/// <inheritdoc/> /// <summary> /// Create a new service host for UA TCP. /// </summary> public List <EndpointDescription> CreateServiceHost( ServerBase serverBase, IDictionary <string, ServiceHost> hosts, ApplicationConfiguration configuration, IList <string> baseAddresses, ApplicationDescription serverDescription, List <ServerSecurityPolicy> securityPolicies, X509Certificate2 instanceCertificate, X509Certificate2Collection instanceCertificateChain) { // generate a unique host name. string hostName = "/Tcp"; if (hosts.ContainsKey(hostName)) { hostName += Utils.Format("/{0}", hosts.Count); } // build list of uris. List <Uri> uris = new List <Uri>(); EndpointDescriptionCollection endpoints = new EndpointDescriptionCollection(); // create the endpoint configuration to use. EndpointConfiguration endpointConfiguration = EndpointConfiguration.Create(configuration); string computerName = Utils.GetHostName(); for (int ii = 0; ii < baseAddresses.Count; ii++) { // UA TCP and HTTPS endpoints support multiple policies. if (!baseAddresses[ii].StartsWith(Utils.UriSchemeOpcTcp, StringComparison.Ordinal)) { continue; } UriBuilder uri = new UriBuilder(baseAddresses[ii]); if (String.Equals(uri.Host, "localhost", StringComparison.OrdinalIgnoreCase)) { uri.Host = computerName; } ITransportListener listener = this.Create(); if (listener != null) { EndpointDescriptionCollection listenerEndpoints = new EndpointDescriptionCollection(); uris.Add(uri.Uri); foreach (ServerSecurityPolicy policy in securityPolicies) { // create the endpoint description. EndpointDescription description = new EndpointDescription(); description.EndpointUrl = uri.ToString(); description.Server = serverDescription; description.SecurityMode = policy.SecurityMode; description.SecurityPolicyUri = policy.SecurityPolicyUri; description.SecurityLevel = ServerSecurityPolicy.CalculateSecurityLevel(policy.SecurityMode, policy.SecurityPolicyUri); description.UserIdentityTokens = serverBase.GetUserTokenPolicies(configuration, description); description.TransportProfileUri = Profiles.UaTcpTransport; bool requireEncryption = ServerBase.RequireEncryption(description); if (requireEncryption) { description.ServerCertificate = instanceCertificate.RawData; // check if complete chain should be sent. if (configuration.SecurityConfiguration.SendCertificateChain && instanceCertificateChain != null && instanceCertificateChain.Count > 0) { List <byte> serverCertificateChain = new List <byte>(); for (int i = 0; i < instanceCertificateChain.Count; i++) { serverCertificateChain.AddRange(instanceCertificateChain[i].RawData); } description.ServerCertificate = serverCertificateChain.ToArray(); } } listenerEndpoints.Add(description); } serverBase.CreateServiceHostEndpoint(uri.Uri, listenerEndpoints, endpointConfiguration, listener, configuration.CertificateValidator.GetChannelValidator() ); endpoints.AddRange(listenerEndpoints); } else { Utils.Trace(Utils.TraceMasks.Error, "Failed to create endpoint {0} because the transport profile is unsupported.", uri); } } hosts[hostName] = serverBase.CreateServiceHost(serverBase, uris.ToArray()); return(endpoints); }
/// <inheritdoc/> /// <summary> /// Create a new service host for UA HTTPS. /// </summary> public List <EndpointDescription> CreateServiceHost( ServerBase serverBase, IDictionary <string, ServiceHost> hosts, ApplicationConfiguration configuration, IList <string> baseAddresses, ApplicationDescription serverDescription, List <ServerSecurityPolicy> securityPolicies, X509Certificate2 instanceCertificate, X509Certificate2Collection instanceCertificateChain ) { // generate a unique host name. string hostName = hostName = "/Https"; if (hosts.ContainsKey(hostName)) { hostName += Utils.Format("/{0}", hosts.Count); } // build list of uris. List <Uri> uris = new List <Uri>(); EndpointDescriptionCollection endpoints = new EndpointDescriptionCollection(); // create the endpoint configuration to use. EndpointConfiguration endpointConfiguration = EndpointConfiguration.Create(configuration); string computerName = Utils.GetHostName(); for (int ii = 0; ii < baseAddresses.Count; ii++) { if (!baseAddresses[ii].StartsWith(Utils.UriSchemeHttps, StringComparison.Ordinal)) { continue; } UriBuilder uri = new UriBuilder(baseAddresses[ii]); if (uri.Path[uri.Path.Length - 1] != '/') { uri.Path += "/"; } if (String.Equals(uri.Host, "localhost", StringComparison.OrdinalIgnoreCase)) { uri.Host = computerName; } uris.Add(uri.Uri); if (uri.Scheme == Utils.UriSchemeHttps) { // Can only support one policy with HTTPS // So pick the first policy with security mode sign and encrypt ServerSecurityPolicy bestPolicy = null; foreach (ServerSecurityPolicy policy in securityPolicies) { if (policy.SecurityMode != MessageSecurityMode.SignAndEncrypt) { continue; } bestPolicy = policy; break; } // Pick the first policy from the list if no policies with sign and encrypt defined if (bestPolicy == null) { bestPolicy = securityPolicies[0]; } EndpointDescription description = new EndpointDescription(); description.EndpointUrl = uri.ToString(); description.Server = serverDescription; if (instanceCertificate != null) { description.ServerCertificate = instanceCertificate.RawData; // check if complete chain should be sent. if (configuration.SecurityConfiguration.SendCertificateChain && instanceCertificateChain != null && instanceCertificateChain.Count > 0) { List <byte> serverCertificateChain = new List <byte>(); for (int i = 0; i < instanceCertificateChain.Count; i++) { serverCertificateChain.AddRange(instanceCertificateChain[i].RawData); } description.ServerCertificate = serverCertificateChain.ToArray(); } } description.SecurityMode = bestPolicy.SecurityMode; description.SecurityPolicyUri = bestPolicy.SecurityPolicyUri; description.SecurityLevel = ServerSecurityPolicy.CalculateSecurityLevel(bestPolicy.SecurityMode, bestPolicy.SecurityPolicyUri); description.UserIdentityTokens = serverBase.GetUserTokenPolicies(configuration, description); description.TransportProfileUri = Profiles.HttpsBinaryTransport; ITransportListener listener = Create(); if (listener != null) { endpoints.Add(description); serverBase.CreateServiceHostEndpoint(uri.Uri, endpoints, endpointConfiguration, listener, configuration.CertificateValidator.GetChannelValidator()); } else { Utils.Trace(Utils.TraceMasks.Error, "Failed to create endpoint {0} because the transport profile is unsupported.", uri); } } // create the host. ServiceHost serviceHost = serverBase.CreateServiceHost(serverBase, uris.ToArray()); hosts[hostName] = serviceHost; } return(endpoints); }