/// <summary> /// Encrypts the DecryptedPassword using the EncryptionAlgorithm and places the result in Password /// </summary> public override void Encrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri) { if (m_decryptedPassword == null) { m_password = null; return; } // handle no encryption. if (String.IsNullOrEmpty(securityPolicyUri) || securityPolicyUri == SecurityPolicies.None) { m_password = new UTF8Encoding().GetBytes(DecryptedPassword); m_encryptionAlgorithm = null; return; } // encrypt the password. byte[] dataToEncrypt = Utils.Append(new UTF8Encoding().GetBytes(DecryptedPassword), senderNonce); EncryptedData encryptedData = SecurityPolicies.Encrypt( certificate, securityPolicyUri, dataToEncrypt); m_password = encryptedData.Data; m_encryptionAlgorithm = encryptedData.Algorithm; }
/// <summary> /// Verifies a signature created with the token. /// </summary> public override bool Verify(byte[] dataToVerify, SignatureData signatureData, string securityPolicyUri) { try { X509Certificate2 certificate = m_certificate; if (certificate == null) { certificate = CertificateFactory.Create(m_certificateData, true); } bool valid = SecurityPolicies.Verify( certificate, securityPolicyUri, dataToVerify, signatureData); m_certificateData = certificate.RawData; return(valid); } catch (Exception e) { throw ServiceResultException.Create(StatusCodes.BadIdentityTokenInvalid, e, "Could not verify user signature!"); } }
/// <summary> /// Decrypts the Password using the EncryptionAlgorithm and places the result in DecryptedPassword /// </summary> public override void Decrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri) { EncryptedData encryptedData = new EncryptedData(); encryptedData.Data = m_tokenData; encryptedData.Algorithm = m_encryptionAlgorithm; byte[] decryptedTokenData = SecurityPolicies.Decrypt( certificate, securityPolicyUri, encryptedData); // verify the sender's nonce. int startOfNonce = decryptedTokenData.Length; if (senderNonce != null) { startOfNonce -= senderNonce.Length; for (int ii = 0; ii < senderNonce.Length; ii++) { if (senderNonce[ii] != decryptedTokenData[ii + startOfNonce]) { throw new ServiceResultException(StatusCodes.BadSecurityChecksFailed); } } } // copy results. m_decryptedTokenData = new byte[startOfNonce]; Array.Copy(decryptedTokenData, m_decryptedTokenData, startOfNonce); }
/// <summary> /// Encrypts the DecryptedTokenData using the EncryptionAlgorithm and places the result in Password /// </summary> public override void Encrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri) { byte[] dataToEncrypt = Utils.Append(m_decryptedTokenData, senderNonce); EncryptedData encryptedData = SecurityPolicies.Encrypt( certificate, securityPolicyUri, dataToEncrypt); m_tokenData = encryptedData.Data; m_encryptionAlgorithm = encryptedData.Algorithm; }
/// <summary> /// Returns the string representation of the object. /// </summary> /// <param name="format">(Unused). Always pass NULL/NOTHING</param> /// <param name="formatProvider">(Unused). Always pass NULL/NOTHING</param> /// <exception cref="FormatException">Thrown if non-null parameters are used</exception> public string ToString(string format, IFormatProvider formatProvider) { if (format == null) { return(Utils.Format( "{0} - [{1}:{2}:{3}]", m_description.EndpointUrl, m_description.SecurityMode, SecurityPolicies.GetDisplayName(m_description.SecurityPolicyUri), (m_configuration != null && m_configuration.UseBinaryEncoding)?"Binary":"XML")); } throw new FormatException(Utils.Format("Invalid format string: '{0}'.", format)); }
/// <summary> /// Decrypts the Password using the EncryptionAlgorithm and places the result in DecryptedPassword /// </summary> public override void Decrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri) { // handle no encryption. if (String.IsNullOrEmpty(securityPolicyUri) || securityPolicyUri == SecurityPolicies.None) { m_decryptedPassword = new UTF8Encoding().GetString(m_password, 0, m_password.Length); return; } // decrypt. EncryptedData encryptedData = new EncryptedData(); encryptedData.Data = m_password; encryptedData.Algorithm = m_encryptionAlgorithm; byte[] decryptedPassword = SecurityPolicies.Decrypt( certificate, securityPolicyUri, encryptedData); if (decryptedPassword == null) { m_decryptedPassword = null; return; } // verify the sender's nonce. int startOfNonce = decryptedPassword.Length; if (senderNonce != null) { startOfNonce -= senderNonce.Length; int result = 0; for (int ii = 0; ii < senderNonce.Length; ii++) { result |= senderNonce[ii] ^ decryptedPassword[ii + startOfNonce]; } if (result != 0) { throw new ServiceResultException(StatusCodes.BadIdentityTokenRejected); } } // convert to UTF-8. m_decryptedPassword = new UTF8Encoding().GetString(decryptedPassword, 0, startOfNonce); }
/// <summary> /// Creates a signature with the token. /// </summary> public override SignatureData Sign(byte[] dataToSign, string securityPolicyUri) { X509Certificate2 certificate = m_certificate; if (certificate == null) { certificate = CertificateFactory.Create(m_certificateData, true); } SignatureData signatureData = SecurityPolicies.Sign( certificate, securityPolicyUri, dataToSign); m_certificateData = certificate.GetRawCertData(); return(signatureData); }
