/// <summary> /// Sets private members to default values. /// </summary> private void Initialize() { m_productUri = null; m_manufacturerName = null; m_productName = null; m_softwareVersion = null; m_buildNumber = null; m_buildDate = DateTime.MinValue; m_datatypeAssemblies = new StringCollection(); m_softwareCertificates = new SignedSoftwareCertificateCollection(); }
/// <summary> /// The default constructor. /// </summary> public ServerProperties() { m_productUri = String.Empty; m_manufacturerName = String.Empty; m_productName = String.Empty; m_softwareVersion = String.Empty; m_buildNumber = String.Empty; m_buildDate = DateTime.MinValue; m_datatypeAssemblies = new StringCollection(); m_softwareCertificates = new SignedSoftwareCertificateCollection(); }
/// <summary> /// Invokes the ActivateSession service. /// </summary> public virtual ResponseHeader ActivateSession( RequestHeader requestHeader, SignatureData clientSignature, SignedSoftwareCertificateCollection clientSoftwareCertificates, StringCollection localeIds, ExtensionObject userIdentityToken, SignatureData userTokenSignature, out byte[] serverNonce, out StatusCodeCollection results, out DiagnosticInfoCollection diagnosticInfos) { serverNonce = null; results = null; diagnosticInfos = null; ValidateRequest(requestHeader); // Insert implementation. return(CreateResponse(requestHeader, StatusCodes.BadServiceUnsupported)); }
/// <summary> /// Invokes the CreateSession service. /// </summary> public virtual ResponseHeader CreateSession( RequestHeader requestHeader, ApplicationDescription clientDescription, string serverUri, string endpointUrl, string sessionName, byte[] clientNonce, byte[] clientCertificate, double requestedSessionTimeout, uint maxResponseMessageSize, out NodeId sessionId, out NodeId authenticationToken, out double revisedSessionTimeout, out byte[] serverNonce, out byte[] serverCertificate, out EndpointDescriptionCollection serverEndpoints, out SignedSoftwareCertificateCollection serverSoftwareCertificates, out SignatureData serverSignature, out uint maxRequestMessageSize) { sessionId = null; authenticationToken = null; revisedSessionTimeout = 0; serverNonce = null; serverCertificate = null; serverEndpoints = null; serverSoftwareCertificates = null; serverSignature = null; maxRequestMessageSize = 0; ValidateRequest(requestHeader); // Insert implementation. return(CreateResponse(requestHeader, StatusCodes.BadServiceUnsupported)); }
/// <summary> /// Invokes the ActivateSession service. /// </summary> public virtual ResponseHeader ActivateSession( RequestHeader requestHeader, SignatureData clientSignature, SignedSoftwareCertificateCollection clientSoftwareCertificates, StringCollection localeIds, ExtensionObject userIdentityToken, SignatureData userTokenSignature, out byte[] serverNonce, out StatusCodeCollection results, out DiagnosticInfoCollection diagnosticInfos) { serverNonce = null; results = null; diagnosticInfos = null; ValidateRequest(requestHeader); // Insert implementation. return CreateResponse(requestHeader, StatusCodes.BadServiceUnsupported); }
/// <summary> /// Invokes the CreateSession service. /// </summary> public virtual ResponseHeader CreateSession( RequestHeader requestHeader, ApplicationDescription clientDescription, string serverUri, string endpointUrl, string sessionName, byte[] clientNonce, byte[] clientCertificate, double requestedSessionTimeout, uint maxResponseMessageSize, out NodeId sessionId, out NodeId authenticationToken, out double revisedSessionTimeout, out byte[] serverNonce, out byte[] serverCertificate, out EndpointDescriptionCollection serverEndpoints, out SignedSoftwareCertificateCollection serverSoftwareCertificates, out SignatureData serverSignature, out uint maxRequestMessageSize) { sessionId = null; authenticationToken = null; revisedSessionTimeout = 0; serverNonce = null; serverCertificate = null; serverEndpoints = null; serverSoftwareCertificates = null; serverSignature = null; maxRequestMessageSize = 0; ValidateRequest(requestHeader); // Insert implementation. return CreateResponse(requestHeader, StatusCodes.BadServiceUnsupported); }
