/// <summary>
/// Validates a software certificate.
/// </summary>
public static ServiceResult Validate(
CertificateValidator validator,
byte[] signedCertificate,
out SoftwareCertificate softwareCertificate)
{
softwareCertificate = null;
// validate the certificate.
X509Certificate2 certificate = null;
try
{
certificate = CertificateFactory.Create(signedCertificate, true);
validator.Validate(certificate);
}
catch (Exception e)
{
return ServiceResult.Create(e, StatusCodes.BadDecodingError, "Could not decode software certificate body.");
}
// find the software certficate.
byte[] encodedData = null;
foreach (X509Extension extension in certificate.Extensions)
{
if (extension.Oid.Value == "0.0.0.0.0")
{
encodedData = extension.RawData;
break;
}
}
if (encodedData == null)
{
return ServiceResult.Create(StatusCodes.BadCertificateInvalid, "Could not find extension containing the software certficate.");
}
try
{
MemoryStream istrm = new MemoryStream(encodedData, false);
DataContractSerializer serializer = new DataContractSerializer(typeof(SoftwareCertificate));
softwareCertificate = (SoftwareCertificate)serializer.ReadObject(istrm);
softwareCertificate.SignedCertificate = certificate;
}
catch (Exception e)
{
return ServiceResult.Create(e, StatusCodes.BadCertificateInvalid, "Certificate does not contain a valid SoftwareCertificate body.");
}
// certificate is valid.
return ServiceResult.Good;
}
/// <summary>
/// Validates a software certificate.
/// </summary>
public static ServiceResult Validate(
CertificateValidator validator,
byte[] signedCertificate,
out SoftwareCertificate softwareCertificate)
{
softwareCertificate = null;
// validate the certificate.
X509Certificate2 certificate = null;
try
{
certificate = new X509Certificate2(signedCertificate);
validator.Validate(certificate);
}
catch (Exception e)
{
return(ServiceResult.Create(e, StatusCodes.BadDecodingError, "Could not decode software certificate body."));
}
// find the software certficate.
byte[] encodedData = null;
if (encodedData == null)
{
return(ServiceResult.Create(StatusCodes.BadCertificateInvalid, "Could not find extension containing the software certficate."));
}
try
{
MemoryStream istrm = new MemoryStream(encodedData, false);
DataContractSerializer serializer = new DataContractSerializer(typeof(SoftwareCertificate));
softwareCertificate = (SoftwareCertificate)serializer.ReadObject(istrm);
softwareCertificate.SignedCertificate = certificate;
}
catch (Exception e)
{
return(ServiceResult.Create(e, StatusCodes.BadCertificateInvalid, "Certificate does not contain a valid SoftwareCertificate body."));
}
// certificate is valid.
return(ServiceResult.Good);
}
/// <summary>
/// Called when a certificate cannot be validated.
/// </summary>
/// <param name="sender">The sender.</param>
/// <param name="e">The <see cref="Opc.Ua.CertificateValidationEventArgs"/> instance containing the event data.</param>
void CertificateValidator_CertificateValidation(CertificateValidator sender, CertificateValidationEventArgs e)
{
// need to dispatch to the main UI thread.
if (InvokeRequired)
{
Invoke(new CertificateValidationEventHandler(CertificateValidator_CertificateValidation), sender, e);
return;
}
try
{
e.Accept = true;
/*
// prompt user.
switch (new AcceptCertificateDlg().ShowDialog(e))
{
case AcceptCertificateOptions.AcceptAlwaysForAll:
case AcceptCertificateOptions.AcceptAlwaysForCurrent:
case AcceptCertificateOptions.AcceptOnceForCurrent:
{
// TBD - update configuration to make the acceptance permenent.
e.Accept = true;
break;
}
case AcceptCertificateOptions.RejectAlways:
{
// TBD - update configuration to make the rejection permenent.
e.Accept = false;
break;
}
}
*/
}
catch (Exception exception)
{
MessageBox.Show(exception.Message);
}
}
public WcfValidatorWrapper(CertificateValidator validator)
{
m_validator = validator;
}
/// <summary>
/// Handles an error validating the server certificate.
/// </summary>
/// <remarks>
/// Applications should never accept certificates silently. Doing do will create the illusion of security
/// that will come back to haunt the vendor in the future. Compliance tests by the OPC Foundation will
/// fail products that silently accept untrusted certificates.
