Fix TrustListHandling

romanett · Mar 5, 2024 · cdeb6e4 · cdeb6e4
1 parent 3aaecb9
commit cdeb6e4
Show file tree

Hide file tree

Showing 20 changed files with 648 additions and 315 deletions.
diff --git a/GDSwithREST.Domain/Entities/Application.cs b/GDSwithREST.Domain/Entities/Application.cs
@@ -7,6 +7,7 @@ public Application()
             ApplicationNames = new HashSet<ApplicationName>();
             CertificateRequests = new HashSet<CertificateRequest>();
             ServerEndpoints = new HashSet<ServerEndpoint>();
+            TrustLists = new HashSet<TrustList>();
         }
 
         public int Id { get; set; }
@@ -18,10 +19,9 @@ public Application()
         public string ServerCapabilities { get; set; } = null!;
         public byte[] Certificate { get; set; } = Array.Empty<byte>();
         public byte[]? HttpsCertificate { get; set; }
-        public string? TrustListId { get; set; }
-        public string? HttpsTrustListId { get; set; }
         public ICollection<ApplicationName> ApplicationNames { get; set; }
         public ICollection<CertificateRequest> CertificateRequests { get; set; }
         public ICollection<ServerEndpoint> ServerEndpoints { get; set; }
+        public ICollection<TrustList> TrustLists { get; set; }
     }
 }
diff --git a/GDSwithREST.Domain/Entities/TrustList.cs b/GDSwithREST.Domain/Entities/TrustList.cs
@@ -0,0 +1,11 @@
+namespace GDSwithREST.Domain.Entities
+{
+    public sealed record TrustList
+    {
+        public int Id { get; set; }
+        public int ApplicationId { get; set; }
+        public  string Path { get; set; } = null!;
+        public  string CertificateType { get; set; } = null!;
+        public  Application Application { get; set; } = null!;
+    }
+}
diff --git a/GDSwithREST.Domain/Repositories/IApplicationRepository.cs b/GDSwithREST.Domain/Repositories/IApplicationRepository.cs
@@ -13,6 +13,6 @@ public interface IApplicationRepository
         /// <summary>
         /// persists the changes made to an Application instance
         /// </summary>
-        public void SaveChanges();
+        public void SaveChanges(Application application);
     }
 }
diff --git a/GDSwithREST.Domain/Repositories/ITrustListRepository.cs b/GDSwithREST.Domain/Repositories/ITrustListRepository.cs
@@ -0,0 +1,18 @@
+using GDSwithREST.Domain.Entities;
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace GDSwithREST.Domain.Repositories
+{
+    public interface ITrustListRepository
+    {
+        public Task<IEnumerable<TrustList>> GetTrustListsByApplicationId(int id);
+        public void RemoveTrustLists(TrustList[] trustLists);
+        public TrustList AddTrustList(TrustList trustList);
+        public void SaveChanges(TrustList trustList);
+    }
+}
diff --git a/GDSwithREST.Domain/Services/ApplicationService.cs b/GDSwithREST.Domain/Services/ApplicationService.cs
@@ -96,6 +96,7 @@ record = applicationRepository.GetApplicationById(applicationId).Result;
                     applicationNameRepository.AddApplicationName(new ApplicationName() { ApplicationId = record.Id, Locale = applicationName.Locale, Text = applicationName.Text });
                 }
             }
+            applicationRepository.SaveChanges(record);
             m_lastCounterResetTime = DateTime.UtcNow;
             return new NodeId(applicationId, NamespaceIndex); ;
         }
@@ -122,6 +123,9 @@ public override void UnregisterApplication(NodeId applicationId)
             applicationNameRepository.RemoveApplicationNames(application.ApplicationNames.ToArray());
             serverEndpointRepository.RemoveServerEndpoints(application.ServerEndpoints.ToArray());
             applicationRepository.RemoveApplication(application);
+
+            certificateRequestRepository.SaveChanges();
+            applicationRepository.SaveChanges(application);
             m_lastCounterResetTime = DateTime.UtcNow;
         }
 
@@ -528,7 +532,7 @@ public override bool SetApplicationCertificate(
                 application.Certificate = certificate;
             }
 
-            applicationRepository.SaveChanges();
+            applicationRepository.SaveChanges(application);
 
 
             return true;
@@ -583,27 +587,33 @@ string trustListId
         {
             using var scope = _serviceScopeFactory.CreateScope();
             var applicationRepository = scope.ServiceProvider.GetRequiredService<IApplicationRepository>();
+            var trustListRepository = scope.ServiceProvider.GetRequiredService<ITrustListRepository>();
 
             Guid id = GetNodeIdGuid(applicationId);
             var application = applicationRepository.GetApplicationById(id).Result;
 
-            if (application == null || string.IsNullOrEmpty(trustListId))
+            if (application == null || string.IsNullOrEmpty(trustListId) || string.IsNullOrEmpty(certificateTypeId))
             {
                 return false;
             }
-
-
-            if(certificateTypeId == nameof(Opc.Ua.ObjectTypeIds.ApplicationCertificateType))
+            var trustList = trustListRepository.GetTrustListsByApplicationId(application.Id).Result
+                .SingleOrDefault(trustList => trustList.CertificateType == certificateTypeId);
+
+            if (trustList == null)
             {
-                application.TrustListId = trustListId;
+                trustListRepository.AddTrustList(
+                    new TrustList
+                    {
+                        ApplicationId = application.Id,
+                        Application = application,
+                        CertificateType = certificateTypeId,
+                        Path = trustListId
+                    });
             }
-            if(certificateTypeId == nameof(Opc.Ua.ObjectTypeIds.HttpsCertificateType))
+            else
             {
-                application.HttpsTrustListId = trustListId;
+                trustList.Path = trustListId;
             }
-
-            applicationRepository.SaveChanges();
-
             return true;
         }
 
