdentityTokens.Count != expectedServerEndpoint.UserIdentityTokens.Count)
{
throw ServiceResultException.Create(
StatusCodes.BadSecurityChecksFailed,
"The list of ServerEndpoints returned at CreateSession does not match the one from GetEndpoints.");
}
for (int jj = 0; jj < serverEndpoint.UserIdentityTokens.Count; jj++)
{
if (!serverEndpoint.UserIdentityTokens[jj].IsEqual(expectedServerEndpoint.UserIdentityTokens[jj]))
{
throw ServiceResultException.Create(
StatusCodes.BadSecurityChecksFailed,
"The list of ServerEndpoints returned at CreateSession does not match the one from GetEndpoints.");
}
}
}
}
// find the matching description (TBD - check domains against certificate).
bool found = false;
Uri expectedUrl = Utils.ParseUri( m_endpoint.Description.EndpointUrl );
if (expectedUrl != null)
{
for (int ii = 0; ii < serverEndpoints.Count; ii++)
{
EndpointDescription serverEndpoint = serverEndpoints[ii];
Uri actualUrl = Utils.ParseUri(serverEndpoint.EndpointUrl);
if (actualUrl != null && actualUrl.Scheme == expectedUrl.Scheme)
{
if (serverEndpoint.SecurityPolicyUri == m_endpoint.Description.SecurityPolicyUri)
{
if (serverEndpoint.SecurityMode == m_endpoint.Description.SecurityMode)
{
// ensure endpoint has up to date information.
m_endpoint.Description.Server.ApplicationName = serverEndpoint.Server.ApplicationName;
m_endpoint.Description.Server.ApplicationUri = serverEndpoint.Server.ApplicationUri;
m_endpoint.Description.Server.ApplicationType = serverEndpoint.Server.ApplicationType;
m_endpoint.Description.Server.ProductUri = serverEndpoint.Server.ProductUri;
m_endpoint.Description.TransportProfileUri = serverEndpoint.TransportProfileUri;
m_endpoint.Description.UserIdentityTokens = serverEndpoint.UserIdentityTokens;
found = true;
break;
}
}
}
}
}
// could be a security risk.
if( !found )
{
throw ServiceResultException.Create(
StatusCodes.BadSecurityChecksFailed,
"Server did not return an EndpointDescription that matched the one used to create the secure channel." );
}
// validate the server's signature.
byte[] dataToSign = Utils.Append( clientCertificateData, clientNonce );
if (!SecurityPolicies.Verify(serverCertificate, m_endpoint.Description.SecurityPolicyUri, dataToSign, serverSignature))
{
throw ServiceResultException.Create(
StatusCodes.BadApplicationSignatureInvalid,
"Server did not provide a correct signature for the nonce data provided by the client." );
}
// get a validator to check certificates provided by server.
CertificateValidator validator = m_configuration.CertificateValidator;
// validate software certificates.
List<SoftwareCertificate> softwareCertificates = new List<SoftwareCertificate>();
foreach( SignedSoftwareCertificate signedCertificate in serverSoftwareCertificates )
{
SoftwareCertificate softwareCertificate = null;
ServiceResult result = SoftwareCertificate.Validate(
validator,
signedCertificate.CertificateData,
out softwareCertificate );
if( ServiceResult.IsBad( result ) )
{
OnSoftwareCertificateError( signedCertificate, result );
}
softwareCertificates.Add( softwareCertificate );
}
// check if software certificates meet application requirements.
ValidateSoftwareCertificates( softwareCertificates );
// create the client signature.
dataToSign = Utils.Append( serverCertificateData, serverNonce );
SignatureData clientSignature = SecurityPolicies.Sign( m_instanceCertificate, securityPolicyUri, dataToSign );
// select the security policy for the user token.
securityPolicyUri = identityPolicy.SecurityPolicyUri;
if (String.IsNullOrEmpty(securityPolicyUri))
{
securityPolicyUri = m_endpoint.Description.SecurityPolicyUri;
}
// sign data with user token.
SignatureData userTokenSignature = identityToken.Sign( dataToSign, securityPolicyUri );
// encrypt token.
identityToken.Encrypt( serverCertificate, serverNonce, securityPolicyUri );
// send the software certificates assigned to the client.
SignedSoftwareCertificateCollection clientSoftwareCertificates = GetSoftwareCertificates();
// copy the preferred locales if provided.
if( preferredLocales != null && preferredLocales.Count > 0 )
{
m_preferredLocales = new StringCollection( preferredLocales );
}
StatusCodeCollection certificateResults = null;
DiagnosticInfoCollection certificateDiagnosticInfos = null;
// activate session.
ActivateSession(
null,
clientSignature,
clientSoftwareCertificates,
m_preferredLocales,
new ExtensionObject( identityToken ),
userTokenSignature,
out serverNonce,
out certificateResults,
out certificateDiagnosticInfos );
if (certificateResults != null)
{
for (int i = 0; i < certificateResults.Count; i++)
{
Utils.Trace("ActivateSession result[{0}] = {1}", i, certificateResults[i]);
}
}
if (certificateResults == null || certificateResults.Count == 0)
{
Utils.Trace("Empty results were received for the ActivateSession call.");
}
// fetch namespaces.
FetchNamespaceTables();
lock( SyncRoot )
{
// save nonces.
m_sessionName = sessionName;
m_identity = identity;
m_serverNonce = serverNonce;
m_serverCertificate = serverCertificate;
// update system context.
m_systemContext.PreferredLocales = m_preferredLocales;
m_systemContext.SessionId = this.SessionId;
m_systemContext.UserIdentity = identity;
}
// start keep alive thread.
StartKeepAliveTimer();
}
catch
{
try
{
CloseSession( null, false );
CloseChannel();
}
catch(Exception e)
{
Utils.Trace("Cleanup: CloseSession() or CloseChannel() raised exception. " + e.Message);
}
finally
{
SessionCreated( null, null );
}
throw;
}
}
/// <summary>
/// Creates the endpoints and creates the hosts.
/// </summary>
/// <param name="configuration">The configuration.</param>
/// <param name="bindingFactory">The binding factory.</param>
/// <param name="serverDescription">The server description.</param>
/// <param name="endpoints">The endpoints.</param>
/// <returns>
/// Returns IList of a host for a UA service which type is <seealso cref="ServiceHost"/>.
/// </returns>
protected override IList<IBackgroundTask> InitializeServiceHosts(
ApplicationConfiguration configuration,
BindingFactory bindingFactory,
out ApplicationDescription serverDescription,
out EndpointDescriptionCollection endpoints)
{
serverDescription = null;
endpoints = null;
Dictionary<string, IBackgroundTask> hosts = new Dictionary<string, IBackgroundTask>();
// ensure at least one security policy exists.
if (configuration.ServerConfiguration.SecurityPolicies.Count == 0)
{
configuration.ServerConfiguration.SecurityPolicies.Add(new ServerSecurityPolicy());
}
// ensure at least one user token policy exists.
if (configuration.ServerConfiguration.UserTokenPolicies.Count == 0)
{
UserTokenPolicy userTokenPolicy = new UserTokenPolicy();
userTokenPolicy.TokenType = UserTokenType.Anonymous;
userTokenPolicy.PolicyId = userTokenPolicy.TokenType.ToString();
configuration.ServerConfiguration.UserTokenPolicies.Add(userTokenPolicy);
}
// set server description.
