/// <summary>
/// Sets private members to default values.
/// </summary>
private void Initialize()
{
m_productUri = null;
m_manufacturerName = null;
m_productName = null;
m_softwareVersion = null;
m_buildNumber = null;
m_buildDate = DateTime.MinValue;
m_datatypeAssemblies = new StringCollection();
m_softwareCertificates = new SignedSoftwareCertificateCollection();
}
/// <summary>
/// The default constructor.
/// </summary>
public ServerProperties()
{
m_productUri = String.Empty;
m_manufacturerName = String.Empty;
m_productName = String.Empty;
m_softwareVersion = String.Empty;
m_buildNumber = String.Empty;
m_buildDate = DateTime.MinValue;
m_datatypeAssemblies = new StringCollection();
m_softwareCertificates = new SignedSoftwareCertificateCollection();
}
/// <summary>
/// The default constructor.
/// </summary>
public ServerProperties()
{
m_productUri = String.Empty;
m_manufacturerName = String.Empty;
m_productName = String.Empty;
m_softwareVersion = String.Empty;
m_buildNumber = String.Empty;
m_buildDate = DateTime.MinValue;
m_datatypeAssemblies = new StringCollection();
m_softwareCertificates = new SignedSoftwareCertificateCollection();
}
/// <summary>
/// Sets private members to default values.
/// </summary>
private void Initialize()
{
m_productUri = null;
m_manufacturerName = null;
m_productName = null;
m_softwareVersion = null;
m_buildNumber = null;
m_buildDate = DateTime.MinValue;
m_datatypeAssemblies = new StringCollection();
m_softwareCertificates = new SignedSoftwareCertificateCollection();
}
/// <summary>
/// Invokes the ActivateSession service.
/// </summary>
public virtual ResponseHeader ActivateSession(
RequestHeader requestHeader,
SignatureData clientSignature,
SignedSoftwareCertificateCollection clientSoftwareCertificates,
StringCollection localeIds,
ExtensionObject userIdentityToken,
SignatureData userTokenSignature,
out byte[] serverNonce,
out StatusCodeCollection results,
out DiagnosticInfoCollection diagnosticInfos)
{
serverNonce = null;
results = null;
diagnosticInfos = null;
ValidateRequest(requestHeader);
// Insert implementation.
return(CreateResponse(requestHeader, StatusCodes.BadServiceUnsupported));
}
/// <summary>
/// Invokes the CreateSession service.
/// </summary>
public virtual ResponseHeader CreateSession(
RequestHeader requestHeader,
ApplicationDescription clientDescription,
string serverUri,
string endpointUrl,
string sessionName,
byte[] clientNonce,
byte[] clientCertificate,
double requestedSessionTimeout,
uint maxResponseMessageSize,
out NodeId sessionId,
out NodeId authenticationToken,
out double revisedSessionTimeout,
out byte[] serverNonce,
out byte[] serverCertificate,
out EndpointDescriptionCollection serverEndpoints,
out SignedSoftwareCertificateCollection serverSoftwareCertificates,
out SignatureData serverSignature,
out uint maxRequestMessageSize)
{
sessionId = null;
authenticationToken = null;
revisedSessionTimeout = 0;
serverNonce = null;
serverCertificate = null;
serverEndpoints = null;
serverSoftwareCertificates = null;
serverSignature = null;
maxRequestMessageSize = 0;
ValidateRequest(requestHeader);
// Insert implementation.
return(CreateResponse(requestHeader, StatusCodes.BadServiceUnsupported));
}
/// <summary>
/// Invokes the ActivateSession service.
/// </summary>
public virtual ResponseHeader ActivateSession(
RequestHeader requestHeader,
SignatureData clientSignature,
SignedSoftwareCertificateCollection clientSoftwareCertificates,
StringCollection localeIds,
ExtensionObject userIdentityToken,
SignatureData userTokenSignature,
out byte[] serverNonce,
out StatusCodeCollection results,
out DiagnosticInfoCollection diagnosticInfos)
{
serverNonce = null;
results = null;
diagnosticInfos = null;
ValidateRequest(requestHeader);
// Insert implementation.
return CreateResponse(requestHeader, StatusCodes.BadServiceUnsupported);
}
/// <summary>
/// Invokes the CreateSession service.
