/// <summary> /// Validates a software certificate. /// </summary> public static ServiceResult Validate( CertificateValidator validator, byte[] signedCertificate, out SoftwareCertificate softwareCertificate) { softwareCertificate = null; // validate the certificate. X509Certificate2 certificate = null; try { certificate = CertificateFactory.Create(signedCertificate, true); validator.Validate(certificate); } catch (Exception e) { return ServiceResult.Create(e, StatusCodes.BadDecodingError, "Could not decode software certificate body."); } // find the software certficate. byte[] encodedData = null; foreach (X509Extension extension in certificate.Extensions) { if (extension.Oid.Value == "0.0.0.0.0") { encodedData = extension.RawData; break; } } if (encodedData == null) { return ServiceResult.Create(StatusCodes.BadCertificateInvalid, "Could not find extension containing the software certficate."); } try { MemoryStream istrm = new MemoryStream(encodedData, false); DataContractSerializer serializer = new DataContractSerializer(typeof(SoftwareCertificate)); softwareCertificate = (SoftwareCertificate)serializer.ReadObject(istrm); softwareCertificate.SignedCertificate = certificate; } catch (Exception e) { return ServiceResult.Create(e, StatusCodes.BadCertificateInvalid, "Certificate does not contain a valid SoftwareCertificate body."); } // certificate is valid. return ServiceResult.Good; }
/// <summary> /// Validates a software certificate. /// </summary> public static ServiceResult Validate( CertificateValidator validator, byte[] signedCertificate, out SoftwareCertificate softwareCertificate) { softwareCertificate = null; // validate the certificate. X509Certificate2 certificate = null; try { certificate = new X509Certificate2(signedCertificate); validator.Validate(certificate); } catch (Exception e) { return(ServiceResult.Create(e, StatusCodes.BadDecodingError, "Could not decode software certificate body.")); } // find the software certficate. byte[] encodedData = null; if (encodedData == null) { return(ServiceResult.Create(StatusCodes.BadCertificateInvalid, "Could not find extension containing the software certficate.")); } try { MemoryStream istrm = new MemoryStream(encodedData, false); DataContractSerializer serializer = new DataContractSerializer(typeof(SoftwareCertificate)); softwareCertificate = (SoftwareCertificate)serializer.ReadObject(istrm); softwareCertificate.SignedCertificate = certificate; } catch (Exception e) { return(ServiceResult.Create(e, StatusCodes.BadCertificateInvalid, "Certificate does not contain a valid SoftwareCertificate body.")); } // certificate is valid. return(ServiceResult.Good); }
/// <summary> /// Called when a certificate cannot be validated. /// </summary> /// <param name="sender">The sender.</param> /// <param name="e">The <see cref="Opc.Ua.CertificateValidationEventArgs"/> instance containing the event data.</param> void CertificateValidator_CertificateValidation(CertificateValidator sender, CertificateValidationEventArgs e) { // need to dispatch to the main UI thread. if (InvokeRequired) { Invoke(new CertificateValidationEventHandler(CertificateValidator_CertificateValidation), sender, e); return; } try { e.Accept = true; /* // prompt user. switch (new AcceptCertificateDlg().ShowDialog(e)) { case AcceptCertificateOptions.AcceptAlwaysForAll: case AcceptCertificateOptions.AcceptAlwaysForCurrent: case AcceptCertificateOptions.AcceptOnceForCurrent: { // TBD - update configuration to make the acceptance permenent. e.Accept = true; break; } case AcceptCertificateOptions.RejectAlways: { // TBD - update configuration to make the rejection permenent. e.Accept = false; break; } } */ } catch (Exception exception) { MessageBox.Show(exception.Message); } }
public WcfValidatorWrapper(CertificateValidator validator) { m_validator = validator; }
