IOP workshop 2021 fixes and build improvements (#1562)

-fixes for complex types: - a structure which contains an enum from namespace 0 can not be created. fixes #1561. - a structure with multidimensional array may lead to a endless loop in `ComplexTypeSystem.Load` - a malformed namespace Uri which contains a space character prevents creation of type system. - select endpoint doesn't pick the right scheme if the default endpoint must be picked -prep for net472 or greater and net5.0 or greater build, only build #ifdef
OPCFoundation · Oct 29, 2021 · 53ec78f · 53ec78f
1 parent ed434e9
commit 53ec78f
Show file tree

Hide file tree

Showing 41 changed files with 109 additions and 71 deletions.
diff --git a/Applications/ClientControls.Net4/Common/Client/ConnectServerCtrl.cs b/Applications/ClientControls.Net4/Common/Client/ConnectServerCtrl.cs
@@ -369,7 +369,7 @@ public Task<Session> Connect()
             InternalDisconnect();
 
             // select the best endpoint.
-            var endpointDescription = CoreClientUtils.SelectEndpoint(serverUrl, useSecurity, DiscoverTimeout);
+            var endpointDescription = CoreClientUtils.SelectEndpoint(m_configuration, serverUrl, useSecurity, DiscoverTimeout);
             var endpointConfiguration = EndpointConfiguration.Create(m_configuration);
             var endpoint = new ConfiguredEndpoint(null, endpointDescription, endpointConfiguration);
 
@@ -565,7 +565,7 @@ private EndpointDescription SelectEndpoint()
                 }
 
                 // return the selected endpoint.
-                return CoreClientUtils.SelectEndpoint(discoveryUrl, UseSecurityCK.Checked, DiscoverTimeout);
+                return CoreClientUtils.SelectEndpoint(m_configuration, discoveryUrl, UseSecurityCK.Checked, DiscoverTimeout);
             }
             finally
             {

diff --git a/Applications/ConsoleReferenceClient/UAClient.cs b/Applications/ConsoleReferenceClient/UAClient.cs
@@ -84,8 +84,7 @@ public async Task<bool> ConnectAsync()
 
                     // Get the endpoint by connecting to server's discovery endpoint.
                     // Try to find the first endopint without security.
-                    EndpointDescription endpointDescription = CoreClientUtils.SelectEndpoint(ServerUrl, false);
-
+                    EndpointDescription endpointDescription = CoreClientUtils.SelectEndpoint(m_configuration, ServerUrl, false);
                     EndpointConfiguration endpointConfiguration = EndpointConfiguration.Create(m_configuration);
                     ConfiguredEndpoint endpoint = new ConfiguredEndpoint(null, endpointDescription, endpointConfiguration);
 

diff --git a/Libraries/Opc.Ua.Client.ComplexTypes/ComplexTypeSystem.cs b/Libraries/Opc.Ua.Client.ComplexTypes/ComplexTypeSystem.cs
@@ -617,7 +617,6 @@ IList<INode> serverStructTypes
                                 catch (DataTypeNotSupportedException dtnsex)
                                 {
                                     Utils.Trace(dtnsex, "Skipped the type definition of {0} because it is not supported.", dataTypeNode.BrowseName.Name);
-                                    continue;
                                 }
                                 catch
                                 {
@@ -647,6 +646,10 @@ IList<INode> serverStructTypes
                     structTypesWorkList = structTypesToDoList;
                     structTypesToDoList = new List<INode>();
                 }
+                else
+                {
+                    break;
+                }
             } while (retryAddStructType);
 
             // all types loaded
@@ -897,7 +900,7 @@ private void AddEnumerationOrStructureType(INode dataTypeNode, IList<INode> serv
         private IList<INode> RemoveKnownTypes(IList<INode> nodeList)
         {
             return nodeList.Where(
-                node => GetSystemType(node.NodeId) == null).ToList();
+                node => GetSystemType(node.NodeId) == null).Distinct().ToList();
         }
 
