public CreateNewKeyPairRequestFormApiModel(CreateNewKeyPairRequestApiModel apiModel) :
base()
{
ApplicationId = apiModel.ApplicationId;
CertificateGroupId = apiModel.CertificateGroupId;
CertificateTypeId = apiModel.CertificateTypeId;
SubjectName = apiModel.SubjectName;
DomainNames = apiModel.DomainNames;
PrivateKeyFormat = apiModel.PrivateKeyFormat;
PrivateKeyPassword = apiModel.PrivateKeyPassword;
}
public NodeId StartNewKeyPairRequest(
NodeId applicationId,
string certificateGroupId,
string certificateTypeId,
string subjectName,
string[] domainNames,
string privateKeyFormat,
string privateKeyPassword,
string authorityId)
{
string appId = OpcVaultClientHelper.GetServiceIdFromNodeId(applicationId, NamespaceIndex);
if (string.IsNullOrEmpty(appId))
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "The ApplicationId is invalid.");
}
if (String.IsNullOrWhiteSpace(certificateTypeId))
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "The CertificateTypeId does not refer to a supported CertificateType.");
}
if (String.IsNullOrWhiteSpace(certificateGroupId))
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "The CertificateGroupId does not refer to a supported CertificateGroup.");
}
try
{
var model = new CreateNewKeyPairRequestApiModel(
appId,
certificateGroupId,
certificateTypeId,
subjectName,
domainNames,
privateKeyFormat,
privateKeyPassword
);
string requestId = _opcVaultServiceClient.CreateNewKeyPairRequest(model);
return(OpcVaultClientHelper.GetNodeIdFromServiceId(requestId, NamespaceIndex));
}
catch (HttpOperationException httpEx)
{
// TODO: return matching ServiceResultException
//throw new ServiceResultException(StatusCodes.BadNodeIdUnknown);
//throw new ServiceResultException(StatusCodes.BadInvalidArgument);
//throw new ServiceResultException(StatusCodes.BadUserAccessDenied);
throw new ServiceResultException(httpEx, StatusCodes.BadRequestNotAllowed);
}
}
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
CreateNewKeyPairRequestApiModel request = (CreateNewKeyPairRequestApiModel)validationContext.ObjectInstance;
var errorList = new List <string>();
if (String.IsNullOrWhiteSpace(request.SubjectName))
{
errorList.Add(nameof(request.SubjectName));
}
if (request.DomainNames != null)
{
if (request.DomainNames.Count > 0)
{
if (String.IsNullOrWhiteSpace(request.DomainNames[0]))
{
errorList.Add("DomainNames[0]");
}
}
}
if (String.IsNullOrWhiteSpace(request.PrivateKeyFormat))
{
errorList.Add(nameof(request.PrivateKeyFormat));
}
if (errorList.Count > 0)
{
return(new ValidationResult("Required Field.", errorList));
}
try
{
var dn = Opc.Ua.Utils.ParseDistinguishedName(request.SubjectName);
var prefix = dn.Where(x => x.StartsWith("CN=", StringComparison.OrdinalIgnoreCase)).FirstOrDefault();
if (prefix == null)
{
errorList.Add(nameof(request.SubjectName));
return(new ValidationResult("Need at least a common name CN=", errorList));
}
}
catch
{
errorList.Add(nameof(request.SubjectName));
}
if (errorList.Count > 0)
{
return(new ValidationResult("Not a well formed Certificate Subject.", errorList));
}
return(ValidationResult.Success);
}
public async Task <string> CreateNewKeyPairRequestAsync([FromBody] CreateNewKeyPairRequestApiModel newKeyPairRequest)
{
if (newKeyPairRequest == null)
{
throw new ArgumentNullException(nameof(newKeyPairRequest));
}
string authorityId = User.Identity.Name;
return(await _certificateRequest.StartNewKeyPairRequestAsync(
newKeyPairRequest.ApplicationId,
newKeyPairRequest.CertificateGroupId,
newKeyPairRequest.CertificateTypeId,
newKeyPairRequest.SubjectName,
newKeyPairRequest.DomainNames,
newKeyPairRequest.PrivateKeyFormat,
newKeyPairRequest.PrivateKeyPassword,
authorityId));
}
