C# Class Opc.Ua.Bindings.TcpChannel

Manages the server side of a UA TCP channel.

ファイルを表示 Open project: OPCFoundation/UA-.NETStandardLibrary

Private Properties

Property	Type	Description
GetMaxSenderCertificateSize	int
ReadAsymmetricMessageHeader	void
ReadSymmetricMessage	ArraySegment
RsaPkcs15_GetSignatureLength	int
RsaPkcs15_Sign	byte[]
RsaPkcs15_Verify	bool
Rsa_Decrypt	ArraySegment
Rsa_Encrypt	ArraySegment
SymmetricDecrypt	void
SymmetricEncrypt	void
SymmetricSign	byte[]
SymmetricVerify	bool

Protected Methods

Method	Description
ActivateToken ( TcpChannelToken token ) : void	Activates a new token.
CalculateSymmetricKeySizes ( ) : void	Calculates the symmetric key sizes based on the current security policy.
CompareCertificates ( X509Certificate2 expected, X509Certificate2 actual, bool allowNull ) : void	Compares two certificates.
ComputeKeys ( TcpChannelToken token ) : void	Computes the keys for a token.
CreateNonce ( ) : byte[]	Creates a new nonce.
CreateToken ( ) : TcpChannelToken	Creates a new token.
Decrypt ( ArraySegment dataToDecrypt, ArraySegment headerToCopy, X509Certificate2 receiverCertificate ) : ArraySegment	Decrypts the buffer using asymmetric encryption. Start and count specify the block of data to be decrypted. The header specifies unencrypted data that must be copied to the output.
Decrypt ( TcpChannelToken token, ArraySegment dataToDecrypt, bool useClientKeys ) : void	Decrypts the data in a buffer using symmetric encryption.
DiscardTokens ( ) : void	Discards the tokens.
Encrypt ( ArraySegment dataToEncrypt, ArraySegment headerToCopy, X509Certificate2 receiverCertificate ) : ArraySegment	Encrypts the buffer using asymmetric encryption. Start and count specify the block of data to be encrypted. The caller must ensure that count is a multiple of the input block size for the current cipher. The header specifies unencrypted data that must be copied to the output.
Encrypt ( TcpChannelToken token, ArraySegment dataToEncrypt, bool useClientKeys ) : void	Decrypts the data in a buffer using symmetric encryption.
GetAsymmetricHeaderSize ( string securityPolicyUri, X509Certificate2 senderCertificate ) : int	Calculates the size of the asymmetric security header.
GetAsymmetricHeaderSize ( string securityPolicyUri, X509Certificate2 senderCertificate, int senderCertificateSize ) : int
GetAsymmetricSignatureSize ( X509Certificate2 senderCertificate ) : int	Calculates the size of the footer with an asymmetric signature.
GetCipherTextBlockSize ( X509Certificate2 receiverCertificate ) : int	Returns the cipher text block size for key in the specified certificate.
GetNonceLength ( ) : uint	Returns the length of the symmetric encryption key.
GetPlainTextBlockSize ( X509Certificate2 receiverCertificate ) : int	Returns the plain text block size for key in the specified certificate.
GetThumbprintBytes ( string thumbprint ) : byte[]	Returns the thumbprint as a uppercase string.
GetThumbprintString ( byte thumbprint ) : string	Returns the thumbprint as a uppercase string.
ReadAsymmetricMessage ( ArraySegment buffer, X509Certificate2 receiverCertificate, uint &channelId, X509Certificate2 &senderCertificate, uint &requestId, uint &sequenceNumber ) : ArraySegment	Processes an OpenSecureChannel request message.
ReviseSecurityMode ( bool firstCall, MessageSecurityMode requestedMode ) : void	Checks if it is possible to revise the security mode.
Rsa_GetCipherTextBlockSize ( X509Certificate2 encryptingCertificate, bool useOaep ) : int	Return the ciphertext block size for RSA OAEP encryption.
Rsa_GetPlainTextBlockSize ( X509Certificate2 encryptingCertificate, bool useOaep ) : int	Return the plaintext block size for RSA OAEP encryption.
SetEndpointUrl ( string endpointUrl ) : bool	Sets to endpoint according to the endpoint url.
SetRenewedToken ( TcpChannelToken token ) : void	Sets the renewed token
Sign ( ArraySegment dataToSign, X509Certificate2 senderCertificate ) : byte[]	Adds an asymmetric signature to the end of the buffer. Start and count specify the block of data to be signed. The padding and signature must be written to the stream wrapped by the encoder.
Sign ( TcpChannelToken token, ArraySegment dataToSign, bool useClientKeys ) : byte[]	Returns the symmetric signature for the data.
ValidateNonce ( byte nonce ) : bool	Validates the nonce.
Verify ( ArraySegment dataToVerify, byte signature, X509Certificate2 senderCertificate ) : bool	Verifies an asymmetric signature at the end of the buffer. Start and count specify the block of data including the signature and padding. The current security policy uri and sender certificate specify the size of the signature. This call also verifies that the padding is correct.
Verify ( TcpChannelToken token, byte signature, ArraySegment dataToVerify, bool useClientKeys ) : bool	Returns the symmetric signature for the data.
WriteAsymmetricMessage ( uint messageType, uint requestId, X509Certificate2 senderCertificate, X509Certificate2 receiverCertificate, ArraySegment messageBody ) : BufferCollection	Sends a OpenSecureChannel response.
WriteAsymmetricMessageHeader ( BinaryEncoder encoder, uint messageType, uint secureChannelId, string securityPolicyUri, X509Certificate2 senderCertificate, X509Certificate2 receiverCertificate ) : void	Writes the asymmetric security header to the buffer.
WriteSymmetricMessage ( uint messageType, uint requestId, TcpChannelToken token, object messageBody, bool isRequest, bool &limitsExceeded ) : BufferCollection	Secures the message using the security token.