serverDescription = new ApplicationDescription();
serverDescription.ApplicationUri = configuration.ApplicationUri;
serverDescription.ApplicationName = configuration.ApplicationName;
serverDescription.ApplicationType = configuration.ApplicationType;
serverDescription.ProductUri = configuration.ProductUri;
serverDescription.DiscoveryUrls = GetDiscoveryUrls();
endpoints = new EndpointDescriptionCollection();
IList<EndpointDescription> endpointsForHost = null;
// create hosts for protocols that require one endpoints per security policy
foreach (ServerSecurityPolicy securityPolicy in configuration.ServerConfiguration.SecurityPolicies)
{
endpointsForHost = CreateSinglePolicyServiceHost(
hosts,
configuration,
bindingFactory,
configuration.ServerConfiguration.BaseAddresses,
serverDescription,
securityPolicy.SecurityMode,
securityPolicy.SecurityPolicyUri,
String.Empty);
for (int ii = 0; ii < endpointsForHost.Count; ii++)
{
endpointsForHost[ii].SecurityLevel = securityPolicy.SecurityLevel;
}
endpoints.AddRange(endpointsForHost);
}
// create UA TCP host.
endpointsForHost = CreateUaTcpServiceHost(
hosts,
configuration,
bindingFactory,
configuration.ServerConfiguration.BaseAddresses,
serverDescription,
configuration.ServerConfiguration.SecurityPolicies);
endpoints.InsertRange(0, endpointsForHost);
// create HTTPS host.
endpointsForHost = CreateHttpsServiceHost(
hosts,
configuration,
bindingFactory,
configuration.ServerConfiguration.BaseAddresses,
serverDescription,
configuration.ServerConfiguration.SecurityPolicies);
endpoints.AddRange(endpointsForHost);
return new List<IBackgroundTask>(hosts.Values);
}
/// <summary>
/// Invokes the CreateSession service.
/// </summary>
public virtual ResponseHeader CreateSession(
RequestHeader requestHeader,
ApplicationDescription clientDescription,
string serverUri,
string endpointUrl,
string sessionName,
byte[] clientNonce,
byte[] clientCertificate,
double requestedSessionTimeout,
uint maxResponseMessageSize,
out NodeId sessionId,
out NodeId authenticationToken,
out double revisedSessionTimeout,
out byte[] serverNonce,
out byte[] serverCertificate,
out EndpointDescriptionCollection serverEndpoints,
out SignedSoftwareCertificateCollection serverSoftwareCertificates,
out SignatureData serverSignature,
out uint maxRequestMessageSize)
{
sessionId = null;
authenticationToken = null;
revisedSessionTimeout = 0;
serverNonce = null;
serverCertificate = null;
serverEndpoints = null;
serverSoftwareCertificates = null;
serverSignature = null;
maxRequestMessageSize = 0;
ValidateRequest(requestHeader);
// Insert implementation.
return CreateResponse(requestHeader, StatusCodes.BadServiceUnsupported);
}
/// <inheritdoc/>
/// <summary>
/// Create a new service host for UA HTTPS.
/// </summary>
public List <EndpointDescription> CreateServiceHost(
ServerBase serverBase,
IDictionary <string, Task> hosts,
ApplicationConfiguration configuration,
IList <string> baseAddresses,
ApplicationDescription serverDescription,
List <ServerSecurityPolicy> securityPolicies,
X509Certificate2 instanceCertificate,
X509Certificate2Collection instanceCertificateChain
)
{
// generate a unique host name.
string hostName = String.Empty;
if (hosts.ContainsKey(hostName))
{
hostName = "/Https";
}
if (hosts.ContainsKey(hostName))
{
hostName += Utils.Format("/{0}", hosts.Count);
}
// build list of uris.
List <Uri> uris = new List <Uri>();
EndpointDescriptionCollection endpoints = new EndpointDescriptionCollection();
// create the endpoint configuration to use.
EndpointConfiguration endpointConfiguration = EndpointConfiguration.Create(configuration);
string computerName = Utils.GetHostName();
for (int ii = 0; ii < baseAddresses.Count; ii++)
{
if (!baseAddresses[ii].StartsWith(Utils.UriSchemeHttps, StringComparison.Ordinal))
{
continue;
}
UriBuilder uri = new UriBuilder(baseAddresses[ii]);
if (uri.Path[uri.Path.Length - 1] != '/')
{
uri.Path += "/";
}
if (String.Compare(uri.Host, "localhost", StringComparison.OrdinalIgnoreCase) == 0)
{
uri.Host = computerName;
}
uris.Add(uri.Uri);
if (uri.Scheme == Utils.UriSchemeHttps)
{
// Can only support one policy with HTTPS
// So pick the first policy with security mode sign and encrypt
ServerSecurityPolicy bestPolicy = null;
foreach (ServerSecurityPolicy policy in securityPolicies)
{
if (policy.SecurityMode != MessageSecurityMode.SignAndEncrypt)
{
continue;
}
bestPolicy = policy;
break;
}
// Pick the first policy from the list if no policies with sign and encrypt defined
if (bestPolicy == null)
{
bestPolicy = securityPolicies[0];
}
EndpointDescription description = new EndpointDescription();
description.EndpointUrl = uri.ToString();
description.Server = serverDescription;
if (instanceCertificate != null)
{
description.ServerCertificate = instanceCertificate.RawData;
// check if complete chain should be sent.
if (configuration.SecurityConfiguration.SendCertificateChain &&
instanceCertificateChain != null &&
instanceCertificateChain.Count > 0)
{
List <byte> serverCertificateChain = new List <byte>();
for (int i = 0; i < instanceCertificateChain.Count; i++)
{
serverCertificateChain.AddRange(instanceCertificateChain[i].RawData);
}
description.ServerCertificate = serverCertificateChain.ToArray();
}
}
description.SecurityMode = bestPolicy.SecurityMode;
description.SecurityPolicyUri = bestPolicy.SecurityPolicyUri;
description.SecurityLevel = ServerSecurityPolicy.CalculateSecurityLevel(bestPolicy.SecurityMode, bestPolicy.SecurityPolicyUri);
description.UserIdentityTokens = serverBase.GetUserTokenPolicies(configuration, description);
description.TransportProfileUri = Profiles.HttpsBinaryTransport;
ITransportListener listener = Create();
if (listener != null)
{
endpoints.Add(description);
serverBase.CreateServiceHostEndpoint(uri.Uri, endpoints, endpointConfiguration, listener,
configuration.CertificateValidator.GetChannelValidator());
}
else
{
Utils.Trace(Utils.TraceMasks.Error, "Failed to create endpoint {0} because the transport profile is unsupported.", uri);
}
}
}
return(endpoints);
}
private void ServersLV_SelectedIndexChanged(object sender, EventArgs e)
{
try
{
if (ServerCTRL.Session == null)
{
return;
}
foreach (ListViewItem item in ServersLV.SelectedItems)
{
m_application = item.Tag as ApplicationDescription;
OkBTN.Enabled = m_application.ApplicationType == ApplicationType.Server || m_application.ApplicationType == ApplicationType.ClientAndServer;
return;
}
m_application = null;
OkBTN.Enabled = false;
}
catch (Exception exception)
{
ClientUtils.HandleException(this.Text, exception);
}
}
/// <summary>
/// Creates a new instance of a session.
/// </summary>
protected virtual Session CreateSession(
OperationContext context,
IServerInternal server,
X509Certificate2 serverCertificate,
NodeId sessionCookie,
byte[] serverNonce,
string sessionName,
ApplicationDescription clientDescription,
string endpointUrl,
X509Certificate2 clientCertificate,
double sessionTimeout,
uint maxResponseMessageSize,
int maxRequestAge, // TBD - Remove unused parameter.
int maxContinuationPoints) // TBD - Remove unused parameter.
{
Session session = new Session(
context,
m_server,
serverCertificate,
sessionCookie,
serverNonce,
sessionName,
clientDescription,
endpointUrl,
clientCertificate,
sessionTimeout,
maxResponseMessageSize,
m_maxRequestAge,
m_maxBrowseContinuationPoints,
m_maxHistoryContinuationPoints);
return session;
}
/// <summary>
/// Creates the endpoints and creates the hosts.
/// </summary>
/// <param name="configuration">The object that stores the configurable configuration information for a UA application.</param>
/// <param name="bindingFactory">The object of a class that manages a mapping between a URL scheme and a binding.</param>
/// <param name="serverDescription">The object of the class that contains a description for the ApplicationDescription DataType.</param>
/// <param name="endpoints">The collection of <see cref="EndpointDescription"/> objects.</param>
/// <returns>Returns list of hosts for a UA service.</returns>
protected virtual IList<ServiceHost> InitializeServiceHosts(
ApplicationConfiguration configuration,
BindingFactory bindingFactory,
out ApplicationDescription serverDescription,
out EndpointDescriptionCollection endpoints)
{
serverDescription = null;
endpoints = null;
return new List<ServiceHost>();
}
/// <summary>
/// Adds the results to the control.
/// </summary>
private void UpdateResults(ApplicationDescription[] descriptions)
{
ServersLV.Items.Clear();
if (descriptions == null)
{
return;
}
for (int ii = 0; ii < descriptions.Length; ii++)
{
ApplicationDescription description = descriptions[ii];
if (description == null)
{
continue;
}
ListViewItem item = new ListViewItem();
item.Text = Utils.Format("{0}", description.ApplicationName);
item.ImageIndex = ClientUtils.GetImageIndex(ServerCTRL.Session, NodeClass.Object, null, false);
item.SubItems.Add(new ListViewItem.ListViewSubItem());
item.SubItems.Add(new ListViewItem.ListViewSubItem());
item.SubItems.Add(new ListViewItem.ListViewSubItem());
item.Tag = description;
ServersLV.Items.Add(item);
item.SubItems[1].Text = description.ApplicationType.ToString();
if (description.DiscoveryUrls == null)
{
continue;
}
// collect the domains and protocols.
List<string> domains = new List<string>();
List<string> protocols = new List<string>();
foreach (string discoveryUrl in description.DiscoveryUrls)
{
Uri url = Utils.ParseUri(discoveryUrl);
if (url != null)
{
if (!domains.Contains(url.DnsSafeHost))
{
domains.Add(url.DnsSafeHost);
}
if (!protocols.Contains(url.Scheme))
{
protocols.Add(url.Scheme);
}
}
}
// format the domains.
StringBuilder buffer = new StringBuilder();
foreach (string domain in domains)
{
if (buffer.Length > 0)
{
buffer.Append(", ");
}
buffer.Append(domain);
}
item.SubItems[2].Text = buffer.ToString();
// format the protocols.
buffer = new StringBuilder();
foreach (string protocol in protocols)
{
if (buffer.Length > 0)
{
buffer.Append(", ");
}
buffer.Append(protocol);
}
item.SubItems[3].Text = buffer.ToString();
}
// adjust column widths.
for (int ii = 0; ii < ServersLV.Columns.Count; ii++)
{
ServersLV.Columns[ii].Width = -2;
}
}
private void ServersCTRL_ItemsPicked(object sender, ListItemActionEventArgs e)
{
try
{
m_server = null;
foreach (ApplicationDescription server in e.Items)
{
m_server = server;
break;
}
if (m_server != null)
{
DialogResult = DialogResult.OK;
}
}
catch (Exception exception)
{
GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception);
}
}
/// <summary>
/// Translates the endpoint descriptions based on the client url and profiles provided.
/// </summary>
/// <param name="clientUrl">The client URL.</param>
/// <param name="baseAddresses">The base addresses.</param>
/// <param name="endpoints">The endpoints.</param>
/// <param name="application">The application to use with the endpoints.</param>
/// <returns>The translated list of endpoints.</returns>
protected EndpointDescriptionCollection TranslateEndpointDescriptions(
Uri clientUrl,
IList<BaseAddress> baseAddresses,
IList<EndpointDescription> endpoints,
ApplicationDescription application)
{
EndpointDescriptionCollection translations = new EndpointDescriptionCollection();
// process endpoints
foreach (EndpointDescription endpoint in endpoints)
{
UriBuilder endpointUrl = new UriBuilder(endpoint.EndpointUrl);
// find matching base address.
foreach (BaseAddress baseAddress in baseAddresses)
{
bool translateHttpsEndpoint = false;
if ((endpoint.TransportProfileUri == Profiles.HttpsBinaryTransport && baseAddress.ProfileUri == Profiles.HttpsXmlOrBinaryTransport)
|| endpoint.TransportProfileUri == Profiles.HttpsBinaryTransport && baseAddress.ProfileUri == Profiles.HttpsBinaryTransport)
{
translateHttpsEndpoint = true;
}
if ((endpoint.TransportProfileUri == Profiles.HttpsXmlTransport && baseAddress.ProfileUri == Profiles.HttpsXmlOrBinaryTransport)
|| endpoint.TransportProfileUri == Profiles.HttpsXmlTransport && baseAddress.ProfileUri == Profiles.HttpsXmlTransport)
{
translateHttpsEndpoint = true;
}
if (endpoint.TransportProfileUri != baseAddress.ProfileUri && !translateHttpsEndpoint)
{
continue;
}
if (endpointUrl.Scheme != baseAddress.Url.Scheme)
{
continue;
}
EndpointDescription translation = new EndpointDescription();
translation.EndpointUrl = baseAddress.Url.ToString();
if (endpointUrl.Path.StartsWith(baseAddress.Url.PathAndQuery) && endpointUrl.Path.Length > baseAddress.Url.PathAndQuery.Length)
{
string suffix = endpointUrl.Path.Substring(baseAddress.Url.PathAndQuery.Length);
translation.EndpointUrl += suffix;
}
translation.ProxyUrl = endpoint.ProxyUrl;
translation.SecurityLevel = endpoint.SecurityLevel;
translation.SecurityMode = endpoint.SecurityMode;
translation.SecurityPolicyUri = endpoint.SecurityPolicyUri;
translation.ServerCertificate = endpoint.ServerCertificate;
translation.TransportProfileUri = endpoint.TransportProfileUri;
translation.UserIdentityTokens = endpoint.UserIdentityTokens;
translation.Server = application;
translations.Add(translation);
}
}
return translations;
}
/// <summary>
/// Create a new service host for UA HTTPS.
/// </summary>
protected List<EndpointDescription> CreateHttpsServiceHost(
IDictionary<string, ServiceHost> hosts,
ApplicationConfiguration configuration,
BindingFactory bindingFactory,
IList<string> baseAddresses,
ApplicationDescription serverDescription,
List<ServerSecurityPolicy> securityPolicies)
{
// generate a unique host name.
string hostName = String.Empty;
if (hosts.ContainsKey(hostName))
{
hostName = "/Https";
}
if (hosts.ContainsKey(hostName))
{
hostName += Utils.Format("/{0}", hosts.Count);
}
// build list of uris.
List<Uri> uris = new List<Uri>();
EndpointDescriptionCollection endpoints = new EndpointDescriptionCollection();
// create the endpoint configuration to use.
EndpointConfiguration endpointConfiguration = EndpointConfiguration.Create(configuration);
string computerName = System.Net.Dns.GetHostName();
for (int ii = 0; ii < baseAddresses.Count; ii++)
{
if (!baseAddresses[ii].StartsWith(Utils.UriSchemeHttps, StringComparison.Ordinal) &&
!baseAddresses[ii].StartsWith(Utils.UriSchemeNoSecurityHttp, StringComparison.Ordinal))
{
continue;
}
UriBuilder uri = new UriBuilder(baseAddresses[ii]);
if (uri.Scheme == Utils.UriSchemeNoSecurityHttp)
{
uri.Scheme = Utils.UriSchemeHttp;
}
if (uri.Path[uri.Path.Length-1] != '/')
{
uri.Path += "/";
}
if (String.Compare(uri.Host, "localhost", StringComparison.OrdinalIgnoreCase) == 0)
{
uri.Host = computerName;
}
uris.Add(uri.Uri);
if (uri.Scheme == Utils.UriSchemeHttps)
{
// can only support one policy with HTTPS so pick the best one.
ServerSecurityPolicy bestPolicy = null;
foreach (ServerSecurityPolicy policy in securityPolicies)
{
if (bestPolicy == null)
{
bestPolicy = policy;
continue;
}
if (bestPolicy.SecurityLevel > policy.SecurityLevel)
{
bestPolicy = policy;
continue;
}
}
EndpointDescription description = new EndpointDescription();
description.EndpointUrl = uri.ToString();
description.Server = serverDescription;
description.ServerCertificate = InstanceCertificate.RawData;
//if (InstanceCertificateChain != null)
//{
// List<byte> certificateChainList = new List<byte>();
// for (int i = 0; i < InstanceCertificateChain.Count; i++)
// {
// certificateChainList.AddRange(InstanceCertificateChain[i].RawData);
// }
// description.ServerCertificate = certificateChainList.ToArray();
//}
description.SecurityMode = bestPolicy.SecurityMode;
description.SecurityPolicyUri = bestPolicy.SecurityPolicyUri;
description.SecurityLevel = bestPolicy.SecurityLevel;
description.UserIdentityTokens = GetUserTokenPolicies(configuration, description);
description.TransportProfileUri = Profiles.HttpsBinaryTransport;
endpoints.Add(description);
// create the endpoint description.
description = new EndpointDescription();
description.EndpointUrl = uri.ToString();
description.Server = serverDescription;
description.ServerCertificate = InstanceCertificate.RawData;
//if (InstanceCertificateChain != null)
//{
// List<byte> certificateChainList = new List<byte>();
// for (int i = 0; i < InstanceCertificateChain.Count; i++)
// {
// certificateChainList.AddRange(InstanceCertificateChain[i].RawData);
// }
// description.ServerCertificate = certificateChainList.ToArray();
//}
description.SecurityMode = MessageSecurityMode.None;
description.SecurityPolicyUri = SecurityPolicies.None;
description.SecurityLevel = 0;
description.UserIdentityTokens = GetUserTokenPolicies(configuration, description);
description.TransportProfileUri = Profiles.HttpsXmlTransport;
endpoints.Add(description);
}
// create the stack listener.
try
{
TransportListenerSettings settings = new TransportListenerSettings();
settings.Descriptions = endpoints;
settings.Configuration = endpointConfiguration;
settings.ServerCertificate = this.InstanceCertificate;
//settings.ServerCertificateChain = this.InstanceCertificateChain;
settings.CertificateValidator = configuration.CertificateValidator.GetChannelValidator();
settings.NamespaceUris = this.MessageContext.NamespaceUris;
settings.Factory = this.MessageContext.Factory;
ITransportListener listener = new Opc.Ua.Bindings.UaHttpsChannelListener();
listener.Open(
uri.Uri,
settings,
GetEndpointInstance(this));
TransportListeners.Add(listener);
}
catch (Exception e)
{
Utils.Trace(e, "Could not load HTTPS Stack Listener.");
throw;
}
}
return endpoints;
}
/// <summary>
/// Creates an instance of an application.
/// </summary>
/// <param name="cluster"></param>
/// <param name="applicationInstanceName"></param>
/// <param name="applicationTypeName"></param>
/// <param name="applicationTypeVersion"></param>
/// <returns></returns>
public async Task CreateApplicationAsync(string cluster, string applicationInstanceName, string applicationTypeName, string applicationTypeVersion, CancellationToken token)
{
FabricClient fabricClient = this.GetClient(cluster);
FabricClient.ApplicationManagementClient applicationClient = fabricClient.ApplicationManager;
Uri appName = new Uri("fabric:/" + applicationInstanceName);
if ( await ApplicationExistsAsync(cluster, applicationInstanceName, token))
{
return;
}
ApplicationDescription appDescription = new ApplicationDescription(appName, applicationTypeName, applicationTypeVersion);
await applicationClient.CreateApplicationAsync(appDescription, this.writeOperationTimeout, token);
}
public Session(
OperationContext context,
IServerInternal server,
X509Certificate2 serverCertificate,
NodeId authenticationToken,
byte[] serverNonce,
string sessionName,
ApplicationDescription clientDescription,
string endpointUrl,
X509Certificate2 clientCertificate,
double sessionTimeout,
uint maxResponseMessageSize,
double maxRequestAge,
int maxBrowseContinuationPoints,
int maxHistoryContinuationPoints)
{
if (context == null) throw new ArgumentNullException("context");
if (server == null) throw new ArgumentNullException("server");
// verify that a secure channel was specified.
if (context.ChannelContext == null)
{
throw new ServiceResultException(StatusCodes.BadSecureChannelIdInvalid);
}
m_server = server;
m_authenticationToken = authenticationToken;
m_serverNonce = serverNonce;
m_sessionName = sessionName;
m_serverCertificate = serverCertificate;
m_clientCertificate = clientCertificate;
m_secureChannelId = context.ChannelContext.SecureChannelId;
m_maxResponseMessageSize = maxResponseMessageSize;
m_maxRequestAge = maxRequestAge;
m_maxBrowseContinuationPoints = maxBrowseContinuationPoints;
m_maxHistoryContinuationPoints = maxHistoryContinuationPoints;
m_endpoint = context.ChannelContext.EndpointDescription;
// use anonymous the default identity.
m_identity = new UserIdentity();
// initialize diagnostics.
m_diagnostics = new SessionDiagnosticsDataType();
m_diagnostics.SessionId = null;
m_diagnostics.SessionName = sessionName;
m_diagnostics.ClientDescription = clientDescription;
m_diagnostics.ServerUri = null;
m_diagnostics.EndpointUrl = endpointUrl;
m_diagnostics.LocaleIds = new StringCollection();
m_diagnostics.ActualSessionTimeout = sessionTimeout;
m_diagnostics.ClientConnectionTime = DateTime.UtcNow;
m_diagnostics.ClientLastContactTime = DateTime.UtcNow;
m_diagnostics.CurrentSubscriptionsCount = 0;
m_diagnostics.CurrentMonitoredItemsCount = 0;
m_diagnostics.CurrentPublishRequestsInQueue = 0;
m_diagnostics.TotalRequestCount = new ServiceCounterDataType();
m_diagnostics.UnauthorizedRequestCount = 0;
m_diagnostics.ReadCount = new ServiceCounterDataType();
m_diagnostics.HistoryReadCount = new ServiceCounterDataType();
m_diagnostics.WriteCount = new ServiceCounterDataType();
m_diagnostics.HistoryUpdateCount = new ServiceCounterDataType();
m_diagnostics.CallCount = new ServiceCounterDataType();
m_diagnostics.CreateMonitoredItemsCount = new ServiceCounterDataType();
m_diagnostics.ModifyMonitoredItemsCount = new ServiceCounterDataType();
m_diagnostics.SetMonitoringModeCount = new ServiceCounterDataType();
m_diagnostics.SetTriggeringCount = new ServiceCounterDataType();
m_diagnostics.DeleteMonitoredItemsCount = new ServiceCounterDataType();
m_diagnostics.CreateSubscriptionCount= new ServiceCounterDataType();
m_diagnostics.ModifySubscriptionCount = new ServiceCounterDataType();
m_diagnostics.SetPublishingModeCount = new ServiceCounterDataType();
m_diagnostics.PublishCount = new ServiceCounterDataType();
m_diagnostics.RepublishCount = new ServiceCounterDataType();
m_diagnostics.TransferSubscriptionsCount = new ServiceCounterDataType();
m_diagnostics.DeleteSubscriptionsCount = new ServiceCounterDataType();
m_diagnostics.AddNodesCount = new ServiceCounterDataType();
m_diagnostics.AddReferencesCount = new ServiceCounterDataType();
m_diagnostics.DeleteNodesCount = new ServiceCounterDataType();
m_diagnostics.DeleteReferencesCount = new ServiceCounterDataType();
m_diagnostics.BrowseCount = new ServiceCounterDataType();
m_diagnostics.BrowseNextCount = new ServiceCounterDataType();
m_diagnostics.TranslateBrowsePathsToNodeIdsCount = new ServiceCounterDataType();
m_diagnostics.QueryFirstCount = new ServiceCounterDataType();
m_diagnostics.QueryNextCount = new ServiceCounterDataType();
m_diagnostics.RegisterNodesCount = new ServiceCounterDataType();
m_diagnostics.UnregisterNodesCount = new ServiceCounterDataType();
// initialize security diagnostics.
