diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-18 23:09:43 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-18 23:09:43 +0100 |
| commit | 8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a (patch) | |
| tree | 8dc81d68d88652f2e4c7643c5cbfd17f24809366 /tests/cert_bootstrap/client.conf | |
| parent | 74f18c6264618187386a5dc8b1152faa8727bf53 (diff) | |
| download | BobinkCOpcUa-8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a.tar.gz BobinkCOpcUa-8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a.zip | |
Add TOFU certificate bootstrap integration test
Make download-cert always use an unsecure client so it can connect to
a server's None discovery endpoint without the server certificate in
the trust store. Add a cert_bootstrap test that verifies the full
Trust On First Use workflow: find-servers succeeds, get-endpoints fails
(untrusted cert), download-cert retrieves the certificate via None,
then get-endpoints and read-time both succeed.
Diffstat (limited to 'tests/cert_bootstrap/client.conf')
| -rw-r--r-- | tests/cert_bootstrap/client.conf | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/cert_bootstrap/client.conf b/tests/cert_bootstrap/client.conf new file mode 100644 index 0000000..8c54f04 --- /dev/null +++ b/tests/cert_bootstrap/client.conf @@ -0,0 +1,14 @@ +# Client — test: cert_bootstrap +# