From 86b4c058b3312ad53247589d35dfe858b0cdf604 Mon Sep 17 00:00:00 2001 From: Roman Ettlinger Date: Fri, 22 Dec 2023 20:46:55 +0100 Subject: [PATCH] update to newest OPC UA Nuget Package - users Database - Trust own CA - replace CertificateGroup by CertificateGroupService to mitigate internal copying --- GDSwithREST.Domain/GDSwithREST.Domain.csproj | 2 +- .../Services/CertificateGroupService.cs | 25 +++++++++++++------ GDSwithREST.Domain/Services/GdsService.cs | 22 +++++++++++++--- .../Services/ICertificateGroupService.cs | 4 +-- .../Controllers/ApplicationsController.cs | 2 +- .../CertificateGroupsController.cs | 2 +- .../Opc.Ua.GlobalDiscoveryServer.Config.xml | 1 + docker-compose.yml | 2 +- 8 files changed, 44 insertions(+), 16 deletions(-) diff --git a/GDSwithREST.Domain/GDSwithREST.Domain.csproj b/GDSwithREST.Domain/GDSwithREST.Domain.csproj index 939b1e7..c07375d 100644 --- a/GDSwithREST.Domain/GDSwithREST.Domain.csproj +++ b/GDSwithREST.Domain/GDSwithREST.Domain.csproj @@ -8,7 +8,7 @@ - + diff --git a/GDSwithREST.Domain/Services/CertificateGroupService.cs b/GDSwithREST.Domain/Services/CertificateGroupService.cs index b9eecd6..b289673 100644 --- a/GDSwithREST.Domain/Services/CertificateGroupService.cs +++ b/GDSwithREST.Domain/Services/CertificateGroupService.cs @@ -6,24 +6,35 @@ namespace GDSwithREST.Domain.Services { public class CertificateGroupService : CertificateGroup, ICertificateGroupService { - public List CertificateGroups { get; } = new List(); + public List CertificateGroups { get; } = new List(); - public override CertificateGroup Create( + public override CertificateGroupService Create( string storePath, CertificateGroupConfiguration certificateGroupConfiguration) { - var cg = new CertificateGroup().Create(storePath, certificateGroupConfiguration); + var cg = new CertificateGroupService(storePath, certificateGroupConfiguration); CertificateGroups.Add(cg); return cg; } - public async Task GetTrustList(CertificateGroup certificateGroup) + public CertificateGroupService() : base() { } + + protected CertificateGroupService( + string authoritiesStorePath, + CertificateGroupConfiguration certificateGroupConfiguration + ) + : base(authoritiesStorePath, + certificateGroupConfiguration) + { } + + public async Task GetTrustList() { - using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(certificateGroup.Configuration.TrustedListPath)) + using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(Configuration.TrustedListPath)) { - return await store.Enumerate(); + { + return await store.Enumerate(); + } } - } } } diff --git a/GDSwithREST.Domain/Services/GdsService.cs b/GDSwithREST.Domain/Services/GdsService.cs index f5b25b0..8856aa9 100644 --- a/GDSwithREST.Domain/Services/GdsService.cs +++ b/GDSwithREST.Domain/Services/GdsService.cs @@ -1,7 +1,10 @@ -using Opc.Ua; +using GDSwithREST.Domain.ApiModels; +using Opc.Ua; using Opc.Ua.Configuration; using Opc.Ua.Gds.Server; using Opc.Ua.Gds.Server.Database; +using Opc.Ua.Gds.Server.Database.Linq; +using static Org.BouncyCastle.Math.EC.ECCurve; namespace GDSwithREST.Domain.Services { @@ -32,7 +35,7 @@ public async Task StartServer(CancellationToken stoppingToken) _applicationInstance = new ApplicationInstance { ApplicationName = "Global Discovery Server", - ApplicationType = ApplicationType.Server, + ApplicationType = Opc.Ua.ApplicationType.Server, ConfigSectionName = "Opc.Ua.GlobalDiscoveryServer" }; // load the application configuration. @@ -42,16 +45,29 @@ public async Task StartServer(CancellationToken stoppingToken) _applications.Initialize(); _certificateRequests.Initialize(); + + // get