Refactor CertificateFactory, remove bouncy castle dependency in Opc.U…

…a.Core for .NET Core 3.1 (#1209) - remove use of Bouncy Castle for .NET Core 3 - refactor CreateCertificate class to allow for an easier Create fluent model with respect to future extensions, e.g. ECC - reimplement X509CRL and a couple of extension relevant for OPC UA based on the new System.Formats.Asn1 library - use CertificateRequest on .NET Core 3.1 - refactor codebase to allow for a seperate library to handle all the ASN.1 encoding/decoding - new package Opc.Ua.Security.Certificates with all ASN.1 encode/decode related code breaking change: many X509 related util functions were moved to X509Utils class Note: .NET 4.6.2 and .NET Core 2.1 versions still use BouncyCastle for Cert creation
OPCFoundation · Dec 13, 2020 · f904139 · f904139
1 parent e53d97d
commit f904139
Show file tree

Hide file tree

Showing 112 changed files with 9,520 additions and 3,143 deletions.
diff --git a/.azurepipelines/ci.yml b/.azurepipelines/ci.yml
@@ -32,7 +32,7 @@ jobs:
   steps:
   - task: NuGetToolInstaller@1
     inputs:
-      versionSpec: '>=5.4.x'
+      versionSpec: '>=5.8.x'
   - task: PowerShell@2
     displayName: Versioning
     inputs:

diff --git a/.azurepipelines/preview.yml b/.azurepipelines/preview.yml
@@ -52,7 +52,7 @@ jobs:
     displayName: Install NuGetKeyVaultSignTool
   - task: NuGetToolInstaller@1
     inputs:
-      versionSpec: '>=5.4.x'
+      versionSpec: '>=5.8.x'
   - task: PowerShell@2
     displayName: Versioning
     inputs:
@@ -70,6 +70,14 @@ jobs:
       command: build
       projects: 'UA Core Library.sln'
       arguments: '--no-incremental --configuration ${{parameters.config}} ${{ variables.msbuildversion }} ${{ variables.msbuildsign }}'
+  - task: CmdLine@2
+    displayName: 'List of assemblies to sign'
+    inputs:
+      script: |
+        dir /b /s Stack\Opc.Ua.*.dll > .\list.txt
+        dir /b /s Libraries\Opc.Ua.*.dll >> .\list.txt
+        dir /b /s .azurepipelines\*.* >> .\list.txt
+        type .\list.txt
   - task: CmdLine@2
     displayName: 'Sign Assemblies'
     condition: ne( variables['SigningClientSecret'], '')

diff --git a/.azurepipelines/signlistDebug.txt b/.azurepipelines/signlistDebug.txt
@@ -11,7 +11,7 @@ Libraries\Opc.Ua.Client\bin\Debug\net462\Opc.Ua.Client.dll
 Libraries\Opc.Ua.Client\bin\Debug\netstandard2.0\Opc.Ua.Client.dll
 Libraries\Opc.Ua.Client\bin\Debug\netstandard2.1\Opc.Ua.Client.dll
 Libraries\Opc.Ua.Client.ComplexTypes\bin\Debug\netstandard2.1\Opc.Ua.Client.ComplexTypes.dll
-Libraries\Opc.Ua.Client.ComplexTypes\bin\Debug\netcoreapp2.0\Opc.Ua.Client.ComplexTypes.dll
+Libraries\Opc.Ua.Client.ComplexTypes\bin\Debug\netcoreapp2.1\Opc.Ua.Client.ComplexTypes.dll
 Libraries\Opc.Ua.Client.ComplexTypes\bin\Debug\net462\Opc.Ua.Client.ComplexTypes.dll
 Libraries\Opc.Ua.Configuration\bin\Debug\netstandard2.1\Opc.Ua.Configuration.dll
 Libraries\Opc.Ua.Configuration\bin\Debug\netstandard2.0\Opc.Ua.Configuration.dll
@@ -22,5 +22,6 @@ Libraries\Opc.Ua.Gds.Client.Common\bin\Debug\net462\Opc.Ua.Gds.Client.Common.dll
 Libraries\Opc.Ua.Gds.Server.Common\bin\Debug\netstandard2.1\Opc.Ua.Gds.Server.Common.dll
 Libraries\Opc.Ua.Gds.Server.Common\bin\Debug\netstandard2.0\Opc.Ua.Gds.Server.Common.dll
 Libraries\Opc.Ua.Gds.Server.Common\bin\Debug\net462\Opc.Ua.Gds.Server.Common.dll
-
-
+Libraries\Opc.Ua.Security.Certificates\bin\Debug\netstandard2.1\Opc.Ua.Security.Certificates.dll
+Libraries\Opc.Ua.Security.Certificates\bin\Debug\netstandard2.0\Opc.Ua.Security.Certificates.dll
+Libraries\Opc.Ua.Security.Certificates\bin\Debug\net462\Opc.Ua.Security.Certificates.dll
diff --git a/.azurepipelines/signlistRelease.txt b/.azurepipelines/signlistRelease.txt
@@ -11,7 +11,7 @@ Libraries\Opc.Ua.Client\bin\Release\net462\Opc.Ua.Client.dll
 Libraries\Opc.Ua.Client\bin\Release\netstandard2.0\Opc.Ua.Client.dll
 Libraries\Opc.Ua.Client\bin\Release\netstandard2.1\Opc.Ua.Client.dll
 Libraries\Opc.Ua.Client.ComplexTypes\bin\Release\netstandard2.1\Opc.Ua.Client.ComplexTypes.dll
-Libraries\Opc.Ua.Client.ComplexTypes\bin\Release\netcoreapp2.0\Opc.Ua.Client.ComplexTypes.dll
+Libraries\Opc.Ua.Client.ComplexTypes\bin\Release\netcoreapp2.1\Opc.Ua.Client.ComplexTypes.dll
 Libraries\Opc.Ua.Client.ComplexTypes\bin\Release\net462\Opc.Ua.Client.ComplexTypes.dll
 Libraries\Opc.Ua.Configuration\bin\Release\netstandard2.1\Opc.Ua.Configuration.dll
 Libraries\Opc.Ua.Configuration\bin\Release\netstandard2.0\Opc.Ua.Configuration.dll
@@ -22,3 +22,6 @@ Libraries\Opc.Ua.Gds.Client.Common\bin\Release\net462\Opc.Ua.Gds.Client.Common.d
 Libraries\Opc.Ua.Gds.Server.Common\bin\Release\netstandard2.1\Opc.Ua.Gds.Server.Common.dll
 Libraries\Opc.Ua.Gds.Server.Common\bin\Release\netstandard2.0\Opc.Ua.Gds.Server.Common.dll
 Libraries\Opc.Ua.Gds.Server.Common\bin\Release\net462\Opc.Ua.Gds.Server.Common.dll
+Libraries\Opc.Ua.Security.Certificates\bin\Release\netstandard2.1\Opc.Ua.Security.Certificates.dll
+Libraries\Opc.Ua.Security.Certificates\bin\Release\netstandard2.0\Opc.Ua.Security.Certificates.dll
+Libraries\Opc.Ua.Security.Certificates\bin\Release\net462\Opc.Ua.Security.Certificates.dll
diff --git a/.azurepipelines/sln.yml b/.azurepipelines/sln.yml
@@ -9,7 +9,7 @@ jobs:
   steps:
   - task: NuGetToolInstaller@1
     inputs:
-      versionSpec: '>=5.4.x'
+      versionSpec: '>=5.8.x'
   - task: PowerShell@2
     displayName: Versioning
     inputs:

diff --git a/.azurepipelines/test.yml b/.azurepipelines/test.yml
@@ -23,7 +23,7 @@ jobs:
       filePath: ./.azurepipelines/get-matrix.ps1
       arguments: -FileName azure-pipelines.yml -AgentTable ${{ parameters.agents }}
 - job: testall${{ parameters.jobnamesuffix }}
-  displayName: Run Tests for (${{ parameters.framework }})
+  displayName: Tests (${{ parameters.framework }})
   dependsOn: testprep${{ parameters.jobnamesuffix }}
   strategy:
     matrix: $[dependencies.testprep${{ parameters.jobnamesuffix }}.outputs['testmatrix.jobMatrix'] ]
@@ -35,7 +35,7 @@ jobs:
   steps:
   - task: NuGetToolInstaller@1
     inputs:
-      versionSpec: '>=5.4.x'
+      versionSpec: '>=5.8.x'
   - task: PowerShell@2
     displayName: Versioning
     inputs:
@@ -46,7 +46,7 @@ jobs:
     inputs:
       command: restore
       projects: '**/*.Tests.csproj'
-      arguments: '--configuration ${{ parameters.configuration }}'
+      arguments: '--framework ${{ parameters.framework }} --configuration ${{ parameters.configuration }}'
   - task: DotNetCoreCLI@2
     displayName: Test ${{ parameters.configuration }}
     timeoutInMinutes: 20