/// <summary> /// Invokes the ActivateSession service. /// </summary> /// <param name="requestHeader">The request header.</param> /// <param name="clientSignature">The client signature.</param> /// <param name="clientSoftwareCertificates">The client software certificates.</param> /// <param name="localeIds">The locale ids.</param> /// <param name="userIdentityToken">The user identity token.</param> /// <param name="userTokenSignature">The user token signature.</param> /// <param name="serverNonce">The server nonce.</param> /// <param name="results">The results.</param> /// <param name="diagnosticInfos">The diagnostic infos.</param> /// <returns> /// Returns a <see cref="ResponseHeader"/> object /// </returns> public override ResponseHeader ActivateSession( RequestHeader requestHeader, SignatureData clientSignature, SignedSoftwareCertificateCollection clientSoftwareCertificates, StringCollection localeIds, ExtensionObject userIdentityToken, SignatureData userTokenSignature, out byte[] serverNonce, out StatusCodeCollection results, out DiagnosticInfoCollection diagnosticInfos) { serverNonce = null; results = null; diagnosticInfos = null; OperationContext context = ValidateRequest(requestHeader, RequestType.ActivateSession); try { // validate client's software certificates. List<SoftwareCertificate> softwareCertificates = new List<SoftwareCertificate>(); if (context.SecurityPolicyUri != SecurityPolicies.None) { bool diagnosticsExist = false; if ((context.DiagnosticsMask & DiagnosticsMasks.OperationAll) != 0) { diagnosticInfos = new DiagnosticInfoCollection(); } results = new StatusCodeCollection(); diagnosticInfos = new DiagnosticInfoCollection(); foreach (SignedSoftwareCertificate signedCertificate in clientSoftwareCertificates) { SoftwareCertificate softwareCertificate = null; ServiceResult result = SoftwareCertificate.Validate( new CertificateValidator(), signedCertificate.CertificateData, out softwareCertificate); if (ServiceResult.IsBad(result)) { results.Add(result.Code); // add diagnostics if requested. if ((context.DiagnosticsMask & DiagnosticsMasks.OperationAll) != 0) { DiagnosticInfo diagnosticInfo = ServerUtils.CreateDiagnosticInfo(ServerInternal, context, result); diagnosticInfos.Add(diagnosticInfo); diagnosticsExist = true; } } else { softwareCertificates.Add(softwareCertificate); results.Add(StatusCodes.Good); // add diagnostics if requested. if ((context.DiagnosticsMask & DiagnosticsMasks.OperationAll) != 0) { diagnosticInfos.Add(null); } } } if (!diagnosticsExist && diagnosticInfos != null) { diagnosticInfos.Clear(); } } // check if certificates meet the server's requirements. ValidateSoftwareCertificates(softwareCertificates); // activate the session. bool identityChanged = ServerInternal.SessionManager.ActivateSession( context, requestHeader.AuthenticationToken, clientSignature, softwareCertificates, userIdentityToken, userTokenSignature, localeIds, out serverNonce); if (identityChanged) { // TBD - call Node Manager and Subscription Manager. } Utils.Trace("Server - SESSION ACTIVATED."); return CreateResponse(requestHeader, StatusCodes.Good); } catch (ServiceResultException e) { Utils.Trace("Server - SESSION ACTIVATE failed. {0}", e.Message); lock (ServerInternal.DiagnosticsLock) { ServerInternal.ServerDiagnostics.RejectedRequestsCount++; if (IsSecurityError(e.StatusCode)) { ServerInternal.ServerDiagnostics.SecurityRejectedRequestsCount++; } } throw TranslateException((DiagnosticsMasks)requestHeader.ReturnDiagnostics, localeIds, e); } finally { OnRequestComplete(context); } }
/// <summary> /// Invokes the CreateSession service. /// </summary> /// <param name="requestHeader">The request header.</param> /// <param name="clientDescription">Application description for the client application.</param> /// <param name="serverUri">The server URI.</param> /// <param name="endpointUrl">The endpoint URL.</param> /// <param name="sessionName">Name for the Session assigned by the client.</param> /// <param name="clientNonce">The client nonce.</param> /// <param name="clientCertificate">The client certificate.</param> /// <param name="requestedSessionTimeout">The requested session timeout.</param> /// <param name="maxResponseMessageSize">Size of the max response message.</param> /// <param name="sessionId">The unique public identifier assigned by the Server to the Session.</param> /// <param name="authenticationToken">The unique private identifier assigned by the Server to the Session.</param> /// <param name="revisedSessionTimeout">The revised session timeout.</param> /// <param name="serverNonce">The server nonce.</param> /// <param name="serverCertificate">The server certificate.</param> /// <param name="serverEndpoints">The server endpoints.</param> /// <param name="serverSoftwareCertificates">The server software certificates.</param> /// <param name="serverSignature">The server signature.</param> /// <param name="maxRequestMessageSize">Size of the max request message.</param> /// <returns> /// Returns a <see cref="ResponseHeader"/> object /// </returns> public override ResponseHeader CreateSession( RequestHeader requestHeader, ApplicationDescription clientDescription, string serverUri, string endpointUrl, string sessionName, byte[] clientNonce, byte[] clientCertificate, double requestedSessionTimeout, uint maxResponseMessageSize, out NodeId sessionId, out NodeId authenticationToken, out double revisedSessionTimeout, out byte[] serverNonce, out byte[] serverCertificate, out EndpointDescriptionCollection serverEndpoints, out SignedSoftwareCertificateCollection serverSoftwareCertificates, out SignatureData serverSignature, out uint maxRequestMessageSize) { sessionId = 0; revisedSessionTimeout = 0; serverNonce = null; serverCertificate = null; serverSoftwareCertificates = null; serverSignature = null; maxRequestMessageSize = (uint)MessageContext.MaxMessageSize; OperationContext context = ValidateRequest(requestHeader, RequestType.CreateSession); try { // check the server uri. if (!String.IsNullOrEmpty(serverUri)) { if (serverUri != this.Configuration.ApplicationUri) { throw new ServiceResultException(StatusCodes.BadServerUriInvalid); } } bool requireEncryption = ServerBase.RequireEncryption(context.ChannelContext.EndpointDescription); if (!requireEncryption && clientCertificate != null) { requireEncryption = true; } // validate client application instance certificate. X509Certificate2 parsedClientCertificate = null; if (requireEncryption && clientCertificate != null && clientCertificate.Length > 0) { try { parsedClientCertificate = CertificateFactory.Create(clientCertificate, true); if (context.SecurityPolicyUri != SecurityPolicies.None) { string certificateApplicationUri = Utils.GetApplicationUriFromCertficate(parsedClientCertificate); // verify if applicationUri from ApplicationDescription matches the applicationUri in the client certificate. if (!String.IsNullOrEmpty(certificateApplicationUri) && !String.IsNullOrEmpty(clientDescription.ApplicationUri) && certificateApplicationUri != clientDescription.ApplicationUri) { throw ServiceResultException.Create( StatusCodes.BadCertificateUriInvalid, "The URI specified in the ApplicationDescription does not match the URI in the Certificate."); } CertificateValidator.Validate(parsedClientCertificate); } } catch (Exception e) { OnApplicationCertificateError(clientCertificate, new ServiceResult(e)); } } // verify the nonce provided by the client. if (clientNonce != null) { if (clientNonce.Length < m_minNonceLength) { throw new ServiceResultException(StatusCodes.BadNonceInvalid); } } // create the session. Session session = ServerInternal.SessionManager.CreateSession( context, requireEncryption ? InstanceCertificate : null, sessionName, clientNonce, clientDescription, endpointUrl, parsedClientCertificate, requestedSessionTimeout, maxResponseMessageSize, out sessionId, out authenticationToken, out serverNonce, out revisedSessionTimeout); lock (m_lock) { // return the application instance certificate for the server. if (requireEncryption) { serverCertificate = InstanceCertificate.RawData; } // return the endpoints supported by the server. serverEndpoints = GetEndpointDescriptions(endpointUrl, BaseAddresses, null); // return the software certificates assigned to the