m_securityDiagnostics = new SessionSecurityDiagnosticsDataType();
m_securityDiagnostics.SessionId = m_sessionId;
m_securityDiagnostics.ClientUserIdOfSession = m_identity.DisplayName;
m_securityDiagnostics.AuthenticationMechanism = m_identity.TokenType.ToString();
m_securityDiagnostics.Encoding = context.ChannelContext.MessageEncoding.ToString();
m_securityDiagnostics.ClientUserIdHistory = new StringCollection();
m_securityDiagnostics.ClientUserIdHistory.Add(m_identity.DisplayName);
EndpointDescription description = context.ChannelContext.EndpointDescription;
if (description != null)
{
m_securityDiagnostics.TransportProtocol = new Uri(description.EndpointUrl).Scheme;
m_securityDiagnostics.SecurityMode = m_endpoint.SecurityMode;
m_securityDiagnostics.SecurityPolicyUri = m_endpoint.SecurityPolicyUri;
}
if (clientCertificate != null)
{
m_securityDiagnostics.ClientCertificate = clientCertificate.RawData;
}
ServerSystemContext systemContext = m_server.DefaultSystemContext.Copy(context);
// create diagnostics object.
m_sessionId = server.DiagnosticsNodeManager.CreateSessionDiagnostics(
systemContext,
m_diagnostics,
OnUpdateDiagnostics,
m_securityDiagnostics,
OnUpdateSecurityDiagnostics);
// report the audit event.
ReportAuditCreateSessionEvent(systemContext);
TraceState("CREATED");
}
/// <summary>
/// Invokes the CreateSession service.
/// </summary>
/// <param name="requestHeader">The request header.</param>
/// <param name="clientDescription">Application description for the client application.</param>
/// <param name="serverUri">The server URI.</param>
/// <param name="endpointUrl">The endpoint URL.</param>
/// <param name="sessionName">Name for the Session assigned by the client.</param>
/// <param name="clientNonce">The client nonce.</param>
/// <param name="clientCertificate">The client certificate.</param>
/// <param name="requestedSessionTimeout">The requested session timeout.</param>
/// <param name="maxResponseMessageSize">Size of the max response message.</param>
/// <param name="sessionId">The unique public identifier assigned by the Server to the Session.</param>
/// <param name="authenticationToken">The unique private identifier assigned by the Server to the Session.</param>
/// <param name="revisedSessionTimeout">The revised session timeout.</param>
/// <param name="serverNonce">The server nonce.</param>
/// <param name="serverCertificate">The server certificate.</param>
/// <param name="serverEndpoints">The server endpoints.</param>
/// <param name="serverSoftwareCertificates">The server software certificates.</param>
/// <param name="serverSignature">The server signature.</param>
/// <param name="maxRequestMessageSize">Size of the max request message.</param>
/// <returns>
/// Returns a <see cref="ResponseHeader"/> object
/// </returns>
public override ResponseHeader CreateSession(
RequestHeader requestHeader,
ApplicationDescription clientDescription,
string serverUri,
string endpointUrl,
string sessionName,
byte[] clientNonce,
byte[] clientCertificate,
double requestedSessionTimeout,
uint maxResponseMessageSize,
out NodeId sessionId,
out NodeId authenticationToken,
out double revisedSessionTimeout,
out byte[] serverNonce,
out byte[] serverCertificate,
out EndpointDescriptionCollection serverEndpoints,
out SignedSoftwareCertificateCollection serverSoftwareCertificates,
out SignatureData serverSignature,
out uint maxRequestMessageSize)
{
sessionId = 0;
revisedSessionTimeout = 0;
serverNonce = null;
serverCertificate = null;
serverSoftwareCertificates = null;
serverSignature = null;
maxRequestMessageSize = (uint)MessageContext.MaxMessageSize;
OperationContext context = ValidateRequest(requestHeader, RequestType.CreateSession);
try
{
// check the server uri.
if (!String.IsNullOrEmpty(serverUri))
{
if (serverUri != this.Configuration.ApplicationUri)
{
throw new ServiceResultException(StatusCodes.BadServerUriInvalid);
}
}
bool requireEncryption = ServerBase.RequireEncryption(context.ChannelContext.EndpointDescription);
if (!requireEncryption && clientCertificate != null)
{
requireEncryption = true;
}
// validate client application instance certificate.
X509Certificate2 parsedClientCertificate = null;
if (requireEncryption && clientCertificate != null && clientCertificate.Length > 0)
{
try
{
parsedClientCertificate = CertificateFactory.Create(clientCertificate, true);
if (context.SecurityPolicyUri != SecurityPolicies.None)
{
string certificateApplicationUri = Utils.GetApplicationUriFromCertficate(parsedClientCertificate);
// verify if applicationUri from ApplicationDescription matches the applicationUri in the client certificate.
if (!String.IsNullOrEmpty(certificateApplicationUri) &&
!String.IsNullOrEmpty(clientDescription.ApplicationUri) &&
certificateApplicationUri != clientDescription.ApplicationUri)
{
throw ServiceResultException.Create(
StatusCodes.BadCertificateUriInvalid,
"The URI specified in the ApplicationDescription does not match the URI in the Certificate.");
}
CertificateValidator.Validate(parsedClientCertificate);
}
}
catch (Exception e)
{
OnApplicationCertificateError(clientCertificate, new ServiceResult(e));
}
}
// verify the nonce provided by the client.
if (clientNonce != null)
{
if (clientNonce.Length < m_minNonceLength)
{
throw new ServiceResultException(StatusCodes.BadNonceInvalid);
}
}
// create the session.
Session session = ServerInternal.SessionManager.CreateSession(
context,
requireEncryption ? InstanceCertificate : null,
sessionName,
clientNonce,
clientDescription,
endpointUrl,
parsedClientCertificate,
requestedSessionTimeout,
maxResponseMessageSize,
out sessionId,
out authenticationToken,
out serverNonce,
out revisedSessionTimeout);
lock (m_lock)
{
// return the application instance certificate for the server.
if (requireEncryption)
{
serverCertificate = InstanceCertificate.RawData;
}
// return the endpoints supported by the server.
serverEndpoints = GetEndpointDescriptions(endpointUrl, BaseAddresses, null);
// return the software certificates assigned to the server.
serverSoftwareCertificates = new SignedSoftwareCertificateCollection(ServerProperties.SoftwareCertificates);
// sign the nonce provided by the client.
serverSignature = null;
// sign the client nonce (if provided).
if (parsedClientCertificate != null && clientNonce != null)
{
byte[] dataToSign = Utils.Append(clientCertificate, clientNonce);
serverSignature = SecurityPolicies.Sign(InstanceCertificate, context.SecurityPolicyUri, dataToSign);
}
}
lock (ServerInternal.DiagnosticsLock)
{
ServerInternal.ServerDiagnostics.CurrentSessionCount++;
ServerInternal.ServerDiagnostics.CumulatedSessionCount++;
}
Utils.Trace("Server - SESSION CREATED. SessionId={0}", sessionId);
return CreateResponse(requestHeader, StatusCodes.Good);
}
catch (ServiceResultException e)
{
Utils.Trace("Server - SESSION CREATE failed. {0}", e.Message);
lock (ServerInternal.DiagnosticsLock)
{
ServerInternal.ServerDiagnostics.RejectedSessionCount++;
ServerInternal.ServerDiagnostics.RejectedRequestsCount++;
if (IsSecurityError(e.StatusCode))
{
ServerInternal.ServerDiagnostics.SecurityRejectedSessionCount++;
ServerInternal.ServerDiagnostics.SecurityRejectedRequestsCount++;
}
}
throw TranslateException((DiagnosticsMasks)requestHeader.ReturnDiagnostics, new StringCollection(), e);
}
finally
{
OnRequestComplete(context);
}
}
/// <summary>
/// Create a new service host for protocols that support only one policy per host.