diff --git a/.azurepipelines/testcc.yml b/.azurepipelines/testcc.yml
@@ -9,7 +9,7 @@ parameters:
   jobnamesuffix: 'netcore31'
 jobs:
 - job: testcc${{ parameters.jobnamesuffix }}
-  displayName: Run Code Coverage for ${{ parameters.agent }} (${{ parameters.framework }})
+  displayName: Coverage ${{ parameters.agent }} ${{ parameters.configuration }}
   variables:
     DOTNET_CLI_TELEMETRY_OPTOUT: true
     DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
@@ -19,20 +19,20 @@ jobs:
   steps:
   - task: NuGetToolInstaller@1
     inputs:
-      versionSpec: '>=5.4.x'
+      versionSpec: '>=5.8.x'
   - task: PowerShell@2
     displayName: Versioning
     inputs:
       targetType: filePath
       filePath: ./.azurepipelines/set-version.ps1
   - task: DotNetCoreCLI@2
-    displayName: Restore ${{ parameters.configuration }}
+    displayName: Restore ${{ parameters.framework }}
     inputs:
       command: restore
       projects: '**/*.Tests.csproj'
-      arguments: '--configuration ${{ parameters.configuration }}'
+      arguments: '--framework ${{ parameters.framework }} --configuration ${{ parameters.configuration }}'
   - task: DotNetCoreCLI@2
-    displayName: Test ${{ parameters.configuration }}
+    displayName: Test ${{ parameters.framework }}
     timeoutInMinutes: 20
     inputs:
       command: test

diff --git a/.gitignore b/.gitignore
@@ -245,3 +245,4 @@ OPC\ Foundation/
 /Microsoft.CodeDom.Providers.DotNetCompilerPlatform.dll
 /Microsoft.CodeDom.Providers.DotNetCompilerPlatform.xml
 /SampleApplications/Samples/OPCOutput
+!**/Assets/*.*
diff --git a/Applications/ClientControls.Net4/Configuration/CertificateListCtrl.cs b/Applications/ClientControls.Net4/Configuration/CertificateListCtrl.cs
@@ -29,17 +29,15 @@
 
 using System;
 using System.Collections.Generic;
-using System.ComponentModel;
-using System.Drawing;
 using System.Text;
 using System.Windows.Forms;
 using System.Security.Cryptography.X509Certificates;
 using System.Reflection;
 using System.Xml;
 using System.IO;
 using System.Runtime.Serialization;
-using Opc.Ua.Configuration;
 using System.Threading.Tasks;
+using Opc.Ua.Security.Certificates;
 
 namespace Opc.Ua.Client.Controls
 {
@@ -302,7 +300,7 @@ protected override void UpdateItem(ListViewItem listItem, object item)
 
             if (certificate != null)
             {
-                List<string> fields = Utils.ParseDistinguishedName(certificate.Subject);
+                List<string> fields = X509Utils.ParseDistinguishedName(certificate.Subject);
 
                 for (int ii = 0; ii < fields.Count; ii++)
                 {
@@ -353,7 +351,7 @@ protected override void UpdateItem(ListViewItem listItem, object item)
                 }
 
                 // look up domains.
-                IList<string> domains = Utils.GetDomainsFromCertficate(certificate);
+                IList<string> domains = X509Utils.GetDomainsFromCertficate(certificate);
 
                 StringBuilder buffer = new StringBuilder();
 
@@ -368,7 +366,7 @@ protected override void UpdateItem(ListViewItem listItem, object item)
                 }
 
                 listItem.SubItems[3].Text = buffer.ToString();
-                listItem.SubItems[4].Text = Utils.GetApplicationUriFromCertificate(certificate);
+                listItem.SubItems[4].Text = X509Utils.GetApplicationUriFromCertificate(certificate);
                 listItem.SubItems[5].Text = String.Format("{0:yyyy-MM-dd}", certificate.NotAfter);
             }
 

diff --git a/Applications/ClientControls.Net4/Configuration/CertificateListFilter.cs b/Applications/ClientControls.Net4/Configuration/CertificateListFilter.cs
@@ -31,6 +31,7 @@
 using System.Collections.Generic;
 using System.Text;
 using System.Security.Cryptography.X509Certificates;
+using Opc.Ua.Security.Certificates;
 
 namespace Opc.Ua.Client.Controls
 {
@@ -124,7 +125,7 @@ public bool Match(X509Certificate2 certificate)
 
                 if (!String.IsNullOrEmpty(m_domain))
                 {
-                    IList<string> domains = Utils.GetDomainsFromCertficate(certificate);
+                    IList<string> domains = X509Utils.GetDomainsFromCertficate(certificate);
 
                     bool found = false;
 
