Opc.Ua.Bindings.TcpChannel.ReadAsymmetricMessageHeader C# (CSharp) Method

TcpChannel Class Documentation 显示文件 Open project: OPCFoundation/UA-.NETStandardLibrary

ReadAsymmetricMessageHeader() private method

private ReadAsymmetricMessageHeader ( BinaryDecoder decoder, X509Certificate2 receiverCertificate, uint &secureChannelId, X509Certificate2 &senderCertificate, string &securityPolicyUri ) : void
decoder	BinaryDecoder
receiverCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
secureChannelId	uint
senderCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
securityPolicyUri	string
return	void

        protected void ReadAsymmetricMessageHeader(
            BinaryDecoder        decoder,
            X509Certificate2     receiverCertificate,
            out uint             secureChannelId,            
            out X509Certificate2 senderCertificate,
            out string           securityPolicyUri)
        {        
            senderCertificate = null;

            uint messageType = decoder.ReadUInt32(null);
            uint messageSize = decoder.ReadUInt32(null);

            // decode security header.
            byte[] certificateData = null;
            byte[] thumbprintData = null;

            try
            {
                secureChannelId = decoder.ReadUInt32(null);
                securityPolicyUri = decoder.ReadString(null, TcpMessageLimits.MaxSecurityPolicyUriSize);
                certificateData = decoder.ReadByteString(null, TcpMessageLimits.MaxCertificateSize);
                thumbprintData = decoder.ReadByteString(null, TcpMessageLimits.CertificateThumbprintSize);
            }
            catch (Exception e)
            {
                throw ServiceResultException.Create(
                    StatusCodes.BadSecurityChecksFailed, 
                    e,
                    "The asymmetric security header could not be parsed.");
            }
            
            // verify sender certificate.
            if (certificateData != null && certificateData.Length > 0)
            {
                senderCertificate = CertificateFactory.Create(certificateData, true);

                try
                {
                    string thumbprint = senderCertificate.Thumbprint;

                    if (thumbprint == null)
                    {
                        throw ServiceResultException.Create(StatusCodes.BadCertificateInvalid, "Invalid certificate thumbprint.");
                    }
                }
                catch (Exception e)
                {
                    throw ServiceResultException.Create(StatusCodes.BadCertificateInvalid, e, "The sender's certificate could not be parsed.");
                }
            }
            else
            {
                if (securityPolicyUri != SecurityPolicies.None)
                {
                    throw ServiceResultException.Create(StatusCodes.BadCertificateInvalid, "The sender's certificate was not specified.");
                }
            }

            // verify receiver thumbprint.
            if (thumbprintData != null && thumbprintData.Length > 0)
            {
                if (receiverCertificate.Thumbprint.ToUpperInvariant() != GetThumbprintString(thumbprintData))
                {
                    throw ServiceResultException.Create(StatusCodes.BadCertificateInvalid, "The receiver's certificate thumbprint is not valid.");
                }
            }
            else
            {
                if (securityPolicyUri != SecurityPolicies.None)
                {
                    throw ServiceResultException.Create(StatusCodes.BadCertificateInvalid, "The receiver's certificate thumbprint was not specified.");
                }
            }
        }

TcpChannel

ActivateToken

CalculateSymmetricKeySizes

CompareCertificates

ComputeKeys

CreateNonce

CreateToken

Decrypt

DiscardTokens

Encrypt

GetAsymmetricHeaderSize

GetAsymmetricSignatureSize