Merge pull request #860 from AlinMoldovean/master

Nonce validation fix in Client Session
OPCFoundation · Dec 2, 2019 · f1a16df · f1a16df
2 parents de98723 + 77a183e
commit f1a16df
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/SampleApplications/SDK/Opc.Ua.Client/Session.cs b/SampleApplications/SDK/Opc.Ua.Client/Session.cs
@@ -316,7 +316,7 @@ private void ValidateServerNonce(IUserIdentity identity, byte[] serverNonce, str
             if (identity!= null && identity.TokenType != UserTokenType.Anonymous)
             {
                 // the server nonce should be validated if the token includes a secret.
-                if (!Utils.Nonce.ValidateNonce(serverNonce, MessageSecurityMode.SignAndEncrypt, securityPolicyUri))
+                if (!Utils.Nonce.ValidateNonce(serverNonce, MessageSecurityMode.SignAndEncrypt, (uint)m_configuration.SecurityConfiguration.NonceLength))
                 {
                     throw ServiceResultException.Create(StatusCodes.BadNonceInvalid, "Server nonce is not the correct length or not random enough.");
                 }

diff --git a/Stack/Opc.Ua.Core/Types/Utils/Utils.cs b/Stack/Opc.Ua.Core/Types/Utils/Utils.cs
@@ -2664,6 +2664,14 @@ public static uint GetNonceLength(string securityPolicyUri)
             /// Validates the nonce for a message security mode and security policy.
             /// </summary>
             public static bool ValidateNonce(byte[] nonce, MessageSecurityMode securityMode, string securityPolicyUri)
+            {
+                return ValidateNonce(nonce, securityMode, GetNonceLength(securityPolicyUri));
+            }
+
+            /// <summary>
+            /// Validates the nonce for a message security mode and a minimum length.
+            /// </summary>
+            public static bool ValidateNonce(byte[] nonce, MessageSecurityMode securityMode, uint minNonceLength)
             {
                 // no nonce needed for no security.
                 if (securityMode == MessageSecurityMode.None)
@@ -2672,7 +2680,7 @@ public static bool ValidateNonce(byte[] nonce, MessageSecurityMode securityMode,
                 }
 
                 // check the length.
-                if (nonce == null || nonce.Length < GetNonceLength(securityPolicyUri))
+                if (nonce == null || nonce.Length < minNonceLength)
                 {
                     return false;
                 }