/// </summary>
public virtual ResponseHeader CreateSession(
RequestHeader requestHeader,
ApplicationDescription clientDescription,
string serverUri,
string endpointUrl,
string sessionName,
byte[] clientNonce,
byte[] clientCertificate,
double requestedSessionTimeout,
uint maxResponseMessageSize,
out NodeId sessionId,
out NodeId authenticationToken,
out double revisedSessionTimeout,
out byte[] serverNonce,
out byte[] serverCertificate,
out EndpointDescriptionCollection serverEndpoints,
out SignedSoftwareCertificateCollection serverSoftwareCertificates,
out SignatureData serverSignature,
out uint maxRequestMessageSize)
{
sessionId = null;
authenticationToken = null;
revisedSessionTimeout = 0;
serverNonce = null;
serverCertificate = null;
serverEndpoints = null;
serverSoftwareCertificates = null;
serverSignature = null;
maxRequestMessageSize = 0;
ValidateRequest(requestHeader);
// Insert implementation.
return CreateResponse(requestHeader, StatusCodes.BadServiceUnsupported);
}
/// <summary>
/// Invokes the ActivateSession service.
/// </summary>
/// <param name="requestHeader">The request header.</param>
/// <param name="clientSignature">The client signature.</param>
/// <param name="clientSoftwareCertificates">The client software certificates.</param>
/// <param name="localeIds">The locale ids.</param>
/// <param name="userIdentityToken">The user identity token.</param>
/// <param name="userTokenSignature">The user token signature.</param>
/// <param name="serverNonce">The server nonce.</param>
/// <param name="results">The results.</param>
/// <param name="diagnosticInfos">The diagnostic infos.</param>
/// <returns>
/// Returns a <see cref="ResponseHeader"/> object
/// </returns>
public override ResponseHeader ActivateSession(
RequestHeader requestHeader,
SignatureData clientSignature,
SignedSoftwareCertificateCollection clientSoftwareCertificates,
StringCollection localeIds,
ExtensionObject userIdentityToken,
SignatureData userTokenSignature,
out byte[] serverNonce,
out StatusCodeCollection results,
out DiagnosticInfoCollection diagnosticInfos)
{
serverNonce = null;
results = null;
diagnosticInfos = null;
OperationContext context = ValidateRequest(requestHeader, RequestType.ActivateSession);
try
{
// validate client's software certificates.
List<SoftwareCertificate> softwareCertificates = new List<SoftwareCertificate>();
if (context.SecurityPolicyUri != SecurityPolicies.None)
{
bool diagnosticsExist = false;
if ((context.DiagnosticsMask & DiagnosticsMasks.OperationAll) != 0)
{
diagnosticInfos = new DiagnosticInfoCollection();
}
results = new StatusCodeCollection();
diagnosticInfos = new DiagnosticInfoCollection();
foreach (SignedSoftwareCertificate signedCertificate in clientSoftwareCertificates)
{
SoftwareCertificate softwareCertificate = null;
ServiceResult result = SoftwareCertificate.Validate(
new CertificateValidator(),
signedCertificate.CertificateData,
out softwareCertificate);
if (ServiceResult.IsBad(result))
{
results.Add(result.Code);
// add diagnostics if requested.
if ((context.DiagnosticsMask & DiagnosticsMasks.OperationAll) != 0)
{
DiagnosticInfo diagnosticInfo = ServerUtils.CreateDiagnosticInfo(ServerInternal, context, result);
diagnosticInfos.Add(diagnosticInfo);
diagnosticsExist = true;
}
}
else
{
softwareCertificates.Add(softwareCertificate);
results.Add(StatusCodes.Good);
// add diagnostics if requested.
if ((context.DiagnosticsMask & DiagnosticsMasks.OperationAll) != 0)
{
diagnosticInfos.Add(null);
}
}
}
if (!diagnosticsExist && diagnosticInfos != null)
{
diagnosticInfos.Clear();
}
}
// check if certificates meet the server's requirements.
ValidateSoftwareCertificates(softwareCertificates);
// activate the session.
bool identityChanged = ServerInternal.SessionManager.ActivateSession(
context,
requestHeader.AuthenticationToken,
clientSignature,
softwareCertificates,
userIdentityToken,
userTokenSignature,
localeIds,
out serverNonce);
if (identityChanged)
{
// TBD - call Node Manager and Subscription Manager.
}
Utils.Trace("Server - SESSION ACTIVATED.");
return CreateResponse(requestHeader, StatusCodes.Good);
}
catch (ServiceResultException e)
{
Utils.Trace("Server - SESSION ACTIVATE failed. {0}", e.Message);
lock (ServerInternal.DiagnosticsLock)
{
ServerInternal.ServerDiagnostics.RejectedRequestsCount++;
if (IsSecurityError(e.StatusCode))
{
ServerInternal.ServerDiagnostics.SecurityRejectedRequestsCount++;
}
}
throw TranslateException((DiagnosticsMasks)requestHeader.ReturnDiagnostics, localeIds, e);
}
finally
{
OnRequestComplete(context);
}
}
/// <summary>
/// Invokes the CreateSession service.
