/// <summary> /// Creates the objects used to validate the user identity tokens supported by the server. /// </summary> private void CreateUserIdentityValidators(ApplicationConfiguration configuration) { for (int ii = 0; ii < configuration.ServerConfiguration.UserTokenPolicies.Count; ii++) { UserTokenPolicy policy = configuration.ServerConfiguration.UserTokenPolicies[ii]; // create a validator for a certificate token policy. if (policy.TokenType == UserTokenType.Certificate) { // check if user certificate trust lists are specified in configuration. if (configuration.SecurityConfiguration.TrustedUserCertificates != null && configuration.SecurityConfiguration.UserIssuerCertificates != null) { CertificateValidator certificateValidator = new CertificateValidator(); certificateValidator.Update(configuration.SecurityConfiguration).Wait(); certificateValidator.Update(configuration.SecurityConfiguration.UserIssuerCertificates, configuration.SecurityConfiguration.TrustedUserCertificates, configuration.SecurityConfiguration.RejectedCertificateStore); // set custom validator for user certificates. m_certificateValidator = certificateValidator.GetChannelValidator(); } } } }
/// <summary> /// Creates the objects used to validate the user identity tokens supported by the server. /// </summary> private void CreateUserIdentityValidators(ApplicationConfiguration configuration) { foreach (UserTokenPolicy policy in configuration.ServerConfiguration.UserTokenPolicies) { // create a validator for a certificate token policy if (policy.TokenType == UserTokenType.Certificate) { // check if user certificate trust lists are specified in configuration SecurityConfiguration securityConfiguration = configuration.SecurityConfiguration; if (securityConfiguration.TrustedUserCertificates != null && securityConfiguration.UserIssuerCertificates != null) { CertificateValidator validator = new CertificateValidator(); validator.Update(securityConfiguration).Wait(); validator.Update( securityConfiguration.UserIssuerCertificates, securityConfiguration.TrustedUserCertificates, securityConfiguration.RejectedCertificateStore); // set custom validator for user certificates certificateValidator = validator.GetChannelValidator(); } } } }
/// <summary> /// Creates the objects used to validate the user identity tokens supported by the server. /// </summary> private void CreateUserIdentityValidators(ApplicationConfiguration configuration) { for (var ii = 0; ii < configuration.ServerConfiguration.UserTokenPolicies.Count; ii++) { var policy = configuration.ServerConfiguration.UserTokenPolicies[ii]; // ignore policies without an explicit id. if (string.IsNullOrEmpty(policy.PolicyId)) { continue; } // create a validator for an issued token policy. if (policy.TokenType == UserTokenType.IssuedToken) { // the name of the element in the configuration file. var qname = new XmlQualifiedName(policy.PolicyId, Namespaces.OpcUa); // find the id for the issuer certificate. var id = configuration.ParseExtension <CertificateIdentifier>(qname); if (id == null) { Utils.Trace( Utils.TraceMasks.Error, "Could not load CertificateIdentifier for UserTokenPolicy {0}", policy.PolicyId); continue; } } // create a validator for a certificate token policy. if (policy.TokenType == UserTokenType.Certificate) { // the name of the element in the configuration file. var qname = new XmlQualifiedName(policy.PolicyId, Namespaces.OpcUa); // find the location of the trusted issuers. var trustedIssuers = configuration.ParseExtension <CertificateTrustList>(qname); if (trustedIssuers == null) { Utils.Trace( Utils.TraceMasks.Error, "Could not load CertificateTrustList for UserTokenPolicy {0}", policy.PolicyId); continue; } // trusts any certificate in the trusted people store. _certificateValidator = CertificateValidator.GetChannelValidator(); } } }
private void CreateUserIdentityValidators(ApplicationConfiguration configuration) { for (int ii = 0; ii < configuration.ServerConfiguration.UserTokenPolicies.Count; ii++) { UserTokenPolicy policy = configuration.ServerConfiguration.UserTokenPolicies[ii]; if (policy.TokenType == UserTokenType.Certificate) { if (configuration.SecurityConfiguration.TrustedUserCertificates != null && configuration.SecurityConfiguration.UserIssuerCertificates != null) { CertificateValidator certificateValidator = new CertificateValidator(); certificateValidator.Update(configuration.SecurityConfiguration).Wait(); certificateValidator.Update(configuration.SecurityConfiguration.UserIssuerCertificates, configuration.SecurityConfiguration.TrustedUserCertificates, configuration.SecurityConfiguration.RejectedCertificateStore); m_userCertificateValidator = certificateValidator.GetChannelValidator(); } } } }
/// <summary> /// Creates the objects used to validate the user identity tokens supported by the server. /// </summary> private void CreateUserIdentityValidators(ApplicationConfiguration configuration) { foreach (UserTokenPolicy policy in configuration.ServerConfiguration.UserTokenPolicies) { // create a validator for a certificate token policy. if (policy.TokenType != UserTokenType.Certificate) { continue; } // check if user certificate trust lists are specified in configuration. if (configuration.SecurityConfiguration.TrustedUserCertificates == null || configuration.SecurityConfiguration.UserIssuerCertificates == null) { continue; } CertificateValidator certificateValidator = new CertificateValidator(); certificateValidator.Update(configuration.SecurityConfiguration).Wait(); certificateValidator.Update(configuration.SecurityConfiguration.UserIssuerCertificates, configuration.SecurityConfiguration.TrustedUserCertificates, configuration.SecurityConfiguration.RejectedCertificateStore); // set custom validator for user certificates. _certificateValidator = certificateValidator.GetChannelValidator(); } }