@@ -616,36 +626,24 @@ out string trustListId
             trustListId = null!;
             using var scope = _serviceScopeFactory.CreateScope();
             var applicationRepository = scope.ServiceProvider.GetRequiredService<IApplicationRepository>();
+            var trustListRepository = scope.ServiceProvider.GetRequiredService<ITrustListRepository>();
 
             Guid id = GetNodeIdGuid(applicationId);
             var application = applicationRepository.GetApplicationById(id).Result;
 
-            if (application == null)
+            if (application == null || string.IsNullOrEmpty(certificateTypeId))
             {
                 return false;
-            }            
-
-            if (certificateTypeId == nameof(Opc.Ua.ObjectTypeIds.ApplicationCertificateType))
-            {
-                if(string.IsNullOrEmpty(application.TrustListId))
-                {
-                    return false;
-                }
-                trustListId = application.TrustListId;
-                return true;
             }
-            if (certificateTypeId == nameof(Opc.Ua.ObjectTypeIds.HttpsCertificateType))
+            var trustList = trustListRepository.GetTrustListsByApplicationId(application.Id).Result
+                .SingleOrDefault(trustList => trustList.CertificateType == certificateTypeId);
+            //var trustList = application.TrustLists.SingleOrDefault(trustList => trustList.CertificateType == certificateTypeId);
+
+            if (trustList == null)
             {
-                if (string.IsNullOrEmpty(application.HttpsTrustListId))
-                {
-                    return false;
-                }
-                trustListId = application.HttpsTrustListId;
-                return true;
+                return false;
             }
-
-            applicationRepository.SaveChanges();
-
+            trustListId = trustList.Path;
             return true;
         }
 

diff --git a/GDSwithREST.Domain/Services/CertificateRequestService.cs b/GDSwithREST.Domain/Services/CertificateRequestService.cs
@@ -68,7 +68,7 @@ public NodeId StartSigningRequest(
                 application.CertificateRequests.Add(request);
             }
 
-            applicationRepository.SaveChanges();
+            applicationRepository.SaveChanges(application);
 
             return new NodeId(request.RequestId, NamespaceIndex);
 
@@ -120,7 +120,7 @@ public NodeId StartNewKeyPairRequest(
                 application.CertificateRequests.Add(request);
             }
 
-            applicationRepository.SaveChanges();
+            applicationRepository.SaveChanges(application);
 
             return new NodeId(request.RequestId, NamespaceIndex);
 

diff --git a/GDSwithREST.Domain/Services/GdsService.cs b/GDSwithREST.Domain/Services/GdsService.cs
@@ -60,13 +60,7 @@ public async Task StartServer(CancellationToken stoppingToken)
                 //start GDS
                 await _applicationInstance.Start(gdsServer);
 
-                ////trust GDS CA
-                //var defaultCertificateGroup = _certificateGroups.CertificateGroups.SingleOrDefault(cg => cg.Id.Identifier is (uint)CertificateGroupType.DefaultApplicationGroup);
-                //if (defaultCertificateGroup is null)
-                //    throw new Exception("Failed to initialze GDS CA Certifcate");
-
-                //await _applicationInstance.AddOwnCertificateToTrustedStoreAsync(defaultCertificateGroup.Certificate, stoppingToken);
-
+
                 var endpoints = _applicationInstance.Server.GetEndpoints().Select(e => e.EndpointUrl).Distinct();
 
                 foreach (var endpoint in endpoints)

diff --git a/GDSwithREST.Infrastructure/GdsDbContext.cs b/GDSwithREST.Infrastructure/GdsDbContext.cs
@@ -21,6 +21,7 @@ public GdsDbContext(DbContextOptions<GdsDbContext> options)
         public virtual DbSet<Application> Applications { get; set; }
         public virtual DbSet<CertificateRequest> CertificateRequests { get; set; }
         public virtual DbSet<ServerEndpoint> ServerEndpoints { get; set; }
+        public virtual DbSet<TrustList> TrustLists { get; set; }
 
         protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
         {
@@ -48,13 +49,31 @@ protected override void OnModelCreating(ModelBuilder modelBuilder)
                     .HasForeignKey(d => d.ApplicationId)
                     .HasConstraintName("FK_ApplicationNames_ApplicationId");
             });
+            modelBuilder.Entity<TrustList>(entity => {
+                entity.HasIndex(e => e.ApplicationId)
+                    .HasDatabaseName("IX_FK_TrustLists_ApplicationId");
 
-            modelBuilder.Entity<Application>(entity =>
-            {
-                entity.Property(e => e.HttpsTrustListId).IsRequired(false);
+                entity.HasIndex(e => new { e.CertificateType, e.ApplicationId })
+                    .IsUnique();
+
+                entity.Property(e => e.Id).HasColumnName("ID");
+
+                entity.Property(e => e.CertificateType)
+                    .HasMaxLength(200)
+                    .IsRequired(true);
+
+                entity.Property(e => e.Path)
+                    .IsRequired()
+                    .HasMaxLength(1000);
 
-                entity.Property(e => e.TrustListId).IsRequired(false);
+                entity.HasOne(d => d.Application)
+                    .WithMany(p => p.TrustLists)
+                    .HasForeignKey(d => d.ApplicationId)
+                    .HasConstraintName("FK_TrustLists_ApplicationId");
+            });
 
+            modelBuilder.Entity<Application>(entity =>
+            {
                 entity.Property(e => e.Id).HasColumnName("ID");
 
                 entity.Property(e => e.ApplicationName)