server. serverSoftwareCertificates = new SignedSoftwareCertificateCollection(ServerProperties.SoftwareCertificates); // sign the nonce provided by the client. serverSignature = null; // sign the client nonce (if provided). if (parsedClientCertificate != null && clientNonce != null) { byte[] dataToSign = Utils.Append(clientCertificate, clientNonce); serverSignature = SecurityPolicies.Sign(InstanceCertificate, context.SecurityPolicyUri, dataToSign); } } lock (ServerInternal.DiagnosticsLock) { ServerInternal.ServerDiagnostics.CurrentSessionCount++; ServerInternal.ServerDiagnostics.CumulatedSessionCount++; } Utils.Trace("Server - SESSION CREATED. SessionId={0}", sessionId); return CreateResponse(requestHeader, StatusCodes.Good); } catch (ServiceResultException e) { Utils.Trace("Server - SESSION CREATE failed. {0}", e.Message); lock (ServerInternal.DiagnosticsLock) { ServerInternal.ServerDiagnostics.RejectedSessionCount++; ServerInternal.ServerDiagnostics.RejectedRequestsCount++; if (IsSecurityError(e.StatusCode)) { ServerInternal.ServerDiagnostics.SecurityRejectedSessionCount++; ServerInternal.ServerDiagnostics.SecurityRejectedRequestsCount++; } } throw TranslateException((DiagnosticsMasks)requestHeader.ReturnDiagnostics, new StringCollection(), e); } finally { OnRequestComplete(context); } }
/// <summary> /// Invokes the CreateSession service. /// </summary> public virtual ResponseHeader CreateSession( RequestHeader requestHeader, ApplicationDescription clientDescription, string serverUri, string endpointUrl, string sessionName, byte[] clientNonce, byte[] clientCertificate, double requestedSessionTimeout, uint maxResponseMessageSize, out NodeId sessionId, out NodeId authenticationToken, out double revisedSessionTimeout, out byte[] serverNonce, out byte[] serverCertificate, out EndpointDescriptionCollection serverEndpoints, out SignedSoftwareCertificateCollection serverSoftwareCertificates, out SignatureData serverSignature, out uint maxRequestMessageSize) { CreateSessionRequest request = new CreateSessionRequest(); CreateSessionResponse response = null; request.RequestHeader = requestHeader; request.ClientDescription = clientDescription; request.ServerUri = serverUri; request.EndpointUrl = endpointUrl; request.SessionName = sessionName; request.ClientNonce = clientNonce; request.ClientCertificate = clientCertificate; request.RequestedSessionTimeout = requestedSessionTimeout; request.MaxResponseMessageSize = maxResponseMessageSize; UpdateRequestHeader(request, requestHeader == null, "CreateSession"); try { if (UseTransportChannel) { IServiceResponse genericResponse = TransportChannel.SendRequest(request); if (genericResponse == null) { throw new ServiceResultException(StatusCodes.BadUnknownResponse); } ValidateResponse(genericResponse.ResponseHeader); response = (CreateSessionResponse)genericResponse; } else { CreateSessionResponseMessage responseMessage = InnerChannel.CreateSession(new CreateSessionMessage(request)); if (responseMessage == null || responseMessage.CreateSessionResponse == null) { throw new ServiceResultException(StatusCodes.BadUnknownResponse); } response = responseMessage.CreateSessionResponse; ValidateResponse(response.ResponseHeader); } sessionId = response.SessionId; authenticationToken = response.AuthenticationToken; revisedSessionTimeout = response.RevisedSessionTimeout; serverNonce = response.ServerNonce; serverCertificate = response.ServerCertificate; serverEndpoints = response.ServerEndpoints; serverSoftwareCertificates = response.ServerSoftwareCertificates; serverSignature = response.ServerSignature; maxRequestMessageSize = response.MaxRequestMessageSize; } finally { RequestCompleted(request, response, "CreateSession"); } return response.ResponseHeader; }