/// </remarks>
static void CertificateValidator_CertificateValidation(CertificateValidator validator, CertificateValidationEventArgs e)
{
e.Accept = true;
Console.WriteLine("WARNING: Accepting Untrusted Certificate: {0}", e.Certificate.Subject);
}
/// <summary>
/// Ensures that the application configuration is valid.
/// </summary>
/// <param name="applicationType">Type of the application.</param>
public virtual async Task Validate(ApplicationType applicationType)
{
if (String.IsNullOrEmpty(ApplicationName))
{
throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "ApplicationName must be specified.");
}
if (SecurityConfiguration == null)
{
throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "SecurityConfiguration must be specified.");
}
SecurityConfiguration.Validate();
// generate a default uri if null
if (String.IsNullOrEmpty(ApplicationUri))
{
StringBuilder buffer = new StringBuilder();
buffer.Append("urn:");
buffer.Append(Utils.GetHostName());
buffer.Append(":");
buffer.Append(ApplicationName);
m_applicationUri = buffer.ToString();
}
// load app cert
await SecurityConfiguration.ApplicationCertificate.LoadApplicationCertificate(m_applicationUri, null);
if (applicationType == ApplicationType.Client || applicationType == ApplicationType.ClientAndServer)
{
if (ClientConfiguration == null)
{
throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "ClientConfiguration must be specified.");
}
ClientConfiguration.Validate();
}
if (applicationType == ApplicationType.Server || applicationType == ApplicationType.ClientAndServer)
{
if (ServerConfiguration == null)
{
throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "ServerConfiguration must be specified.");
}
ServerConfiguration.Validate();
}
if (applicationType == ApplicationType.DiscoveryServer)
{
if (DiscoveryServerConfiguration == null)
{
throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "DiscoveryServerConfiguration must be specified.");
}
DiscoveryServerConfiguration.Validate();
}
// toggle the state of the hi-res clock.
HiResClock.Disabled = m_disableHiResClock;
if (m_disableHiResClock)
{
if (m_serverConfiguration != null)
{
if (m_serverConfiguration.PublishingResolution < 50)
{
m_serverConfiguration.PublishingResolution = 50;
}
}
}
// create the certificate validator.
m_certificateValidator = new CertificateValidator();
await m_certificateValidator.Update(this.SecurityConfiguration);
}
/// <summary>
/// Prompts the user to accept an untrusted certificate.
/// </summary>
private void CertificateValidator_CertificateValidation(CertificateValidator sender, CertificateValidationEventArgs e)
{
if (this.InvokeRequired)
{
this.Invoke(new CertificateValidationEventHandler(CertificateValidator_CertificateValidation), sender, e);
return;
}
try
{
DialogResult result = MessageBox.Show(
e.Certificate.Subject,
"Untrusted Certificate",
MessageBoxButtons.YesNo,
MessageBoxIcon.Warning);
e.Accept = (result == DialogResult.Yes);
}
catch (Exception exception)
{
MessageBox.Show(exception.Message, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private void validateCerts(Opc.Ua.CertificateValidator sender, Opc.Ua.CertificateValidationEventArgs e)
{
e.Accept = true;
}
/// <summary>
/// Handles a certificate validation error.
/// </summary>
private static void CertificateValidator_CertificateValidation(CertificateValidator validator, CertificateValidationEventArgs e)
{
try
{
if (e.Error != null && e.Error.Code == StatusCodes.BadCertificateUntrusted)
{
e.Accept = true;
Utils.Trace((int)Utils.TraceMasks.Security, "Automatically accepted certificate: {0}", e.Certificate.Subject);
}
}
catch (Exception exception)
{
Utils.Trace(exception, "Error accepting certificate.");
}
}
/// <summary>
/// Uses the UA validation logic for HTTPS certificates.
/// </summary>
/// <param name="validator">The validator.</param>
public static void SetUaValidationForHttps(CertificateValidator validator)
{
m_validator = validator;
System.Net.ServicePointManager.ServerCertificateValidationCallback = HttpsCertificateValidation;
}
private static void CertificateValidator_CertificateValidation(CertificateValidator validator, CertificateValidationEventArgs e)
{
if (e.Error.StatusCode == StatusCodes.BadCertificateUntrusted)
{
e.Accept = false;
Console.WriteLine("Rejected Certificate: {0}", e.Certificate.Subject);
}
}
/// <summary>
/// Always accept server certificates.