/// <summary> /// Handles an error validating the server certificate. /// </summary> /// <remarks> /// Applications should never accept certificates silently. Doing do will create the illusion of security /// that will come back to haunt the vendor in the future. Compliance tests by the OPC Foundation will /// fail products that silently accept untrusted certificates. /// </remarks> static void CertificateValidator_CertificateValidation(CertificateValidator validator, CertificateValidationEventArgs e) { e.Accept = true; Console.WriteLine("WARNING: Accepting Untrusted Certificate: {0}", e.Certificate.Subject); }
/// <summary> /// Ensures that the application configuration is valid. /// </summary> /// <param name="applicationType">Type of the application.</param> public virtual async Task Validate(ApplicationType applicationType) { if (String.IsNullOrEmpty(ApplicationName)) { throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "ApplicationName must be specified."); } if (SecurityConfiguration == null) { throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "SecurityConfiguration must be specified."); } SecurityConfiguration.Validate(); // generate a default uri if null if (String.IsNullOrEmpty(ApplicationUri)) { StringBuilder buffer = new StringBuilder(); buffer.Append("urn:"); buffer.Append(Utils.GetHostName()); buffer.Append(":"); buffer.Append(ApplicationName); m_applicationUri = buffer.ToString(); } // load app cert await SecurityConfiguration.ApplicationCertificate.LoadApplicationCertificate(m_applicationUri, null); if (applicationType == ApplicationType.Client || applicationType == ApplicationType.ClientAndServer) { if (ClientConfiguration == null) { throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "ClientConfiguration must be specified."); } ClientConfiguration.Validate(); } if (applicationType == ApplicationType.Server || applicationType == ApplicationType.ClientAndServer) { if (ServerConfiguration == null) { throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "ServerConfiguration must be specified."); } ServerConfiguration.Validate(); } if (applicationType == ApplicationType.DiscoveryServer) { if (DiscoveryServerConfiguration == null) { throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "DiscoveryServerConfiguration must be specified."); } DiscoveryServerConfiguration.Validate(); } // toggle the state of the hi-res clock. HiResClock.Disabled = m_disableHiResClock; if (m_disableHiResClock) { if (m_serverConfiguration != null) { if (m_serverConfiguration.PublishingResolution < 50) { m_serverConfiguration.PublishingResolution = 50; } } } // create the certificate validator. m_certificateValidator = new CertificateValidator(); await m_certificateValidator.Update(this.SecurityConfiguration); }
/// <summary> /// Prompts the user to accept an untrusted certificate. /// </summary> private void CertificateValidator_CertificateValidation(CertificateValidator sender, CertificateValidationEventArgs e) { if (this.InvokeRequired) { this.Invoke(new CertificateValidationEventHandler(CertificateValidator_CertificateValidation), sender, e); return; } try { DialogResult result = MessageBox.Show( e.Certificate.Subject, "Untrusted Certificate", MessageBoxButtons.YesNo, MessageBoxIcon.Warning); e.Accept = (result == DialogResult.Yes); } catch (Exception exception) { MessageBox.Show(exception.Message, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error); } }
private void validateCerts(Opc.Ua.CertificateValidator sender, Opc.Ua.CertificateValidationEventArgs e) { e.Accept = true; }
/// <summary> /// Handles a certificate validation error. /// </summary> private static void CertificateValidator_CertificateValidation(CertificateValidator validator, CertificateValidationEventArgs e) { try { if (e.Error != null && e.Error.Code == StatusCodes.BadCertificateUntrusted) { e.Accept = true; Utils.Trace((int)Utils.TraceMasks.Security, "Automatically accepted certificate: {0}", e.Certificate.Subject); } } catch (Exception exception) { Utils.Trace(exception, "Error accepting certificate."); } }
/// <summary> /// Uses the UA validation logic for HTTPS certificates. /// </summary> /// <param name="validator">The validator.</param> public static void SetUaValidationForHttps(CertificateValidator validator) { m_validator = validator; System.Net.ServicePointManager.ServerCertificateValidationCallback = HttpsCertificateValidation; }
