|
public Activate ( |
||
| context | ||
| clientSoftwareCertificates | List |
|
| identityToken | UserIdentityToken | |
| identity | IUserIdentity | |
| effectiveIdentity | IUserIdentity | |
| localeIds | StringCollection | |
| serverNonce | byte | |
| return | bool | |
public bool Activate(
OperationContext context,
List<SoftwareCertificate> clientSoftwareCertificates,
UserIdentityToken identityToken,
IUserIdentity identity,
IUserIdentity effectiveIdentity,
StringCollection localeIds,
byte[] serverNonce)
{
lock (m_lock)
{
// update user identity.
bool changed = false;
if (identityToken != null)
{
if (UpdateUserIdentity(identityToken, identity, effectiveIdentity))
{
changed = true;
}
}
// update local ids.
if (UpdateLocaleIds( localeIds ))
{
changed = true;
}
if (!m_activated)
{
// toggle the activated flag.
m_activated = true;
// save the software certificates.
m_softwareCertificates = clientSoftwareCertificates;
TraceState("FIRST ACTIVATION");
}
else
{
// bind to the new secure channel.
m_secureChannelId = context.ChannelContext.SecureChannelId;
TraceState("RE-ACTIVATION");
}
// update server nonce.
m_serverNonce = serverNonce;
// build list of signed certificates for audit event.
List<SignedSoftwareCertificate> signedSoftwareCertificates = new List<SignedSoftwareCertificate>();
if (clientSoftwareCertificates != null)
{
foreach (SoftwareCertificate softwareCertificate in clientSoftwareCertificates)
{
SignedSoftwareCertificate item = new SignedSoftwareCertificate();
item.CertificateData = softwareCertificate.SignedCertificate.GetRawCertData();
signedSoftwareCertificates.Add(item);
}
}
// raise an audit event.
ServerSystemContext systemContext = m_server.DefaultSystemContext.Copy(context);
ReportAuditActivateSessionEvent(systemContext);
// update the contact time.
lock (m_diagnostics)
{
m_diagnostics.ClientLastContactTime = DateTime.UtcNow;
}
// indicate whether the user context has changed.
return changed;
}
}
/// <summary>
/// Activates an existing session
/// </summary>
public virtual bool ActivateSession(
OperationContext context,
NodeId authenticationToken,
SignatureData clientSignature,
List <SoftwareCertificate> clientSoftwareCertificates,
ExtensionObject userIdentityToken,
SignatureData userTokenSignature,
StringCollection localeIds,
out byte[] serverNonce)
{
serverNonce = null;
Session session = null;
UserIdentityToken newIdentity = null;
UserTokenPolicy userTokenPolicy = null;
lock (m_lock)
{
// find session.
if (!m_sessions.TryGetValue(authenticationToken, out session))
{
throw new ServiceResultException(StatusCodes.BadSessionClosed);
}
// check if session timeout has expired.
if (session.HasExpired)
{
m_server.CloseSession(null, session.Id, false);
throw new ServiceResultException(StatusCodes.BadSessionClosed);
}
// create new server nonce.
serverNonce = Utils.Nonce.CreateNonce((uint)m_minNonceLength);
// validate before activation.
session.ValidateBeforeActivate(
context,
clientSignature,
clientSoftwareCertificates,
userIdentityToken,
userTokenSignature,
localeIds,
serverNonce,
out newIdentity,
out userTokenPolicy);
}
IUserIdentity identity = null;
IUserIdentity effectiveIdentity = null;
ServiceResult error = null;
try
{
// check if the application has a callback which validates the identity tokens.
lock (m_eventLock)
{
if (m_ImpersonateUser != null)
{
ImpersonateEventArgs args = new ImpersonateEventArgs(newIdentity, userTokenPolicy);
m_ImpersonateUser(session, args);
if (ServiceResult.IsBad(args.IdentityValidationError))
{
error = args.IdentityValidationError;
}
else
{
identity = args.Identity;
effectiveIdentity = args.EffectiveIdentity;
}
}
}
// parse the token manually if the identity is not provided.
if (identity == null)
{
identity = new UserIdentity(newIdentity);
}
// use the identity as the effectiveIdentity if not provided.
if (effectiveIdentity == null)
{
effectiveIdentity = identity;
}
}
catch (Exception e)
{
if (e is ServiceResultException)
{
throw e;
}
throw ServiceResultException.Create(
StatusCodes.BadIdentityTokenInvalid,
e,
"Could not validate user identity token: {0}",
newIdentity);
}
// check for validation error.
if (ServiceResult.IsBad(error))
{
throw new ServiceResultException(error);
}
// activate session.
bool contextChanged = session.Activate(
context,
clientSoftwareCertificates,
newIdentity,
identity,
effectiveIdentity,
localeIds,
serverNonce);
// raise session related event.
if (contextChanged)
{
RaiseSessionEvent(session, SessionEventReason.Activated);
}
// indicates that the identity context for the session has changed.
return(contextChanged);
}