/// </summary>
void CertificateValidator_CertificateValidation(CertificateValidator validator, CertificateValidationEventArgs e)
{
e.Accept = true;
}
/// <summary>
/// Handles a certificate validation error.
/// </summary>
private void CertificateValidator_CertificateValidation(CertificateValidator sender, CertificateValidationEventArgs e)
{
if (this.InvokeRequired)
{
this.Invoke(new CertificateValidationEventHandler(CertificateValidator_CertificateValidation), sender, e);
return;
}
try
{
e.Accept = m_configuration.SecurityConfiguration.AutoAcceptUntrustedCertificates;
if (!m_configuration.SecurityConfiguration.AutoAcceptUntrustedCertificates)
{
DialogResult result = MessageBox.Show(
e.Certificate.Subject,
"Untrusted Certificate",
MessageBoxButtons.YesNo,
MessageBoxIcon.Warning);
e.Accept = (result == DialogResult.Yes);
}
}
catch (Exception exception)
{
ClientUtils.HandleException(this.Text, exception);
}
}
public WcfValidatorWrapper(CertificateValidator validator)
{
m_validator = validator;
}
/// <summary>
/// Ensures that the application configuration is valid.
/// </summary>
/// <param name="applicationType">Type of the application.</param>
public virtual void Validate(ApplicationType applicationType)
{
if (String.IsNullOrEmpty(ApplicationName))
{
throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "ApplicationName must be specified.");
}
#if !SILVERLIGHT
if (SecurityConfiguration == null)
{
throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "SecurityConfiguration must be specified.");
}
SecurityConfiguration.Validate();
// ensure application uri matches the certificate.
X509Certificate2 certificate = SecurityConfiguration.ApplicationCertificate.LoadPrivateKey(null);
if (certificate != null)
{
ApplicationUri = Utils.GetApplicationUriFromCertficate(certificate);
}
#endif
// generate a default uri.
if (String.IsNullOrEmpty(ApplicationUri))
{
StringBuilder buffer = new StringBuilder();
buffer.Append("urn:");
buffer.Append(System.Net.Dns.GetHostName());
buffer.Append(":");
buffer.Append(ApplicationName);
m_applicationUri = buffer.ToString();
}
if (applicationType == ApplicationType.Client || applicationType == ApplicationType.ClientAndServer)
{
if (ClientConfiguration == null)
{
throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "ClientConfiguration must be specified.");
}
ClientConfiguration.Validate();
}
if (applicationType == ApplicationType.Server || applicationType == ApplicationType.ClientAndServer)
{
if (ServerConfiguration == null)
{
throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "ServerConfiguration must be specified.");
}
ServerConfiguration.Validate();
}
if (applicationType == ApplicationType.DiscoveryServer)
{
if (DiscoveryServerConfiguration == null)
{
throw ServiceResultException.Create(StatusCodes.BadConfigurationError, "DiscoveryServerConfiguration must be specified.");
}
DiscoveryServerConfiguration.Validate();
}
// toggle the state of the hi-res clock.
HiResClock.Disabled = m_disableHiResClock;
if (m_disableHiResClock)
{
if (m_serverConfiguration != null)
{
if (m_serverConfiguration.PublishingResolution < 50)
{
m_serverConfiguration.PublishingResolution = 50;
}
}
}
#if !SILVERLIGHT
// create the certificate validator.
m_certificateValidator = new CertificateValidator();
m_certificateValidator.Update(this.SecurityConfiguration);
#endif
}
/// <summary>
/// Handles a certificate validation error.
/// </summary>
void CertificateValidator_CertificateValidation(CertificateValidator validator, CertificateValidationEventArgs e)
{
try
{
Opc.Ua.Client.Controls.GuiUtils.HandleCertificateValidationError(this, validator, e);
}
catch (Exception exception)
{
Opc.Ua.Client.Controls.GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception);
}
}
/// <summary>
/// Handles a certificate validation error.
/// </summary>
private void CertificateValidator_CertificateValidation(CertificateValidator sender, CertificateValidationEventArgs e)
{
e.Accept = true;
}