/// <summary> /// Begins an asynchronous invocation of the ActivateSession service. /// </summary> public IAsyncResult BeginActivateSession( RequestHeader requestHeader, SignatureData clientSignature, SignedSoftwareCertificateCollection clientSoftwareCertificates, StringCollection localeIds, ExtensionObject userIdentityToken, SignatureData userTokenSignature, AsyncCallback callback, object asyncState) { ActivateSessionRequest request = new ActivateSessionRequest(); request.RequestHeader = requestHeader; request.ClientSignature = clientSignature; request.ClientSoftwareCertificates = clientSoftwareCertificates; request.LocaleIds = localeIds; request.UserIdentityToken = userIdentityToken; request.UserTokenSignature = userTokenSignature; UpdateRequestHeader(request, requestHeader == null, "ActivateSession"); if (UseTransportChannel) { return TransportChannel.BeginSendRequest(request, callback, asyncState); } return InnerChannel.BeginActivateSession(new ActivateSessionMessage(request), callback, asyncState); }
/// <summary> /// Invokes the ActivateSession service. /// </summary> public virtual ResponseHeader ActivateSession( RequestHeader requestHeader, SignatureData clientSignature, SignedSoftwareCertificateCollection clientSoftwareCertificates, StringCollection localeIds, ExtensionObject userIdentityToken, SignatureData userTokenSignature, out byte[] serverNonce, out StatusCodeCollection results, out DiagnosticInfoCollection diagnosticInfos) { ActivateSessionRequest request = new ActivateSessionRequest(); ActivateSessionResponse response = null; request.RequestHeader = requestHeader; request.ClientSignature = clientSignature; request.ClientSoftwareCertificates = clientSoftwareCertificates; request.LocaleIds = localeIds; request.UserIdentityToken = userIdentityToken; request.UserTokenSignature = userTokenSignature; UpdateRequestHeader(request, requestHeader == null, "ActivateSession"); try { if (UseTransportChannel) { IServiceResponse genericResponse = TransportChannel.SendRequest(request); if (genericResponse == null) { throw new ServiceResultException(StatusCodes.BadUnknownResponse); } ValidateResponse(genericResponse.ResponseHeader); response = (ActivateSessionResponse)genericResponse; } else { ActivateSessionResponseMessage responseMessage = InnerChannel.ActivateSession(new ActivateSessionMessage(request)); if (responseMessage == null || responseMessage.ActivateSessionResponse == null) { throw new ServiceResultException(StatusCodes.BadUnknownResponse); } response = responseMessage.ActivateSessionResponse; ValidateResponse(response.ResponseHeader); } serverNonce = response.ServerNonce; results = response.Results; diagnosticInfos = response.DiagnosticInfos; } finally { RequestCompleted(request, response, "ActivateSession"); } return response.ResponseHeader; }
/// <summary> /// Finishes an asynchronous invocation of the CreateSession service. /// </summary> public ResponseHeader EndCreateSession( IAsyncResult result, out NodeId sessionId, out NodeId authenticationToken, out double revisedSessionTimeout, out byte[] serverNonce, out byte[] serverCertificate, out EndpointDescriptionCollection serverEndpoints, out SignedSoftwareCertificateCollection serverSoftwareCertificates, out SignatureData serverSignature, out uint maxRequestMessageSize) { CreateSessionResponse response = null; try { if (UseTransportChannel) { IServiceResponse genericResponse = TransportChannel.EndSendRequest(result); if (genericResponse == null) { throw new ServiceResultException(StatusCodes.BadUnknownResponse); } ValidateResponse(genericResponse.ResponseHeader); response = (CreateSessionResponse)genericResponse; } else { CreateSessionResponseMessage responseMessage = InnerChannel.EndCreateSession(result); if (responseMessage == null || responseMessage.CreateSessionResponse == null) { throw new ServiceResultException(StatusCodes.BadUnknownResponse); } response = responseMessage.CreateSessionResponse; ValidateResponse(response.ResponseHeader); } sessionId = response.SessionId; authenticationToken = response.AuthenticationToken; revisedSessionTimeout = response.RevisedSessionTimeout; serverNonce = response.ServerNonce; serverCertificate = response.ServerCertificate; serverEndpoints = response.ServerEndpoints; serverSoftwareCertificates = response.ServerSoftwareCertificates; serverSignature = response.ServerSignature; maxRequestMessageSize = response.MaxRequestMessageSize; } finally { RequestCompleted(null, response, "CreateSession"); } return response.ResponseHeader; }