/// </summary>
/// <param name="hosts">The hosts.</param>
/// <param name="configuration">The configuration.</param>
/// <param name="bindingFactory">The binding factory.</param>
/// <param name="baseAddresses">The base addresses.</param>
/// <param name="serverDescription">The server description.</param>
/// <param name="securityMode">The security mode.</param>
/// <param name="securityPolicyUri">The security policy URI.</param>
/// <param name="basePath">The base path to use when constructing the hosts.</param>
/// <returns>Returns list of descriptions for the EndpointDescription DataType, return type is list of <seealso cref="EndpointDescription"/>.</returns>
protected List<EndpointDescription> CreateSinglePolicyServiceHost(
IDictionary<string, ServiceHost> hosts,
ApplicationConfiguration configuration,
BindingFactory bindingFactory,
IList<string> baseAddresses,
ApplicationDescription serverDescription,
MessageSecurityMode securityMode,
string securityPolicyUri,
string basePath)
{
// generate a unique host name.
string hostName = basePath;
if (hosts.ContainsKey(hostName))
{
hostName += Utils.Format("/{0}", SecurityPolicies.GetDisplayName(securityPolicyUri));
}
if (hosts.ContainsKey(hostName))
{
hostName += Utils.Format("/{0}", securityMode);
}
if (hosts.ContainsKey(hostName))
{
hostName += Utils.Format("/{0}", hosts.Count);
}
// build list of uris.
List<Uri> uris = new List<Uri>();
List<EndpointDescription> endpoints = new List<EndpointDescription>();
string computerName = System.Net.Dns.GetHostName();
for (int ii = 0; ii < baseAddresses.Count; ii++)
{
// UA TCP and HTTPS endpoints have their own host.
if (baseAddresses[ii].StartsWith(Utils.UriSchemeOpcTcp, StringComparison.Ordinal) ||
baseAddresses[ii].StartsWith(Utils.UriSchemeHttps, StringComparison.Ordinal) ||
baseAddresses[ii].StartsWith(Utils.UriSchemeNoSecurityHttp, StringComparison.Ordinal))
{
continue;
}
UriBuilder uri = new UriBuilder(baseAddresses[ii]);
if (String.Compare(uri.Host, "localhost", StringComparison.OrdinalIgnoreCase) == 0)
{
uri.Host = computerName;
}
uri.Path += hostName;
uris.Add(uri.Uri);
// create the endpoint description.
EndpointDescription description = new EndpointDescription();
description.EndpointUrl = uri.ToString();
description.Server = serverDescription;
description.SecurityMode = securityMode;
description.SecurityPolicyUri = securityPolicyUri;
description.TransportProfileUri = Profiles.WsHttpXmlTransport;
description.UserIdentityTokens = GetUserTokenPolicies(configuration, description);
bool requireEncryption = RequireEncryption(description);
if (!requireEncryption)
{
foreach (UserTokenPolicy userTokenPolicy in description.UserIdentityTokens)
{
if (userTokenPolicy.SecurityPolicyUri != SecurityPolicies.None)
{
requireEncryption = true;
break;
}
}
}
if (requireEncryption)
{
if (InstanceCertificate == null)
{
throw new ServiceResultException( StatusCodes.BadConfigurationError,
"Server does not have an instance certificate assigned." );
}
description.ServerCertificate = InstanceCertificate.RawData;
//if (InstanceCertificateChain != null)
//{
// List<byte> certificateChainList = new List<byte>();
// for (int i = 0; i < InstanceCertificateChain.Count; i++)
// {
// certificateChainList.AddRange(InstanceCertificateChain[i].RawData);
// }
// description.ServerCertificate = certificateChainList.ToArray();
//}
}
endpoints.Add(description);
}
// check if nothing to do.
if (uris.Count == 0)
{
return endpoints;
}
// create the host.
ServiceHost serviceHost = CreateServiceHost(this, uris.ToArray());
// create the endpoint configuration to use.
EndpointConfiguration endpointConfiguration = EndpointConfiguration.Create(configuration);
// initialize the host.
serviceHost.InitializeSinglePolicy(
GetServiceContract(),
configuration,
bindingFactory,
endpointConfiguration,
endpoints,
securityMode,
securityPolicyUri);
if (String.IsNullOrEmpty(hostName))
{
serviceHost.InitializeDiscovery(configuration, serverDescription.DiscoveryUrls);
}
// save in server list.
hosts[hostName] = serviceHost;
return endpoints;
}
private void HostNameCTRL_HostConnected(object sender, SelectHostCtrlEventArgs e)
{
try
{
m_hostname = e.Hostname;
ServersCTRL.Initialize(m_hostname, m_configuration);
m_server = null;
OkBTN.Enabled = false;
}
catch (Exception exception)
{
GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception);
}
}
/// <summary>
/// Create a new service host for UA TCP.
/// </summary>
protected List<EndpointDescription> CreateUaTcpServiceHost(
IDictionary<string, ServiceHost> hosts,
ApplicationConfiguration configuration,
BindingFactory bindingFactory,
IList<string> baseAddresses,
ApplicationDescription serverDescription,
List<ServerSecurityPolicy> securityPolicies)
{
// generate a unique host name.
string hostName = String.Empty;
if (hosts.ContainsKey(hostName))
{
hostName = "/Tcp";
}
if (hosts.ContainsKey(hostName))
{
hostName += Utils.Format("/{0}", hosts.Count);
}
// check if the server if configured to use the ANSI C stack.
bool useAnsiCStack = configuration.UseNativeStack;
// build list of uris.
List<Uri> uris = new List<Uri>();
EndpointDescriptionCollection endpoints = new EndpointDescriptionCollection();
// create the endpoint configuration to use.
EndpointConfiguration endpointConfiguration = EndpointConfiguration.Create(configuration);
string computerName = System.Net.Dns.GetHostName();
for (int ii = 0; ii < baseAddresses.Count; ii++)
{
// UA TCP and HTTPS endpoints support multiple policies.
if (!baseAddresses[ii].StartsWith(Utils.UriSchemeOpcTcp, StringComparison.Ordinal))
{
continue;
}
UriBuilder uri = new UriBuilder(baseAddresses[ii]);
if (String.Compare(uri.Host, "localhost", StringComparison.OrdinalIgnoreCase) == 0)
{
uri.Host = computerName;
}
uris.Add(uri.Uri);
foreach (ServerSecurityPolicy policy in securityPolicies)
{
// create the endpoint description.