/// <summary> /// Creates a signature with the token. /// </summary> public override SignatureData Sign(byte[] dataToSign, string securityPolicyUri) { X509Certificate2 certificate = m_certificate; if (certificate == null) { certificate = new X509Certificate2(m_certificateData); } SignatureData signatureData = SecurityPolicies.Sign( certificate, securityPolicyUri, dataToSign); m_certificateData = certificate.RawData; return(signatureData); }
/// <summary> /// Verifies a signature created with the token. /// </summary> public override bool Verify(byte[] dataToVerify, SignatureData signatureData, string securityPolicyUri) { X509Certificate2 certificate = m_certificate; if (certificate == null) { certificate = CertificateFactory.Create(m_certificateData, true); } bool valid = SecurityPolicies.Verify( certificate, securityPolicyUri, dataToVerify, signatureData); m_certificateData = certificate.GetRawCertData(); return(valid); }
/// <summary> /// Verifies a signature created with the token. /// </summary> public override bool Verify(byte[] dataToVerify, SignatureData signatureData, string securityPolicyUri) { X509Certificate2 certificate = m_certificate; if (certificate == null) { certificate = new X509Certificate2(m_certificateData); } bool valid = SecurityPolicies.Verify( certificate, securityPolicyUri, dataToVerify, signatureData); m_certificateData = certificate.RawData; return(valid); }
/// <summary> /// Encrypts the DecryptedTokenData using the EncryptionAlgorithm and places the result in Password /// </summary> public override void Encrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri) { // handle no encryption. if (String.IsNullOrEmpty(securityPolicyUri) || securityPolicyUri == SecurityPolicies.None) { m_tokenData = m_decryptedTokenData; m_encryptionAlgorithm = String.Empty; return; } byte[] dataToEncrypt = Utils.Append(m_decryptedTokenData, senderNonce); EncryptedData encryptedData = SecurityPolicies.Encrypt( certificate, securityPolicyUri, dataToEncrypt); m_tokenData = encryptedData.Data; m_encryptionAlgorithm = encryptedData.Algorithm; }
/// <summary> /// Decrypts the Password using the EncryptionAlgorithm and places the result in DecryptedPassword /// </summary> public override void Decrypt(X509Certificate2 certificate, byte[] senderNonce, string securityPolicyUri) { // handle no encryption. if (String.IsNullOrEmpty(securityPolicyUri) || securityPolicyUri == SecurityPolicies.None) { m_decryptedTokenData = m_tokenData; return; } EncryptedData encryptedData = new EncryptedData(); encryptedData.Data = m_tokenData; encryptedData.Algorithm = m_encryptionAlgorithm; byte[] decryptedTokenData = SecurityPolicies.Decrypt( certificate, securityPolicyUri, encryptedData); // verify the sender's nonce. int startOfNonce = decryptedTokenData.Length; if (senderNonce != null) { startOfNonce -= senderNonce.Length; for (int ii = 0; ii < senderNonce.Length; ii++) { if (senderNonce[ii] != decryptedTokenData[ii + startOfNonce]) { throw new ServiceResultException(StatusCodes.BadIdentityTokenRejected); } } } // copy results. m_decryptedTokenData = new byte[startOfNonce]; Array.Copy(decryptedTokenData, m_decryptedTokenData, startOfNonce); }
/// <summary> /// Creates a new endpoint from a url that is not part of the collection. /// </summary> /// <remarks> /// Call the Add() method to add it to the collection. /// </remarks> public ConfiguredEndpoint Create(string url) { // check for security parameters appended to the URL string parameters = null; int index = url.IndexOf("- [", StringComparison.Ordinal); if (index != -1) { parameters = url.Substring(index + 3); url = url.Substring(0, index).Trim(); } MessageSecurityMode securityMode = MessageSecurityMode.SignAndEncrypt; string securityPolicyUri = SecurityPolicies.Basic128Rsa15; bool useBinaryEncoding = true; if (!String.IsNullOrEmpty(parameters)) { string[] fields = parameters.Split(new char[] { '-', '[', ':', ']' }, StringSplitOptions.RemoveEmptyEntries); try { if (fields.Length > 0) { securityMode = (MessageSecurityMode)Enum.Parse(typeof(MessageSecurityMode), fields[0], false); } else { securityMode = MessageSecurityMode.None; } } catch { securityMode = MessageSecurityMode.None; } try { if (fields.Length > 1) { securityPolicyUri = SecurityPolicies.GetUri(fields[1]); } else { securityPolicyUri = SecurityPolicies.None; } } catch { securityPolicyUri = SecurityPolicies.None; } try { if (fields.Length > 2) { useBinaryEncoding = fields[2] == "Binary"; } else { useBinaryEncoding = false; } } catch { useBinaryEncoding = false; } } Uri uri = new Uri(url); EndpointDescription description = new EndpointDescription(); description.EndpointUrl = uri.ToString(); description.SecurityMode = securityMode; description.SecurityPolicyUri = securityPolicyUri; description.Server.ApplicationUri = Utils.UpdateInstanceUri(uri.ToString()); description.Server.ApplicationName = uri.AbsolutePath; if (description.EndpointUrl.StartsWith(Utils.UriSchemeOpcTcp, StringComparison.Ordinal)) { description.TransportProfileUri = Profiles.UaTcpTransport; description.Server.DiscoveryUrls.Add(description.EndpointUrl); } else if (description.EndpointUrl.StartsWith(Utils.UriSchemeHttps, StringComparison.Ordinal)) { description.TransportProfileUri = Profiles.HttpsBinaryTransport; description.Server.DiscoveryUrls.Add(description.EndpointUrl); } ConfiguredEndpoint endpoint = new ConfiguredEndpoint(this, description, null); endpoint.Configuration.UseBinaryEncoding = useBinaryEncoding; endpoint.UpdateBeforeConnect = true; return(endpoint); }