         /// <summary>
@@ -1170,6 +1173,13 @@ private NodeId GetBuiltInSuperType(NodeId dataType)
                 }
                 if (superType.NamespaceIndex == 0)
                 {
+                    if (superType == DataTypeIds.Enumeration &&
+                        dataType.NamespaceIndex == 0)
+                    {
+                        // enumerations of namespace 0 in a structure
+                        // which are not in the type system are encoded as UInt32
+                        return new NodeId((uint)BuiltInType.UInt32);
+                    }
                     if (superType == DataTypeIds.Enumeration ||
                         superType == DataTypeIds.Structure)
                     {

diff --git a/Libraries/Opc.Ua.Client.ComplexTypes/TypeBuilder/ComplexTypeBuilder.cs b/Libraries/Opc.Ua.Client.ComplexTypes/TypeBuilder/ComplexTypeBuilder.cs
@@ -207,7 +207,9 @@ private string FindModuleName(string moduleName, string targetNamespace, int tar
         {
             if (String.IsNullOrWhiteSpace(moduleName))
             {
-                Uri uri = new Uri(targetNamespace, UriKind.RelativeOrAbsolute);
+                // remove space chars in malformed namespace url
+                var tempNamespace = targetNamespace.Replace(" ", "");
+                Uri uri = new Uri(tempNamespace, UriKind.RelativeOrAbsolute);
                 var tempName = uri.IsAbsoluteUri ? uri.AbsolutePath : uri.ToString();
 
                 tempName = tempName.Replace("/", "");

diff --git a/Libraries/Opc.Ua.Client/CoreClientUtils.cs b/Libraries/Opc.Ua.Client/CoreClientUtils.cs
@@ -29,6 +29,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Linq;
 
 namespace Opc.Ua.Client
 {
@@ -296,7 +297,7 @@ int discoverTimeout
             // pick the first available endpoint by default.
             if (selectedEndpoint == null && endpoints.Count > 0)
             {
-                selectedEndpoint = endpoints[0];
+                selectedEndpoint = endpoints.FirstOrDefault(e => e.EndpointUrl?.StartsWith(url.Scheme) == true);
             }
 
             // return the selected endpoint.

diff --git a/Libraries/Opc.Ua.Configuration/ApplicationInstance.cs b/Libraries/Opc.Ua.Configuration/ApplicationInstance.cs
@@ -525,9 +525,7 @@ string productUri
 
             return true;
         }
-        #endregion
 
-        #region Private Methods
         /// <summary>
         /// Helper to suppress errors which are allowed for the application certificate validation.
         /// </summary>
@@ -812,9 +810,12 @@ private static async Task DeleteApplicationInstanceCertificate(ApplicationConfig
                     thumbprint = certificate.Thumbprint;
                 }
 
-                using (ICertificateStore store = configuration.SecurityConfiguration.TrustedPeerCertificates.OpenStore())
+                if (!string.IsNullOrEmpty(thumbprint))
                 {
-                    await store.Delete(thumbprint).ConfigureAwait(false);
+                    using (ICertificateStore store = configuration.SecurityConfiguration.TrustedPeerCertificates.OpenStore())
+                    {
+                        await store.Delete(thumbprint).ConfigureAwait(false);
+                    }
                 }
             }
 

diff --git a/Libraries/Opc.Ua.Gds.Client.Common/GlobalDiscoveryServerClient.cs b/Libraries/Opc.Ua.Gds.Client.Common/GlobalDiscoveryServerClient.cs
@@ -963,6 +963,7 @@ private void RevertPermissions(IUserIdentity oldUser)
         }
 
         #endregion
+
         #region Private Fields
         private ConfiguredEndpoint m_endpoint;
         #endregion

diff --git a/Libraries/Opc.Ua.Gds.Server.Common/BinaryApplicationsDatabase.cs b/Libraries/Opc.Ua.Gds.Server.Common/BinaryApplicationsDatabase.cs
@@ -1,4 +1,4 @@
-/* ========================================================================
+/* ========================================================================
  * Copyright (c) 2005-2020 The OPC Foundation, Inc. All rights reserved.
  *
  * OPC Foundation MIT License 1.00
@@ -32,9 +32,11 @@
 using System.Runtime.Serialization;
 using System.Runtime.Serialization.Formatters.Binary;
 