EndpointDescription description = new EndpointDescription();
description.EndpointUrl = uri.ToString();
description.Server = serverDescription;
description.SecurityMode = policy.SecurityMode;
description.SecurityPolicyUri = policy.SecurityPolicyUri;
description.SecurityLevel = policy.SecurityLevel;
description.UserIdentityTokens = GetUserTokenPolicies( configuration, description );
description.TransportProfileUri = Profiles.UaTcpTransport;
bool requireEncryption = RequireEncryption(description);
if (!requireEncryption)
{
foreach (UserTokenPolicy userTokenPolicy in description.UserIdentityTokens)
{
if (userTokenPolicy.SecurityPolicyUri != SecurityPolicies.None)
{
requireEncryption = true;
break;
}
}
}
if (requireEncryption)
{
description.ServerCertificate = InstanceCertificate.RawData;
//if (InstanceCertificateChain != null)
//{
// List<byte> certificateChainList = new List<byte>();
// for (int i = 0; i < InstanceCertificateChain.Count; i++)
// {
// certificateChainList.AddRange(InstanceCertificateChain[i].RawData);
// }
// description.ServerCertificate = certificateChainList.ToArray();
//}
}
endpoints.Add( description );
}
// create the UA-TCP stack listener.
try
{
TransportListenerSettings settings = new TransportListenerSettings();
settings.Descriptions = endpoints;
settings.Configuration = endpointConfiguration;
settings.ServerCertificate = this.InstanceCertificate;
//settings.ServerCertificateChain = this.InstanceCertificateChain;
settings.CertificateValidator = configuration.CertificateValidator.GetChannelValidator();
settings.NamespaceUris = this.MessageContext.NamespaceUris;
settings.Factory = this.MessageContext.Factory;
ITransportListener listener = null;
Type type = null;
if (useAnsiCStack)
{
type = Type.GetType("Opc.Ua.NativeStack.NativeStackListener,Opc.Ua.NativeStackWrapper");
}
if (useAnsiCStack && type != null)
{
listener = (ITransportListener)Activator.CreateInstance(type);
}
else
{
listener = new Opc.Ua.Bindings.UaTcpChannelListener();
}
listener.Open(
uri.Uri,
settings,
GetEndpointInstance(this));
TransportListeners.Add(listener);
}
catch (Exception e)
{
Utils.Trace(e, "Could not load UA-TCP Stack Listener.");
throw;
}
}
return endpoints;
}
/// <summary>
/// Reads the application description from the GDS.
/// </summary>
private ApplicationDescription Read(NodeId nodeId)
{
NamespaceTable wellKnownNamespaceUris = new NamespaceTable();
wellKnownNamespaceUris.Append(Namespaces.OpcUaGds);
string[] browsePaths = new string[]
{
"1:ApplicationName",
"1:ApplicationType",
"1:ApplicationUri",
"1:ProductUri",
"1:GatewayServerUri",
"1:DiscoveryUrls"
};
List<NodeId> propertyIds = ClientUtils.TranslateBrowsePaths(
ServerCTRL.Session,
nodeId,
wellKnownNamespaceUris,
browsePaths);
ReadValueIdCollection nodesToRead = new ReadValueIdCollection();
foreach (NodeId propertyId in propertyIds)
{
ReadValueId nodeToRead = new ReadValueId();
nodeToRead.NodeId = propertyId;
nodeToRead.AttributeId = Attributes.Value;
nodesToRead.Add(nodeToRead);
}
DataValueCollection results = null;
DiagnosticInfoCollection diagnosticInfos = null;
ServerCTRL.Session.Read(
null,
0,
TimestampsToReturn.Neither,
nodesToRead,
out results,
out diagnosticInfos);
ClientBase.ValidateResponse(results, nodesToRead);
ClientBase.ValidateDiagnosticInfos(diagnosticInfos, nodesToRead);
ApplicationDescription application = new ApplicationDescription();
application.ApplicationName = results[0].GetValue<LocalizedText>(null);
application.ApplicationType = (ApplicationType)results[1].GetValue<int>((int)ApplicationType.Server);
application.ApplicationUri = results[2].GetValue<string>(null);
application.ProductUri = results[3].GetValue<string>(null);
application.GatewayServerUri = results[4].GetValue<string>(null);
string[] discoveryUrls = results[5].GetValue<string[]>(null);
if (discoveryUrls != null)
{
application.DiscoveryUrls = new StringCollection(discoveryUrls);
}
return application;
}
/// <summary>
/// We are ready to create a session. Ensure the data is valid
/// then create the session
/// </summary>
private void btnOK_Click(object sender, System.EventArgs e)
{
ApplicationDescription dpApp;
if ((txtSession.Text == null) || (txtSession.Text == "")) {
MessageBox.Show(this,"Please enter a session name before clicking OK.","No sessionname",MessageBoxButtons.OK,MessageBoxIcon.Information);
return;
}
Microsoft.Win32.RegistryKey regKey = Microsoft.Win32.Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\DirectX\\SDK\\csDPlay");
if (regKey != null) {
regKey.SetValue("DirectPlaySessionName", txtSession.Text);
if (migrateHostCheckBox.Checked)
regKey.SetValue("DirectPlayMigrateHost",1);
else
regKey.SetValue("DirectPlayMigrateHost",0);
if (fastSignedRadio.Checked)
regKey.SetValue("DirectPlaySessionSigning","Fast");
else if (fullSignedRadio.Checked)
regKey.SetValue("DirectPlaySessionSigning","Full");
else
regKey.SetValue("DirectPlaySessionSigning","Disabled");
regKey.Close();
}
dpApp = new ApplicationDescription();
dpApp.GuidApplication = connectionWizard.ApplicationGuid;
dpApp.SessionName = txtSession.Text;
dpApp.Flags = 0;
if (migrateHostCheckBox.Checked)
dpApp.Flags |= SessionFlags.MigrateHost;
if (!useDPNSVRCheckBox.Checked)
dpApp.Flags |= SessionFlags.NoDpnServer;
if (fastSignedRadio.Checked)
dpApp.Flags |= SessionFlags.FastSigned;
else if (fullSignedRadio.Checked)
dpApp.Flags |= SessionFlags.FullSigned;
// Specify the port number if available
if (ConnectWizard.ProviderRequiresPort(deviceAddress.ServiceProvider)) {
if (Port > 0)
deviceAddress.AddComponent(Address.KeyPort, Port);
}
connectionWizard.SetUserInfo();
// Host a game on deviceAddress as described by dpApp
// HostFlags.OkToQueryForAddressing allows DirectPlay to prompt the user
// using a dialog box for any device address information that is missing
peer.Host(dpApp,deviceAddress,HostFlags.OkToQueryForAddressing);
this.DialogResult = DialogResult.OK;
}
private void BrowseCTRL_AfterSelect(object sender, EventArgs e)
{
try
{
if (ServerCTRL.Session == null)
{
return;
}
ushort namespaceIndex = (ushort)ServerCTRL.Session.NamespaceUris.GetIndex(Opc.Ua.Namespaces.OpcUaGds);
NodeId typeId = new NodeId(GdsId_ApplicationElementType, namespaceIndex);
ReferenceDescription reference = BrowseCTRL.SelectedNode;
if (reference != null)
{
if (reference.TypeDefinition == typeId)
{
m_application = Read((NodeId)reference.NodeId);
OkBTN.Enabled = m_application.ApplicationType == ApplicationType.Server || m_application.ApplicationType == ApplicationType.ClientAndServer;
return;
}
}
m_application = null;
OkBTN.Enabled = false;
}
catch (Exception exception)
{
ClientUtils.HandleException(this.Text, exception);
}
}
private void ServersCTRL_ItemsPicked(object sender, ListItemActionEventArgs e)
{
try
{
m_server = null;
foreach (ApplicationDescription server in e.Items)
{
m_server = server;
break;
}
}
catch (Exception exception)
{
GuiUtils.HandleException(String.Empty, GuiUtils.CallerName(), exception);
}
}
/// <summary>
/// We either want to start or stop searching
/// </summary>
private void btnSearch_Click(object sender, System.EventArgs e)
{
if (!isSearching)
{
if( hostAddress != null )
hostAddress.Dispose();
hostAddress = new Address();
hostAddress.ServiceProvider = deviceAddress.ServiceProvider;
// See if we should prompt the user for the remote address
if (ConnectWizard.ProviderRequiresPort(hostAddress.ServiceProvider))
{
AddressForm addressDialog = new AddressForm(connectionWizard.DefaultPort);
addressDialog.ShowDialog(this);
// If the user cancelled the address form, abort the search
if (addressDialog.DialogResult != DialogResult.OK)
return;
// If a port was specified, add the component
if (addressDialog.Hostname != "")
hostAddress.AddComponent(Address.KeyHostname, addressDialog.Hostname);
// If a hostname was specified, add the component
if (addressDialog.Port > 0)
hostAddress.AddComponent(Address.KeyPort, addressDialog.Port);
}
//Time to enum our hosts
ApplicationDescription desc = new ApplicationDescription();
desc.GuidApplication = connectionWizard.ApplicationGuid;
// If the user was not already asked for address information, DirectPlay
// should prompt with native UI
FindHostsFlags flags = 0;
if (!ConnectWizard.ProviderRequiresPort(deviceAddress.ServiceProvider))
flags = FindHostsFlags.OkToQueryForAddressing;
peer.FindHosts(desc,hostAddress,deviceAddress,null,Timeout.Infinite,0,Timeout.Infinite, flags, out findHostHandle);
isSearching = true;
btnCreate.Enabled = false;
btnSearch.Text = "Stop Search";
}
else
{
btnSearch.Text = "Stopping...";
btnSearch.Enabled = false;
if (findHostHandle != 0)
peer.CancelAsyncOperation(findHostHandle);
}
}
private void ServersCTRL_ItemsSelected(object sender, ListItemActionEventArgs e)
{
try
{
m_server = null;
foreach (ApplicationDescription server in e.Items)
{
m_server = server;
break;
}
OkBTN.Enabled = m_server != null;
}
catch (Exception exception)
{
GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception);
}
}
/// <summary>
/// Creates a new session.