the DatabaseStorePath configuration parameter. + GlobalDiscoveryServerConfiguration gdsConfiguration = _applicationInstance.ApplicationConfiguration.ParseExtension(); + string usersDatabaseStorePath = Utils.ReplaceSpecialFolderNames(gdsConfiguration.UsersDatabaseStorePath); + var usersDatabase = JsonUsersDatabase.Load(usersDatabaseStorePath); //await _certificateGroup.Init(); var gdsServer = new GlobalDiscoverySampleServer( _applications, _certificateRequests, - _certificateGroups + _certificateGroups, + usersDatabase ); //start GDS await _applicationInstance.Start(gdsServer); + //trust GDS CA + var defaultCertificateGroup = _certificateGroups.CertificateGroups.SingleOrDefault(cg => cg.Id.Identifier is (uint)CertificateGroupType.DefaultApplicationGroup); + if (defaultCertificateGroup is null) + throw new Exception("Failed to initialze GDS CA Certifcate"); + + await _applicationInstance.AddOwnCertificateToTrustedStoreAsync(defaultCertificateGroup.Certificate, stoppingToken); + var endpoints = _applicationInstance.Server.GetEndpoints().Select(e => e.EndpointUrl).Distinct(); foreach (var endpoint in endpoints) diff --git a/GDSwithREST.Domain/Services/ICertificateGroupService.cs b/GDSwithREST.Domain/Services/ICertificateGroupService.cs index 0072ff1..0bab893 100644 --- a/GDSwithREST.Domain/Services/ICertificateGroupService.cs +++ b/GDSwithREST.Domain/Services/ICertificateGroupService.cs @@ -5,7 +5,7 @@ namespace GDSwithREST.Domain.Services { public interface ICertificateGroupService : ICertificateGroup { - public List CertificateGroups { get; } - public Task GetTrustList(CertificateGroup certificateGroup); + public List CertificateGroups { get; } + public Task GetTrustList(); } } diff --git a/GDSwithREST/Controllers/ApplicationsController.cs b/GDSwithREST/Controllers/ApplicationsController.cs index df72da0..b759c1d 100644 --- a/GDSwithREST/Controllers/ApplicationsController.cs +++ b/GDSwithREST/Controllers/ApplicationsController.cs @@ -158,7 +158,7 @@ private static async Task RevokeApplicationCertificate(byte[]? certificate, ICer } if (certificateGroup != null) { - await certificateGroupService.RevokeCertificateAsync(x509).ConfigureAwait(false); + await certificateGroup.RevokeCertificateAsync(x509).ConfigureAwait(false); } } } diff --git a/GDSwithREST/Controllers/CertificateGroupsController.cs b/GDSwithREST/Controllers/CertificateGroupsController.cs index 48831dc..090703b 100644 --- a/GDSwithREST/Controllers/CertificateGroupsController.cs +++ b/GDSwithREST/Controllers/CertificateGroupsController.cs @@ -78,7 +78,7 @@ public async Task> GetCertificateGroupTr { return NotFound(); } - var trustedCertificatesCollection = await _certificateGroupService.GetTrustList(certificateGroup); + var trustedCertificatesCollection = await certificateGroup.GetTrustList(); var trustList = from cert in trustedCertificatesCollection select new X509CertificateApiModel(cert); diff --git a/GDSwithREST/GdsConfig/Opc.Ua.GlobalDiscoveryServer.Config.xml b/GDSwithREST/GdsConfig/Opc.Ua.GlobalDiscoveryServer.Config.xml index 328956c..91a922f 100644 --- a/GDSwithREST/GdsConfig/Opc.Ua.GlobalDiscoveryServer.Config.xml +++ b/GDSwithREST/GdsConfig/Opc.Ua.GlobalDiscoveryServer.Config.xml @@ -160,6 +160,7 @@ 5 + %LocalApplicationData%/OPC Foundation/GDS/gdsusersdb.json diff --git a/docker-compose.yml b/docker-compose.yml index 6d9189d..01601bd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '3.4' name: "gdswithrest" services: api: - image: "ghcr.io/romanett/gdswithrest:2023-11-28" + image: "ghcr.io/romanett/gdswithrest:2023-12-22" ports: - "8080:8080" - "8081:8081"