+#if !NET5_0_OR_GREATER
 namespace Opc.Ua.Gds.Server.Database.Linq
 {
     [Serializable]
+    [Obsolete("Do not use. Binary decoding poses a security risk.")]
     public class BinaryApplicationsDatabase : LinqApplicationsDatabase
     {
         #region Constructors
@@ -60,6 +62,7 @@ static public BinaryApplicationsDatabase Load(string fileName)
             }
         }
         #endregion
+
         #region Public Members
         public override void Save()
         {
@@ -71,9 +74,11 @@ public override void Save()
         }
         public string FileName { get { return m_fileName; } private set { m_fileName = value; } }
         #endregion
+
         #region Private Fields
         [NonSerialized]
         string m_fileName;
         #endregion
     }
 }
+#endif
diff --git a/Libraries/Opc.Ua.Security.Certificates/Extensions/X509SubjectAltNameExtension.cs b/Libraries/Opc.Ua.Security.Certificates/Extensions/X509SubjectAltNameExtension.cs
@@ -272,7 +272,7 @@ private string IPAddressToString(byte[] encodedIPAddress)
             }
         }
 
-#if NETSTANDARD2_1 || NET472 || NET5_0
+#if NETSTANDARD2_1 || NET472_OR_GREATER || NET5_0_OR_GREATER
         /// <summary>
         /// Encode the Subject Alternative name extension.
         /// </summary>

diff --git a/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/CertificateBuilder.cs b/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/CertificateBuilder.cs
@@ -26,7 +26,7 @@
  * The complete license agreement can be found here:
  * http://opcfoundation.org/License/MIT/1.00/
  * ======================================================================*/
-#if !NETSTANDARD2_1 && !NET472 && !NET5_0
+#if !NETSTANDARD2_1 && !NET472_OR_GREATER && !NET5_0_OR_GREATER
 
 using System;
 using System.Security.Cryptography;

diff --git a/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/CertificateFactoryRandomGenerator.cs b/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/CertificateFactoryRandomGenerator.cs
@@ -10,7 +10,7 @@
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
 
-#if !NETSTANDARD2_1 && !NET472 && !NET5_0
+#if !NETSTANDARD2_1 && !NET472_OR_GREATER && !NET5_0_OR_GREATER
 using System;
 using System.Security.Cryptography;
 using Org.BouncyCastle.Crypto.Prng;

diff --git a/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/CertificateFactoryX509Name.cs b/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/CertificateFactoryX509Name.cs
@@ -10,7 +10,7 @@
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
 
-#if !NETSTANDARD2_1 && !NET472 && !NET5_0
+#if !NETSTANDARD2_1 && !NET472_OR_GREATER && !NET5_0_OR_GREATER
 
 using Org.BouncyCastle.Asn1.X509;
 

diff --git a/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/PEMReader.cs b/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/PEMReader.cs
@@ -27,7 +27,7 @@
  * http://opcfoundation.org/License/MIT/1.00/
  * ======================================================================*/
 
-#if !NETSTANDARD2_1 && !NET5_0
+#if !NETSTANDARD2_1 && !NET5_0_OR_GREATER
 using System;
 using System.Security.Cryptography;
 using System.IO;

diff --git a/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/PEMWriter.cs b/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/PEMWriter.cs
@@ -27,7 +27,7 @@
  * http://opcfoundation.org/License/MIT/1.00/
  * ======================================================================*/
 
-#if !NETSTANDARD2_1 && !NET5_0
+#if !NETSTANDARD2_1 && !NET5_0_OR_GREATER
 
 using System;
 using System.Security.Cryptography.X509Certificates;

diff --git a/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/X509Extensions.cs b/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/X509Extensions.cs
@@ -27,7 +27,7 @@
  * http://opcfoundation.org/License/MIT/1.00/
  * ======================================================================*/
 