Private Methods

Method	Description
GetMaxSenderCertificateSize ( X509Certificate2 senderCertificate, string securityPolicyUri ) : int
ReadAsymmetricMessageHeader ( BinaryDecoder decoder, X509Certificate2 receiverCertificate, uint &secureChannelId, X509Certificate2 &senderCertificate, string &securityPolicyUri ) : void
ReadSymmetricMessage ( ArraySegment buffer, bool isRequest, TcpChannelToken &token, uint &requestId, uint &sequenceNumber ) : ArraySegment
RsaPkcs15_GetSignatureLength ( X509Certificate2 signingCertificate ) : int	Returns the length of a RSA PKCS#1 v1.5 signature.
RsaPkcs15_Sign ( ArraySegment dataToSign, X509Certificate2 signingCertificate, HashAlgorithmName algorithm ) : byte[]	Creates an RSA PKCS#1 v1.5 signature of a hash algorithm for the stream.
RsaPkcs15_Verify ( ArraySegment dataToVerify, byte signature, X509Certificate2 signingCertificate, HashAlgorithmName algorithm ) : bool	Verifies an RSA PKCS#1 v1.5 signature of a hash algorithm for the stream.
Rsa_Decrypt ( ArraySegment dataToDecrypt, ArraySegment headerToCopy, X509Certificate2 encryptingCertificate, bool useOaep ) : ArraySegment	Decrypts the message using RSA PKCS#1 v1.5 encryption.
Rsa_Encrypt ( ArraySegment dataToEncrypt, ArraySegment headerToCopy, X509Certificate2 encryptingCertificate, bool useOaep ) : ArraySegment	Encrypts the message using RSA PKCS#1 v1.5 encryption.
SymmetricDecrypt ( TcpChannelToken token, ArraySegment dataToDecrypt, bool useClientKeys ) : void	Decrypts a message using a symmetric algorithm.
SymmetricEncrypt ( TcpChannelToken token, ArraySegment dataToEncrypt, bool useClientKeys ) : void	Encrypts a message using a symmetric algorithm.
SymmetricSign ( TcpChannelToken token, ArraySegment dataToSign, bool useClientKeys ) : byte[]	Signs the message using SHA1 HMAC
SymmetricVerify ( TcpChannelToken token, byte signature, ArraySegment dataToVerify, bool useClientKeys ) : bool	Verifies a HMAC for a message.