@@ -155,21 +156,10 @@ public bool Match(X509Certificate2 certificate)
                 if (m_certificateTypes != null)
                 {
                     // determine if a CA certificate.
-                    bool isCA = false;
-
-                    foreach (X509Extension extension in certificate.Extensions)
-                    {
-                        X509BasicConstraintsExtension basicContraints = extension as X509BasicConstraintsExtension; 
-
-                        if (basicContraints != null)
-                        {
-                            isCA = basicContraints.CertificateAuthority;
-                            break;
-                        }
-                    }
+                    bool isCA = X509Utils.IsCertificateAuthority(certificate);
 
                     // determine if self-signed.
-                    bool isSelfSigned = Utils.CompareDistinguishedName(certificate.Subject, certificate.Issuer);
+                    bool isSelfSigned = X509Utils.CompareDistinguishedName(certificate.Subject, certificate.Issuer);
 
                     // match if one or more of the criteria match.
                     bool found = false;

diff --git a/Applications/ClientControls.Net4/Configuration/CertificatePropertiesListCtrl.cs b/Applications/ClientControls.Net4/Configuration/CertificatePropertiesListCtrl.cs
@@ -36,6 +36,7 @@
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using Opc.Ua.Configuration;
+using Opc.Ua.Security.Certificates;
 
 namespace Opc.Ua.Client.Controls
 {

diff --git a/Applications/ClientControls.Net4/Configuration/ViewCertificateDlg.cs b/Applications/ClientControls.Net4/Configuration/ViewCertificateDlg.cs
@@ -33,6 +33,7 @@
 using System.Security.Cryptography.X509Certificates;
 using System.Windows.Forms;
 using System.Threading.Tasks;
+using Opc.Ua.Security.Certificates;
 
 namespace Opc.Ua.Client.Controls
 {
@@ -92,7 +93,7 @@ public async Task<bool> ShowDialog(CertificateIdentifier certificate)
                     // fill in subject name.
                     StringBuilder buffer = new StringBuilder();
 
-                    foreach (string element in Utils.ParseDistinguishedName(data.Subject))
+                    foreach (string element in X509Utils.ParseDistinguishedName(data.Subject))
                     {
                         if (element.StartsWith("CN="))
                         {
@@ -121,7 +122,7 @@ public async Task<bool> ShowDialog(CertificateIdentifier certificate)
                     // fill in issuer name.
                     buffer = new StringBuilder();
 
-                    foreach (string element in Utils.ParseDistinguishedName(data.Issuer))
+                    foreach (string element in X509Utils.ParseDistinguishedName(data.Issuer))
                     {
                         if (buffer.Length > 0)
                         {
@@ -137,7 +138,7 @@ public async Task<bool> ShowDialog(CertificateIdentifier certificate)
                     }
 
                     // fill in application uri.
-                    string applicationUri = Utils.GetApplicationUriFromCertificate(data);
+                    string applicationUri = X509Utils.GetApplicationUriFromCertificate(data);
 
                     if (!String.IsNullOrEmpty(applicationUri))
                     {
@@ -147,7 +148,7 @@ public async Task<bool> ShowDialog(CertificateIdentifier certificate)
                     // fill in domains.
                     buffer = new StringBuilder();
 
-                    foreach (string domain in Utils.GetDomainsFromCertficate(data))
+                    foreach (string domain in X509Utils.GetDomainsFromCertficate(data))
                     {
                         if (buffer.Length > 0)
                         {
@@ -228,7 +229,7 @@ private async void ExportBTN_Click(object sender, EventArgs e)
 
                 string displayName = null;
 
-                foreach (string element in Utils.ParseDistinguishedName(certificate.Subject))
+                foreach (string element in X509Utils.ParseDistinguishedName(certificate.Subject))
                 {
                     if (element.StartsWith("CN="))
                     {