-#if !NETSTANDARD2_1 && !NET472 && !NET5_0
+#if !NETSTANDARD2_1 && !NET472_OR_GREATER && !NET5_0_OR_GREATER
 
 using System;
 using System.Collections.Generic;

diff --git a/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/X509SignatureFactory.cs b/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/X509SignatureFactory.cs
@@ -26,7 +26,7 @@
  * The complete license agreement can be found here:
  * http://opcfoundation.org/License/MIT/1.00/
  * ======================================================================*/
-#if !NETSTANDARD2_1 && !NET472 && !NET5_0
+#if !NETSTANDARD2_1 && !NET472_OR_GREATER && !NET5_0_OR_GREATER
 
 using System;
 using System.Security.Cryptography;

diff --git a/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/X509Utils.cs b/Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/X509Utils.cs
@@ -10,7 +10,7 @@
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
 
-#if !NETSTANDARD2_1 && !NET5_0
+#if !NETSTANDARD2_1 && !NET5_0_OR_GREATER
 using System;
 using System.IO;
 using System.Linq;
@@ -20,7 +20,6 @@
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
-using Org.BouncyCastle.OpenSsl;
 using Org.BouncyCastle.Pkcs;
 using Org.BouncyCastle.Security;
 

diff --git a/Libraries/Opc.Ua.Security.Certificates/PEM/PEMReader.cs b/Libraries/Opc.Ua.Security.Certificates/PEM/PEMReader.cs
@@ -27,7 +27,7 @@
  * http://opcfoundation.org/License/MIT/1.00/
  * ======================================================================*/
 
-#if NETSTANDARD2_1 || NET5_0
+#if NETSTANDARD2_1 || NET5_0_OR_GREATER
 
 using System;
 using System.Security.Cryptography;

diff --git a/Libraries/Opc.Ua.Security.Certificates/PEM/PEMWriter.cs b/Libraries/Opc.Ua.Security.Certificates/PEM/PEMWriter.cs
@@ -27,7 +27,7 @@
  * http://opcfoundation.org/License/MIT/1.00/
  * ======================================================================*/
 
-#if NETSTANDARD2_1 || NET5_0
+#if NETSTANDARD2_1 || NET5_0_OR_GREATER
 
 using System;
 using System.Security.Cryptography.X509Certificates;

diff --git a/...tificates/System.Security.Cryptography.X509Certificates/RSAPkcs1X509SignatureGenerator.cs b/...tificates/System.Security.Cryptography.X509Certificates/RSAPkcs1X509SignatureGenerator.cs
@@ -1,7 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-#if !NETSTANDARD2_1 && !NET472 && !NET5_0
+#if !NETSTANDARD2_1 && !NET472_OR_GREATER && !NET5_0_OR_GREATER
 
 // This source code is intentionally copied from the .NET core runtime to close
 // a gap in the .NET 4.6 and the .NET Core 2.x runtime implementations.

diff --git a/...rity.Certificates/System.Security.Cryptography.X509Certificates/X509SignatureGenerator.cs b/...rity.Certificates/System.Security.Cryptography.X509Certificates/X509SignatureGenerator.cs
@@ -1,7 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-#if !NETSTANDARD2_1 && !NET472 && !NET5_0
+#if !NETSTANDARD2_1 && !NET472_OR_GREATER && !NET5_0_OR_GREATER
 
 // This source code is intentionally copied from the .NET core runtime to close
 // a gap in the .NET 4.6 and the .NET Core 2.x runtime implementations.

diff --git a/Libraries/Opc.Ua.Security.Certificates/X509Certificate/CertificateBuilder.cs b/Libraries/Opc.Ua.Security.Certificates/X509Certificate/CertificateBuilder.cs
@@ -27,7 +27,7 @@
  * http://opcfoundation.org/License/MIT/1.00/
  * ======================================================================*/
 