private static void CertificateValidator_CertificateValidation(CertificateValidator validator, CertificateValidationEventArgs e) { if (e.Error.StatusCode == StatusCodes.BadCertificateUntrusted) { e.Accept = false; Console.WriteLine("Rejected Certificate: {0}", e.Certificate.Subject); } }
/// <summary> /// Always accept server certificates. /// </summary> void CertificateValidator_CertificateValidation(CertificateValidator validator, CertificateValidationEventArgs e) { e.Accept = true; }
/// <summary> /// Handles a certificate validation error. /// </summary> private void CertificateValidator_CertificateValidation(CertificateValidator sender, CertificateValidationEventArgs e) { if (this.InvokeRequired) { this.Invoke(new CertificateValidationEventHandler(CertificateValidator_CertificateValidation), sender, e); return; } try { e.Accept = m_configuration.SecurityConfiguration.AutoAcceptUntrustedCertificates; if (!m_configuration.SecurityConfiguration.AutoAcceptUntrustedCertificates) { DialogResult result = MessageBox.Show( e.Certificate.Subject, "Untrusted Certificate", MessageBoxButtons.YesNo, MessageBoxIcon.Warning); e.Accept = (result == DialogResult.Yes); } } catch (Exception exception) { ClientUtils.HandleException(this.Text, exception); } }
/// <summary> /// Ensures that the application configuration is valid. /// </summary> /// <param name="applicationType">Type of the application.</param> public virtual void Validate(ApplicationType applicationType) { if (String.IsNullOrEmpty(ApplicationName)) { throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "ApplicationName must be specified."); } #if !SILVERLIGHT if (SecurityConfiguration == null) { throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "SecurityConfiguration must be specified."); } SecurityConfiguration.Validate(); // ensure application uri matches the certificate. X509Certificate2 certificate = SecurityConfiguration.ApplicationCertificate.LoadPrivateKey(null); if (certificate != null) { ApplicationUri = Utils.GetApplicationUriFromCertficate(certificate); } #endif // generate a default uri. if (String.IsNullOrEmpty(ApplicationUri)) { StringBuilder buffer = new StringBuilder(); buffer.Append("urn:"); buffer.Append(System.Net.Dns.GetHostName()); buffer.Append(":"); buffer.Append(ApplicationName); m_applicationUri = buffer.ToString(); } if (applicationType == ApplicationType.Client || applicationType == ApplicationType.ClientAndServer) { if (ClientConfiguration == null) { throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "ClientConfiguration must be specified."); } ClientConfiguration.Validate(); } if (applicationType == ApplicationType.Server || applicationType == ApplicationType.ClientAndServer) { if (ServerConfiguration == null) { throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "ServerConfiguration must be specified."); } ServerConfiguration.Validate(); } if (applicationType == ApplicationType.DiscoveryServer) { if (DiscoveryServerConfiguration == null) { throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "DiscoveryServerConfiguration must be specified."); } DiscoveryServerConfiguration.Validate(); } // toggle the state of the hi-res clock. HiResClock.Disabled = m_disableHiResClock; if (m_disableHiResClock) { if (m_serverConfiguration != null) { if (m_serverConfiguration.PublishingResolution < 50) { m_serverConfiguration.PublishingResolution = 50; } } } #if !SILVERLIGHT // create the certificate validator. m_certificateValidator = new CertificateValidator(); m_certificateValidator.Update(this.SecurityConfiguration); #endif }
/// <summary> /// Handles a certificate validation error. /// </summary> void CertificateValidator_CertificateValidation(CertificateValidator validator, CertificateValidationEventArgs e) { try { Opc.Ua.Client.Controls.GuiUtils.HandleCertificateValidationError(this, validator, e); } catch (Exception exception) { Opc.Ua.Client.Controls.GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
/// <summary> /// Handles a certificate validation error. /// </summary> private void CertificateValidator_CertificateValidation(CertificateValidator sender, CertificateValidationEventArgs e) { e.Accept = true; }