/// </summary>
/// <param name="requestHeader">The request header.</param>
/// <param name="clientDescription">Application description for the client application.</param>
/// <param name="serverUri">The server URI.</param>
/// <param name="endpointUrl">The endpoint URL.</param>
/// <param name="sessionName">Name for the Session assigned by the client.</param>
/// <param name="clientNonce">The client nonce.</param>
/// <param name="clientCertificate">The client certificate.</param>
/// <param name="requestedSessionTimeout">The requested session timeout.</param>
/// <param name="maxResponseMessageSize">Size of the max response message.</param>
/// <param name="sessionId">The unique public identifier assigned by the Server to the Session.</param>
/// <param name="authenticationToken">The unique private identifier assigned by the Server to the Session.</param>
/// <param name="revisedSessionTimeout">The revised session timeout.</param>
/// <param name="serverNonce">The server nonce.</param>
/// <param name="serverCertificate">The server certificate.</param>
/// <param name="serverEndpoints">The server endpoints.</param>
/// <param name="serverSoftwareCertificates">The server software certificates.</param>
/// <param name="serverSignature">The server signature.</param>
/// <param name="maxRequestMessageSize">Size of the max request message.</param>
/// <returns>
/// Returns a <see cref="ResponseHeader"/> object
/// </returns>
public override ResponseHeader CreateSession(
RequestHeader requestHeader,
ApplicationDescription clientDescription,
string serverUri,
string endpointUrl,
string sessionName,
byte[] clientNonce,
byte[] clientCertificate,
double requestedSessionTimeout,
uint maxResponseMessageSize,
out NodeId sessionId,
out NodeId authenticationToken,
out double revisedSessionTimeout,
out byte[] serverNonce,
out byte[] serverCertificate,
out EndpointDescriptionCollection serverEndpoints,
out SignedSoftwareCertificateCollection serverSoftwareCertificates,
out SignatureData serverSignature,
out uint maxRequestMessageSize)
{
sessionId = 0;
revisedSessionTimeout = 0;
serverNonce = null;
serverCertificate = null;
serverSoftwareCertificates = null;
serverSignature = null;
maxRequestMessageSize = (uint)MessageContext.MaxMessageSize;
OperationContext context = ValidateRequest(requestHeader, RequestType.CreateSession);
try
{
// check the server uri.
if (!String.IsNullOrEmpty(serverUri))
{
if (serverUri != this.Configuration.ApplicationUri)
{
throw new ServiceResultException(StatusCodes.BadServerUriInvalid);
}
}
bool requireEncryption = ServerBase.RequireEncryption(context.ChannelContext.EndpointDescription);
if (!requireEncryption && clientCertificate != null)
{
requireEncryption = true;
}
// validate client application instance certificate.
X509Certificate2 parsedClientCertificate = null;
if (requireEncryption && clientCertificate != null && clientCertificate.Length > 0)
{
try
{
parsedClientCertificate = CertificateFactory.Create(clientCertificate, true);
if (context.SecurityPolicyUri != SecurityPolicies.None)
{
string certificateApplicationUri = Utils.GetApplicationUriFromCertficate(parsedClientCertificate);
// verify if applicationUri from ApplicationDescription matches the applicationUri in the client certificate.
if (!String.IsNullOrEmpty(certificateApplicationUri) &&
!String.IsNullOrEmpty(clientDescription.ApplicationUri) &&
certificateApplicationUri != clientDescription.ApplicationUri)
{
throw ServiceResultException.Create(
StatusCodes.BadCertificateUriInvalid,
"The URI specified in the ApplicationDescription does not match the URI in the Certificate.");
}
CertificateValidator.Validate(parsedClientCertificate);
}
}
catch (Exception e)
{
OnApplicationCertificateError(clientCertificate, new ServiceResult(e));
}
}
// verify the nonce provided by the client.
if (clientNonce != null)
{
if (clientNonce.Length < m_minNonceLength)
{
throw new ServiceResultException(StatusCodes.BadNonceInvalid);
}
}
// create the session.
