public static Create ( byte encodedData, bool useCache ) : |
||
encodedData | byte | The encoded data. |
useCache | bool | if set to |
return |
/// <summary> /// Verifies a signature created with the token. /// </summary> public override bool Verify(byte[] dataToVerify, SignatureData signatureData, string securityPolicyUri) { try { X509Certificate2 certificate = m_certificate; if (certificate == null) { certificate = CertificateFactory.Create(m_certificateData, true); } bool valid = SecurityPolicies.Verify( certificate, securityPolicyUri, dataToVerify, signatureData); m_certificateData = certificate.RawData; return(valid); } catch (Exception e) { throw ServiceResultException.Create(StatusCodes.BadIdentityTokenInvalid, e, "Could not verify user signature!"); } }
/// <summary> /// Validates a software certificate. /// </summary> public static ServiceResult Validate( CertificateValidator validator, byte[] signedCertificate, out SoftwareCertificate softwareCertificate) { softwareCertificate = null; // validate the certificate. X509Certificate2 certificate = null; try { certificate = CertificateFactory.Create(signedCertificate, true); validator.Validate(certificate); } catch (Exception e) { return(ServiceResult.Create(e, StatusCodes.BadDecodingError, "Could not decode software certificate body.")); } // find the software certficate. byte[] encodedData = null; foreach (X509Extension extension in certificate.Extensions) { if (extension.Oid.Value == "0.0.0.0.0") { encodedData = extension.RawData; break; } } if (encodedData == null) { return(ServiceResult.Create(StatusCodes.BadCertificateInvalid, "Could not find extension containing the software certficate.")); } try { MemoryStream istrm = new MemoryStream(encodedData, false); DataContractSerializer serializer = new DataContractSerializer(typeof(SoftwareCertificate)); softwareCertificate = (SoftwareCertificate)serializer.ReadObject(istrm); softwareCertificate.SignedCertificate = certificate; } catch (Exception e) { return(ServiceResult.Create(e, StatusCodes.BadCertificateInvalid, "Certificate does not contain a valid SoftwareCertificate body.")); } // certificate is valid. return(ServiceResult.Good); }
/// <summary> /// Initializes the object with a UA identity token /// </summary> private void Initialize(UserIdentityToken token) { if (token == null) { throw new ArgumentNullException("token"); } m_policyId = token.PolicyId; UserNameIdentityToken usernameToken = token as UserNameIdentityToken; if (usernameToken != null) { Initialize(new UserNameSecurityToken(usernameToken.UserName, usernameToken.DecryptedPassword)); return; } X509IdentityToken x509Token = token as X509IdentityToken; if (x509Token != null) { X509Certificate2 certificate = CertificateFactory.Create(x509Token.CertificateData, true); Initialize(new X509SecurityToken(certificate)); return; } IssuedIdentityToken wssToken = token as IssuedIdentityToken; if (wssToken != null) { Initialize(wssToken, WSSecurityTokenSerializer.DefaultInstance, null); return; } AnonymousIdentityToken anonymousToken = token as AnonymousIdentityToken; if (anonymousToken != null) { m_tokenType = UserTokenType.Anonymous; m_issuedTokenType = null; m_displayName = "Anonymous"; m_token = null; return; } throw new ArgumentException("Unrecognized UA user identity token type.", "token"); }
/// <summary> /// Creates a signature with the token. /// </summary> public override SignatureData Sign(byte[] dataToSign, string securityPolicyUri) { X509Certificate2 certificate = m_certificate; if (certificate == null) { certificate = CertificateFactory.Create(m_certificateData, true); } SignatureData signatureData = SecurityPolicies.Sign( certificate, securityPolicyUri, dataToSign); m_certificateData = certificate.GetRawCertData(); return(signatureData); }
/// <summary> /// Verifies a signature created with the token. /// </summary> public override bool Verify(byte[] dataToVerify, SignatureData signatureData, string securityPolicyUri) { X509Certificate2 certificate = m_certificate; if (certificate == null) { certificate = CertificateFactory.Create(m_certificateData, true); } bool valid = SecurityPolicies.Verify( certificate, securityPolicyUri, dataToVerify, signatureData); m_certificateData = certificate.GetRawCertData(); return(valid); }
/// <summary> /// Parses a blob with a list of DER encoded certificates. /// </summary> /// <param name="encodedData">The encoded data.</param> /// <returns> /// An object of <see cref="X509Certificate2Collection"/> containing <see cref="X509Certificate2"/> /// certificates created from a buffer with DER encoded certificate /// </returns> /// <remarks> /// Any supporting certificates found in the buffer are processed as well. /// </remarks> public static X509Certificate2Collection ParseBlob(byte[] encodedData) { if (!IsValidCertificateBlob(encodedData)) { throw new CryptographicException("Primary certificate in blob is not valid."); } X509Certificate2Collection collection = new X509Certificate2Collection(); X509Certificate2 certificate = CertificateFactory.Create(encodedData, true); collection.Add(certificate); byte[] rawData = encodedData; byte[] data = certificate.RawData; int processedBytes = data.Length; if (encodedData.Length < processedBytes) { byte[] buffer = new byte[encodedData.Length - processedBytes]; do { Array.Copy(encodedData, processedBytes, buffer, 0, encodedData.Length - processedBytes); if (!IsValidCertificateBlob(buffer)) { throw new CryptographicException("Supporting certificate in blob is not valid."); } X509Certificate2 issuerCertificate = CertificateFactory.Create(buffer, true); collection.Add(issuerCertificate); data = issuerCertificate.RawData; processedBytes += data.Length; }while (processedBytes < encodedData.Length); } return(collection); }
/// <summary> /// Initializes the object with a UA identity token /// </summary> private void Initialize(UserIdentityToken token) { if (token == null) { throw new ArgumentNullException("token"); } m_token = token; UserNameIdentityToken usernameToken = token as UserNameIdentityToken; if (usernameToken != null) { m_tokenType = UserTokenType.UserName; m_issuedTokenType = null; m_displayName = usernameToken.UserName; return; } X509IdentityToken x509Token = token as X509IdentityToken; if (x509Token != null) { m_tokenType = UserTokenType.Certificate; m_issuedTokenType = null; if (x509Token.Certificate != null) { m_displayName = x509Token.Certificate.Subject; } else { X509Certificate2 cert = CertificateFactory.Create(x509Token.CertificateData, true); m_displayName = cert.Subject; } return; } IssuedIdentityToken issuedToken = token as IssuedIdentityToken; if (issuedToken != null) { if (issuedToken.IssuedTokenType == Ua.IssuedTokenType.JWT) { if (issuedToken.DecryptedTokenData == null || issuedToken.DecryptedTokenData.Length == 0) { throw new ArgumentException("JSON Web Token has no data associated with it.", "token"); } m_tokenType = UserTokenType.IssuedToken; m_issuedTokenType = new XmlQualifiedName("", Opc.Ua.Profiles.JwtUserToken); m_displayName = "JWT"; return; } else { throw new NotSupportedException("Only JWT Issued Tokens are supported!"); } } AnonymousIdentityToken anonymousToken = token as AnonymousIdentityToken; if (anonymousToken != null) { m_tokenType = UserTokenType.Anonymous; m_issuedTokenType = null; m_displayName = "Anonymous"; return; } throw new ArgumentException("Unrecognized UA user identity token type.", "token"); }