/// </summary>
public virtual Session CreateSession(
OperationContext context,
X509Certificate2 serverCertificate,
string sessionName,
byte[] clientNonce,
ApplicationDescription clientDescription,
string endpointUrl,
X509Certificate2 clientCertificate,
double requestedSessionTimeout,
uint maxResponseMessageSize,
out NodeId sessionId,
out NodeId authenticationToken,
out byte[] serverNonce,
out double revisedSessionTimeout)
{
sessionId = 0;
revisedSessionTimeout = requestedSessionTimeout;
Session session = null;
IBuffer buffer = null;
lock (m_lock)
{
// check session count.
if (m_maxSessionCount > 0 && m_sessions.Count >= m_maxSessionCount)
{
throw new ServiceResultException(StatusCodes.BadTooManySessions);
}
// can assign a simple identifier if secured.
authenticationToken = null;
if (!String.IsNullOrEmpty(context.ChannelContext.SecureChannelId))
{
if (context.ChannelContext.EndpointDescription.SecurityMode != MessageSecurityMode.None)
{
authenticationToken = Utils.IncrementIdentifier(ref m_lastSessionId);
}
}
// must assign a hard-to-guess id if not secured.
if (authenticationToken == null)
{
byte[] token = new byte[32];
buffer = CryptographicBuffer.GenerateRandom(32);
CryptographicBuffer.CopyToByteArray(buffer, out token);
authenticationToken = new NodeId(token);
}
// determine session timeout.
if (requestedSessionTimeout > m_maxSessionTimeout)
{
revisedSessionTimeout = m_maxSessionTimeout;
}
if (requestedSessionTimeout < m_minSessionTimeout)
{
revisedSessionTimeout = m_minSessionTimeout;
}
// create server nonce.
serverNonce = new byte[m_minNonceLength];
buffer = CryptographicBuffer.GenerateRandom((uint) m_minNonceLength);
CryptographicBuffer.CopyToByteArray(buffer, out serverNonce);
// assign client name.
if (String.IsNullOrEmpty(sessionName))
{
sessionName = Utils.Format("Session {0}", sessionId);
}
// create instance of session.
session = CreateSession(
context,
m_server,
serverCertificate,
authenticationToken,
serverNonce,
sessionName,
clientDescription,
endpointUrl,
clientCertificate,
revisedSessionTimeout,
maxResponseMessageSize,
m_maxRequestAge,
m_maxBrowseContinuationPoints);
// get the session id.
sessionId = session.Id;
// save session.
m_sessions.Add(authenticationToken, session);
}
// raise session related event.
RaiseSessionEvent(session, SessionEventReason.Created);
// return session.
return session;
}
private void HostNameCTRL_HostSelected(object sender, SelectHostCtrlEventArgs e)
{
try
{
if (m_hostname != e.Hostname)
{
m_hostname = e.Hostname;
ServersCTRL.Initialize(m_hostname, m_configuration);
m_server = null;
OkBTN.IsEnabled = false;
}
}
catch (Exception exception)
{
GuiUtils.HandleException(String.Empty, GuiUtils.CallerName(), exception);
}
}
/// <summary>
/// Translates the discovery URLs based on the client url and returns an updated ApplicationDescription.
/// </summary>
/// <param name="clientUrl">The client URL.</param>
/// <param name="description">The application description.</param>
/// <param name="baseAddresses">The base addresses.</param>
/// <param name="applicationName">The localized application name.</param>
/// <returns>A copy of the application description</returns>
protected ApplicationDescription TranslateApplicationDescription(
Uri clientUrl,
ApplicationDescription description,
IList<BaseAddress> baseAddresses,
LocalizedText applicationName)
{
// get the discovery urls.
StringCollection discoveryUrls = new StringCollection();
foreach (BaseAddress baseAddress in baseAddresses)
{
discoveryUrls.Add(GetBestDiscoveryUrl(clientUrl, baseAddress));
}
// copy the description.
ApplicationDescription copy = new ApplicationDescription();
copy.ApplicationName = description.ApplicationName;
copy.ApplicationUri = description.ApplicationUri;
copy.ApplicationType = description.ApplicationType;
copy.ProductUri = description.ProductUri;
copy.GatewayServerUri = description.DiscoveryProfileUri;
copy.DiscoveryUrls = discoveryUrls;
if (!LocalizedText.IsNullOrEmpty(applicationName))
{
copy.ApplicationName = applicationName;
}
// return the copy.
return copy;
}
/// <summary>
/// try to create application
/// </summary>
/// <returns>true if successful</returns>
public bool TryApplicationCreate()
{
this.LastException = null;
if (!this.IsClusterRunning)
{
return false;
}
if (this.control.Package.ApplicationAddress == null)
{
log.Error("ApplicationAddress is null");
return false;
}
if (this.control.Package.ApplicationTypeName == null)
{
log.Error("ApplicationTypeName is null");
return false;
}
if (this.control.Package.ApplicationVersion == null)
{
log.Error("ApplicationVersion is null");
return false;
}
NameValueCollection nvc = GetApplicationParameters(this.control.Package);
ApplicationDescription d = new ApplicationDescription(new Uri(this.control.Package.ApplicationAddress), this.control.Package.ApplicationTypeName, this.control.Package.ApplicationVersion, nvc);
int retryLimit = Defaults.WaitRetryLimit;
while (retryLimit-- > 0)
{
try
{
this.fc.ApplicationManager
.CreateApplicationAsync(d, Defaults.WaitDelay, CancellationToken.None)
.Wait();
log.Info("Application create successful");
return true;
}
catch (AggregateException ae)
{
this.LastException = ae;
if (!this.IsRetry("CreateApplication", ae.InnerException))
{
return false;
}
}
catch (Exception e)
{
this.LastException = e;
if (!this.IsRetry("CreateApplication", e))
{
return false;
}
}
log.Info("Application create failed, retrying...");
Task.Delay(Defaults.WaitDelay).Wait();
}
log.Error("CreateApplication failed too many times");
return false;
}