Session session = ServerInternal.SessionManager.CreateSession(
context,
requireEncryption ? InstanceCertificate : null,
sessionName,
clientNonce,
clientDescription,
endpointUrl,
parsedClientCertificate,
requestedSessionTimeout,
maxResponseMessageSize,
out sessionId,
out authenticationToken,
out serverNonce,
out revisedSessionTimeout);
lock (m_lock)
{
// return the application instance certificate for the server.
if (requireEncryption)
{
serverCertificate = InstanceCertificate.RawData;
}
// return the endpoints supported by the server.
serverEndpoints = GetEndpointDescriptions(endpointUrl, BaseAddresses, null);
// return the software certificates assigned to the server.
serverSoftwareCertificates = new SignedSoftwareCertificateCollection(ServerProperties.SoftwareCertificates);
// sign the nonce provided by the client.
serverSignature = null;
// sign the client nonce (if provided).
if (parsedClientCertificate != null && clientNonce != null)
{
byte[] dataToSign = Utils.Append(clientCertificate, clientNonce);
serverSignature = SecurityPolicies.Sign(InstanceCertificate, context.SecurityPolicyUri, dataToSign);
}
}
lock (ServerInternal.DiagnosticsLock)
{
ServerInternal.ServerDiagnostics.CurrentSessionCount++;
ServerInternal.ServerDiagnostics.CumulatedSessionCount++;
}
Utils.Trace("Server - SESSION CREATED. SessionId={0}", sessionId);
return CreateResponse(requestHeader, StatusCodes.Good);
}
catch (ServiceResultException e)
{
Utils.Trace("Server - SESSION CREATE failed. {0}", e.Message);
lock (ServerInternal.DiagnosticsLock)
{
ServerInternal.ServerDiagnostics.RejectedSessionCount++;
ServerInternal.ServerDiagnostics.RejectedRequestsCount++;
if (IsSecurityError(e.StatusCode))
{
ServerInternal.ServerDiagnostics.SecurityRejectedSessionCount++;
ServerInternal.ServerDiagnostics.SecurityRejectedRequestsCount++;
}
}
throw TranslateException((DiagnosticsMasks)requestHeader.ReturnDiagnostics, new StringCollection(), e);
}
finally
{
OnRequestComplete(context);
}
}
/// <summary>
/// Invokes the CreateSession service.
/// </summary>
public virtual ResponseHeader CreateSession(
RequestHeader requestHeader,
ApplicationDescription clientDescription,
string serverUri,
string endpointUrl,
string sessionName,
byte[] clientNonce,
byte[] clientCertificate,
double requestedSessionTimeout,
uint maxResponseMessageSize,
out NodeId sessionId,
out NodeId authenticationToken,
out double revisedSessionTimeout,
out byte[] serverNonce,
out byte[] serverCertificate,
out EndpointDescriptionCollection serverEndpoints,
out SignedSoftwareCertificateCollection serverSoftwareCertificates,
out SignatureData serverSignature,
out uint maxRequestMessageSize)
{
CreateSessionRequest request = new CreateSessionRequest();
CreateSessionResponse response = null;
request.RequestHeader = requestHeader;
request.ClientDescription = clientDescription;
request.ServerUri = serverUri;
request.EndpointUrl = endpointUrl;
request.SessionName = sessionName;
request.ClientNonce = clientNonce;
request.ClientCertificate = clientCertificate;
request.RequestedSessionTimeout = requestedSessionTimeout;
request.MaxResponseMessageSize = maxResponseMessageSize;
UpdateRequestHeader(request, requestHeader == null, "CreateSession");
try
{
if (UseTransportChannel)
{
IServiceResponse genericResponse = TransportChannel.SendRequest(request);
if (genericResponse == null)
{
throw new ServiceResultException(StatusCodes.BadUnknownResponse);
}
ValidateResponse(genericResponse.ResponseHeader);
response = (CreateSessionResponse)genericResponse;
}
else
{
CreateSessionResponseMessage responseMessage = InnerChannel.CreateSession(new CreateSessionMessage(request));
if (responseMessage == null || responseMessage.CreateSessionResponse == null)
{
throw new ServiceResultException(StatusCodes.BadUnknownResponse);
}
response = responseMessage.CreateSessionResponse;
ValidateResponse(response.ResponseHeader);
}
sessionId = response.SessionId;
authenticationToken = response.AuthenticationToken;
revisedSessionTimeout = response.RevisedSessionTimeout;
serverNonce = response.ServerNonce;
serverCertificate = response.ServerCertificate;
serverEndpoints = response.ServerEndpoints;
serverSoftwareCertificates = response.ServerSoftwareCertificates;
serverSignature = response.ServerSignature;
maxRequestMessageSize = response.MaxRequestMessageSize;
}
finally
{
RequestCompleted(request, response, "CreateSession");
}
return response.ResponseHeader;
}
/// <summary>
/// Begins an asynchronous invocation of the ActivateSession service.