-#if NETSTANDARD2_1 || NET472 || NET5_0
+#if NETSTANDARD2_1 || NET472_OR_GREATER || NET5_0_OR_GREATER
 
 using System;
 using System.Security.Cryptography;
@@ -268,13 +268,14 @@ public override X509Certificate2 CreateForECDsa(X509SignatureGenerator generator
         public override ICertificateBuilderCreateForECDsaAny SetECDsaPublicKey(byte[] publicKey)
         {
             if (publicKey == null) throw new ArgumentNullException(nameof(publicKey));
+#if NET472_OR_GREATER
+            throw new NotSupportedException("Import a ECDsaPublicKey is not supported on this platform.");
+#else
             int bytes = 0;
             try
             {
                 m_ecdsaPublicKey = ECDsa.Create();
-#if !NET472  // TODO
                 m_ecdsaPublicKey.ImportSubjectPublicKeyInfo(publicKey, out bytes);
-#endif
             }
             catch (Exception e)
             {
@@ -286,20 +287,22 @@ public override ICertificateBuilderCreateForECDsaAny SetECDsaPublicKey(byte[] pu
                 throw new ArgumentException("Decoded the public key but extra bytes were found.");
             }
             return this;
+#endif
         }
 #endif
 
         /// <inheritdoc/>
         public override ICertificateBuilderCreateForRSAAny SetRSAPublicKey(byte[] publicKey)
         {
             if (publicKey == null) throw new ArgumentNullException(nameof(publicKey));
+#if NET472_OR_GREATER
+            throw new NotSupportedException("Import a ECDsaPublicKey is not supported on this platform.");
+#else
             int bytes = 0;
             try
             {
                 m_rsaPublicKey = RSA.Create();
-#if !NET472  // TODO
                 m_rsaPublicKey.ImportSubjectPublicKeyInfo(publicKey, out bytes);
-#endif
             }
             catch (Exception e)
             {
@@ -311,6 +314,7 @@ public override ICertificateBuilderCreateForRSAAny SetRSAPublicKey(byte[] public
                 throw new ArgumentException("Decoded the public key but extra bytes were found.");
             }
             return this;
+#endif
         }
         #endregion
 

diff --git a/Libraries/Opc.Ua.Security.Certificates/X509Certificate/X509PfxUtils.cs b/Libraries/Opc.Ua.Security.Certificates/X509Certificate/X509PfxUtils.cs
@@ -10,7 +10,6 @@
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
 
-
 using System;
 using System.Linq;
 using System.Security.Cryptography;

diff --git a/Stack/Opc.Ua.Bindings.Https/Opc.Ua.Bindings.Https.csproj b/Stack/Opc.Ua.Bindings.Https/Opc.Ua.Bindings.Https.csproj
@@ -22,11 +22,18 @@
     <Reference Include="System.Net.Http" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)' == 'net472'">
+    <Reference Include="System.Net.Http" />
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="2.1.3" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Core" Version="2.1.25" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets" Version="2.1.3" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="2.1.3" />
+    <PackageReference Include="System.Io.Pipelines" Version="4.5.4" />
+    <PackageReference Include="System.Text.Encodings.Web" Version="4.5.1" />
+
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0'">

diff --git a/Stack/Opc.Ua.Core/Opc.Ua.Core.csproj b/Stack/Opc.Ua.Core/Opc.Ua.Core.csproj
@@ -38,6 +38,7 @@
 
   <ItemGroup>
     <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
+    <PackageReference Include="System.Buffers" Version="4.5.1" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/Stack/Opc.Ua.Core/Security/Certificates/CertificateFactory.cs b/Stack/Opc.Ua.Core/Security/Certificates/CertificateFactory.cs
@@ -281,7 +281,7 @@ DateTime nextUpdate
             return new X509CRL(crlBuilder.CreateForRSA(issuerCertificate));
         }
 
-#if NETSTANDARD2_1 || NET5_0
+#if NETSTANDARD2_1 || NET472_OR_GREATER || NET5_0_OR_GREATER
         /// <summary>
         /// Creates a certificate signing request from an existing certificate.
         /// </summary>