Method Details

ActivateToken() protected method

Activates a new token.

protected ActivateToken ( TcpChannelToken token ) : void
token	TcpChannelToken
return	void

CalculateSymmetricKeySizes() protected method

Calculates the symmetric key sizes based on the current security policy.

protected CalculateSymmetricKeySizes ( ) : void
return	void

CompareCertificates() protected static method

Compares two certificates.

protected static CompareCertificates ( X509Certificate2 expected, X509Certificate2 actual, bool allowNull ) : void
expected	System.Security.Cryptography.X509Certificates.X509Certificate2
actual	System.Security.Cryptography.X509Certificates.X509Certificate2
allowNull	bool
return	void

ComputeKeys() protected method

Computes the keys for a token.

protected ComputeKeys ( TcpChannelToken token ) : void
token	TcpChannelToken
return	void

CreateNonce() protected method

Creates a new nonce.

protected CreateNonce ( ) : byte[]
return	byte[]

CreateToken() protected method

Creates a new token.

protected CreateToken ( ) : TcpChannelToken
return	TcpChannelToken

Decrypt() protected method

Decrypts the buffer using asymmetric encryption.

Start and count specify the block of data to be decrypted. The header specifies unencrypted data that must be copied to the output.

protected Decrypt ( ArraySegment dataToDecrypt, ArraySegment headerToCopy, X509Certificate2 receiverCertificate ) : ArraySegment
dataToDecrypt	ArraySegment
headerToCopy	ArraySegment
receiverCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
return	ArraySegment

Decrypt() protected method

Decrypts the data in a buffer using symmetric encryption.

protected Decrypt ( TcpChannelToken token, ArraySegment dataToDecrypt, bool useClientKeys ) : void
token	TcpChannelToken
dataToDecrypt	ArraySegment
useClientKeys	bool
return	void

DiscardTokens() protected method

Discards the tokens.

protected DiscardTokens ( ) : void
return	void

Encrypt() protected method

Encrypts the buffer using asymmetric encryption.

Start and count specify the block of data to be encrypted. The caller must ensure that count is a multiple of the input block size for the current cipher. The header specifies unencrypted data that must be copied to the output.

protected Encrypt ( ArraySegment dataToEncrypt, ArraySegment headerToCopy, X509Certificate2 receiverCertificate ) : ArraySegment
dataToEncrypt	ArraySegment
headerToCopy	ArraySegment
receiverCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
return	ArraySegment

Encrypt() protected method

Decrypts the data in a buffer using symmetric encryption.

protected Encrypt ( TcpChannelToken token, ArraySegment dataToEncrypt, bool useClientKeys ) : void
token	TcpChannelToken
dataToEncrypt	ArraySegment
useClientKeys	bool
return	void

GetAsymmetricHeaderSize() protected method

Calculates the size of the asymmetric security header.

protected GetAsymmetricHeaderSize ( string securityPolicyUri, X509Certificate2 senderCertificate ) : int
securityPolicyUri	string
senderCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
return	int

GetAsymmetricHeaderSize() protected method

protected GetAsymmetricHeaderSize ( string securityPolicyUri, X509Certificate2 senderCertificate, int senderCertificateSize ) : int
securityPolicyUri	string
senderCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
senderCertificateSize	int
return	int

GetAsymmetricSignatureSize() protected method

Calculates the size of the footer with an asymmetric signature.

protected GetAsymmetricSignatureSize ( X509Certificate2 senderCertificate ) : int
senderCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
return	int

GetCipherTextBlockSize() protected method

Returns the cipher text block size for key in the specified certificate.

protected GetCipherTextBlockSize ( X509Certificate2 receiverCertificate ) : int
receiverCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
return	int

GetNonceLength() protected method

Returns the length of the symmetric encryption key.

protected GetNonceLength ( ) : uint
return	uint

GetPlainTextBlockSize() protected method

Returns the plain text block size for key in the specified certificate.

protected GetPlainTextBlockSize ( X509Certificate2 receiverCertificate ) : int
receiverCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
return	int

GetThumbprintBytes() protected static method

Returns the thumbprint as a uppercase string.

protected static GetThumbprintBytes ( string thumbprint ) : byte[]
thumbprint	string
return	byte[]

GetThumbprintString() protected static method

Returns the thumbprint as a uppercase string.

protected static GetThumbprintString ( byte thumbprint ) : string
thumbprint	byte
return	string

ReadAsymmetricMessage() protected method

Processes an OpenSecureChannel request message.