/// </summary>
public IAsyncResult BeginActivateSession(
RequestHeader requestHeader,
SignatureData clientSignature,
SignedSoftwareCertificateCollection clientSoftwareCertificates,
StringCollection localeIds,
ExtensionObject userIdentityToken,
SignatureData userTokenSignature,
AsyncCallback callback,
object asyncState)
{
ActivateSessionRequest request = new ActivateSessionRequest();
request.RequestHeader = requestHeader;
request.ClientSignature = clientSignature;
request.ClientSoftwareCertificates = clientSoftwareCertificates;
request.LocaleIds = localeIds;
request.UserIdentityToken = userIdentityToken;
request.UserTokenSignature = userTokenSignature;
UpdateRequestHeader(request, requestHeader == null, "ActivateSession");
if (UseTransportChannel)
{
return TransportChannel.BeginSendRequest(request, callback, asyncState);
}
return InnerChannel.BeginActivateSession(new ActivateSessionMessage(request), callback, asyncState);
}
/// <summary>
/// Invokes the ActivateSession service.
/// </summary>
public virtual ResponseHeader ActivateSession(
RequestHeader requestHeader,
SignatureData clientSignature,
SignedSoftwareCertificateCollection clientSoftwareCertificates,
StringCollection localeIds,
ExtensionObject userIdentityToken,
SignatureData userTokenSignature,
out byte[] serverNonce,
out StatusCodeCollection results,
out DiagnosticInfoCollection diagnosticInfos)
{
ActivateSessionRequest request = new ActivateSessionRequest();
ActivateSessionResponse response = null;
request.RequestHeader = requestHeader;
request.ClientSignature = clientSignature;
request.ClientSoftwareCertificates = clientSoftwareCertificates;
request.LocaleIds = localeIds;
request.UserIdentityToken = userIdentityToken;
request.UserTokenSignature = userTokenSignature;
UpdateRequestHeader(request, requestHeader == null, "ActivateSession");
try
{
if (UseTransportChannel)
{
IServiceResponse genericResponse = TransportChannel.SendRequest(request);
if (genericResponse == null)
{
throw new ServiceResultException(StatusCodes.BadUnknownResponse);
}
ValidateResponse(genericResponse.ResponseHeader);
response = (ActivateSessionResponse)genericResponse;
}
else
{
ActivateSessionResponseMessage responseMessage = InnerChannel.ActivateSession(new ActivateSessionMessage(request));
if (responseMessage == null || responseMessage.ActivateSessionResponse == null)
{
throw new ServiceResultException(StatusCodes.BadUnknownResponse);
}
response = responseMessage.ActivateSessionResponse;
ValidateResponse(response.ResponseHeader);
}
serverNonce = response.ServerNonce;
results = response.Results;
diagnosticInfos = response.DiagnosticInfos;
}
finally
{
RequestCompleted(request, response, "ActivateSession");
}
return response.ResponseHeader;
}
/// <summary>
/// Finishes an asynchronous invocation of the CreateSession service.
/// </summary>
public ResponseHeader EndCreateSession(
IAsyncResult result,
out NodeId sessionId,
out NodeId authenticationToken,
out double revisedSessionTimeout,
out byte[] serverNonce,
out byte[] serverCertificate,
out EndpointDescriptionCollection serverEndpoints,
out SignedSoftwareCertificateCollection serverSoftwareCertificates,
out SignatureData serverSignature,
out uint maxRequestMessageSize)
{
CreateSessionResponse response = null;
try
{
if (UseTransportChannel)
{
IServiceResponse genericResponse = TransportChannel.EndSendRequest(result);
if (genericResponse == null)
{
throw new ServiceResultException(StatusCodes.BadUnknownResponse);
}
ValidateResponse(genericResponse.ResponseHeader);
response = (CreateSessionResponse)genericResponse;
}
else
{
CreateSessionResponseMessage responseMessage = InnerChannel.EndCreateSession(result);
if (responseMessage == null || responseMessage.CreateSessionResponse == null)
{
throw new ServiceResultException(StatusCodes.BadUnknownResponse);
}
response = responseMessage.CreateSessionResponse;
ValidateResponse(response.ResponseHeader);
}
sessionId = response.SessionId;
authenticationToken = response.AuthenticationToken;
revisedSessionTimeout = response.RevisedSessionTimeout;
serverNonce = response.ServerNonce;
serverCertificate = response.ServerCertificate;
serverEndpoints = response.ServerEndpoints;
serverSoftwareCertificates = response.ServerSoftwareCertificates;
serverSignature = response.ServerSignature;
maxRequestMessageSize = response.MaxRequestMessageSize;
}
finally
{
RequestCompleted(null, response, "CreateSession");
}
return response.ResponseHeader;
}
