/// <inheritdoc/>
/// <summary>
/// Create a new service host for UA HTTPS.
/// </summary>
public List <EndpointDescription> CreateServiceHost(
ServerBase serverBase,
IDictionary <string, Task> hosts,
ApplicationConfiguration configuration,
IList <string> baseAddresses,
ApplicationDescription serverDescription,
List <ServerSecurityPolicy> securityPolicies,
X509Certificate2 instanceCertificate,
X509Certificate2Collection instanceCertificateChain
)
{
// generate a unique host name.
string hostName = String.Empty;
if (hosts.ContainsKey(hostName))
{
hostName = "/Https";
}
if (hosts.ContainsKey(hostName))
{
hostName += Utils.Format("/{0}", hosts.Count);
}
// build list of uris.
List <Uri> uris = new List <Uri>();
EndpointDescriptionCollection endpoints = new EndpointDescriptionCollection();
// create the endpoint configuration to use.
EndpointConfiguration endpointConfiguration = EndpointConfiguration.Create(configuration);
string computerName = Utils.GetHostName();
for (int ii = 0; ii < baseAddresses.Count; ii++)
{
if (!baseAddresses[ii].StartsWith(Utils.UriSchemeHttps, StringComparison.Ordinal))
{
continue;
}
UriBuilder uri = new UriBuilder(baseAddresses[ii]);
if (uri.Path[uri.Path.Length - 1] != '/')
{
uri.Path += "/";
}
if (String.Compare(uri.Host, "localhost", StringComparison.OrdinalIgnoreCase) == 0)
{
uri.Host = computerName;
}
uris.Add(uri.Uri);
if (uri.Scheme == Utils.UriSchemeHttps)
{
// Can only support one policy with HTTPS
// So pick the first policy with security mode sign and encrypt
ServerSecurityPolicy bestPolicy = null;
foreach (ServerSecurityPolicy policy in securityPolicies)
{
if (policy.SecurityMode != MessageSecurityMode.SignAndEncrypt)
{
continue;
}
bestPolicy = policy;
break;
}
// Pick the first policy from the list if no policies with sign and encrypt defined
if (bestPolicy == null)
{
bestPolicy = securityPolicies[0];
}
EndpointDescription description = new EndpointDescription();
description.EndpointUrl = uri.ToString();
description.Server = serverDescription;
if (instanceCertificate != null)
{
description.ServerCertificate = instanceCertificate.RawData;
// check if complete chain should be sent.
if (configuration.SecurityConfiguration.SendCertificateChain &&
instanceCertificateChain != null &&
instanceCertificateChain.Count > 0)
{
List <byte> serverCertificateChain = new List <byte>();
for (int i = 0; i < instanceCertificateChain.Count; i++)
{
serverCertificateChain.AddRange(instanceCertificateChain[i].RawData);
}
description.ServerCertificate = serverCertificateChain.ToArray();
}
}
description.SecurityMode = bestPolicy.SecurityMode;
description.SecurityPolicyUri = bestPolicy.SecurityPolicyUri;
description.SecurityLevel = ServerSecurityPolicy.CalculateSecurityLevel(bestPolicy.SecurityMode, bestPolicy.SecurityPolicyUri);
description.UserIdentityTokens = serverBase.GetUserTokenPolicies(configuration, description);
description.TransportProfileUri = Profiles.HttpsBinaryTransport;
ITransportListener listener = Create();
if (listener != null)
{
endpoints.Add(description);
serverBase.CreateServiceHostEndpoint(uri.Uri, endpoints, endpointConfiguration, listener,
configuration.CertificateValidator.GetChannelValidator());
}
else
{
Utils.Trace(Utils.TraceMasks.Error, "Failed to create endpoint {0} because the transport profile is unsupported.", uri);
}
}
}
return(endpoints);
}
/// <inheritdoc/>
/// <summary>
/// Create a new service host for UA TCP.
/// </summary>
public List <EndpointDescription> CreateServiceHost(
ServerBase serverBase,
IDictionary <string, ServiceHost> hosts,
ApplicationConfiguration configuration,
IList <string> baseAddresses,
ApplicationDescription serverDescription,
List <ServerSecurityPolicy> securityPolicies,
X509Certificate2 instanceCertificate,
X509Certificate2Collection instanceCertificateChain)
{
// generate a unique host name.
string hostName = "/Tcp";
if (hosts.ContainsKey(hostName))
{
hostName += Utils.Format("/{0}", hosts.Count);
}
// build list of uris.
List <Uri> uris = new List <Uri>();
EndpointDescriptionCollection endpoints = new EndpointDescriptionCollection();
// create the endpoint configuration to use.
EndpointConfiguration endpointConfiguration = EndpointConfiguration.Create(configuration);
string computerName = Utils.GetHostName();
for (int ii = 0; ii < baseAddresses.Count; ii++)
{
// UA TCP and HTTPS endpoints support multiple policies.
if (!baseAddresses[ii].StartsWith(Utils.UriSchemeOpcTcp, StringComparison.Ordinal))
{
continue;
}
UriBuilder uri = new UriBuilder(baseAddresses[ii]);
if (String.Equals(uri.Host, "localhost", StringComparison.OrdinalIgnoreCase))
{
uri.Host = computerName;
}
ITransportListener listener = this.Create();
if (listener != null)
{
EndpointDescriptionCollection listenerEndpoints = new EndpointDescriptionCollection();
uris.Add(uri.Uri);
foreach (ServerSecurityPolicy policy in securityPolicies)
{
// create the endpoint description.
EndpointDescription description = new EndpointDescription();
description.EndpointUrl = uri.ToString();
description.Server = serverDescription;
description.SecurityMode = policy.SecurityMode;
description.SecurityPolicyUri = policy.SecurityPolicyUri;
description.SecurityLevel = ServerSecurityPolicy.CalculateSecurityLevel(policy.SecurityMode, policy.SecurityPolicyUri);
description.UserIdentityTokens = serverBase.GetUserTokenPolicies(configuration, description);
description.TransportProfileUri = Profiles.UaTcpTransport;
bool requireEncryption = ServerBase.RequireEncryption(description);
if (requireEncryption)
{
description.ServerCertificate = instanceCertificate.RawData;
// check if complete chain should be sent.
if (configuration.SecurityConfiguration.SendCertificateChain &&
instanceCertificateChain != null &&
instanceCertificateChain.Count > 0)
{
List <byte> serverCertificateChain = new List <byte>();
for (int i = 0; i < instanceCertificateChain.Count; i++)
{
serverCertificateChain.AddRange(instanceCertificateChain[i].RawData);
}
description.ServerCertificate = serverCertificateChain.ToArray();
}
}
listenerEndpoints.Add(description);
}
serverBase.CreateServiceHostEndpoint(uri.Uri, listenerEndpoints, endpointConfiguration, listener,
configuration.CertificateValidator.GetChannelValidator()
);
endpoints.AddRange(listenerEndpoints);
}
else
{
Utils.Trace(Utils.TraceMasks.Error, "Failed to create endpoint {0} because the transport profile is unsupported.", uri);
}
}
hosts[hostName] = serverBase.CreateServiceHost(serverBase, uris.ToArray());
return(endpoints);
}