protected ReadAsymmetricMessage ( ArraySegment buffer, X509Certificate2 receiverCertificate, uint &channelId, X509Certificate2 &senderCertificate, uint &requestId, uint &sequenceNumber ) : ArraySegment
buffer	ArraySegment
receiverCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
channelId	uint
senderCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
requestId	uint
sequenceNumber	uint
return	ArraySegment

ReviseSecurityMode() protected method

Checks if it is possible to revise the security mode.

protected ReviseSecurityMode ( bool firstCall, MessageSecurityMode requestedMode ) : void
firstCall	bool
requestedMode	MessageSecurityMode
return	void

Rsa_GetCipherTextBlockSize() protected static method

Return the ciphertext block size for RSA OAEP encryption.

protected static Rsa_GetCipherTextBlockSize ( X509Certificate2 encryptingCertificate, bool useOaep ) : int
encryptingCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
useOaep	bool
return	int

Rsa_GetPlainTextBlockSize() protected static method

Return the plaintext block size for RSA OAEP encryption.

protected static Rsa_GetPlainTextBlockSize ( X509Certificate2 encryptingCertificate, bool useOaep ) : int
encryptingCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
useOaep	bool
return	int

SetEndpointUrl() protected method

Sets to endpoint according to the endpoint url.

protected SetEndpointUrl ( string endpointUrl ) : bool
endpointUrl	string
return	bool

SetRenewedToken() protected method

Sets the renewed token

protected SetRenewedToken ( TcpChannelToken token ) : void
token	TcpChannelToken
return	void

Sign() protected method

Adds an asymmetric signature to the end of the buffer.

Start and count specify the block of data to be signed. The padding and signature must be written to the stream wrapped by the encoder.

protected Sign ( ArraySegment dataToSign, X509Certificate2 senderCertificate ) : byte[]
dataToSign	ArraySegment
senderCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
return	byte[]

Sign() protected method

Returns the symmetric signature for the data.

protected Sign ( TcpChannelToken token, ArraySegment dataToSign, bool useClientKeys ) : byte[]
token	TcpChannelToken
dataToSign	ArraySegment
useClientKeys	bool
return	byte[]

ValidateNonce() protected method

Validates the nonce.

protected ValidateNonce ( byte nonce ) : bool
nonce	byte
return	bool

Verify() protected method

Verifies an asymmetric signature at the end of the buffer.

Start and count specify the block of data including the signature and padding. The current security policy uri and sender certificate specify the size of the signature. This call also verifies that the padding is correct.

protected Verify ( ArraySegment dataToVerify, byte signature, X509Certificate2 senderCertificate ) : bool
dataToVerify	ArraySegment
signature	byte
senderCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
return	bool

Verify() protected method

Returns the symmetric signature for the data.

protected Verify ( TcpChannelToken token, byte signature, ArraySegment dataToVerify, bool useClientKeys ) : bool
token	TcpChannelToken
signature	byte
dataToVerify	ArraySegment
useClientKeys	bool
return	bool

WriteAsymmetricMessage() protected method

Sends a OpenSecureChannel response.

protected WriteAsymmetricMessage ( uint messageType, uint requestId, X509Certificate2 senderCertificate, X509Certificate2 receiverCertificate, ArraySegment messageBody ) : BufferCollection
messageType	uint
requestId	uint
senderCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
receiverCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
messageBody	ArraySegment
return	BufferCollection

WriteAsymmetricMessageHeader() protected method

Writes the asymmetric security header to the buffer.

protected WriteAsymmetricMessageHeader ( BinaryEncoder encoder, uint messageType, uint secureChannelId, string securityPolicyUri, X509Certificate2 senderCertificate, X509Certificate2 receiverCertificate ) : void
encoder	BinaryEncoder
messageType	uint
secureChannelId	uint
securityPolicyUri	string
senderCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
receiverCertificate	System.Security.Cryptography.X509Certificates.X509Certificate2
return	void

WriteSymmetricMessage() protected method

Secures the message using the security token.

protected WriteSymmetricMessage ( uint messageType, uint requestId, TcpChannelToken token, object messageBody, bool isRequest, bool &limitsExceeded ) : BufferCollection
messageType	uint
requestId	uint
token	TcpChannelToken
messageBody	object
isRequest	bool
limitsExceeded	bool
return	BufferCollection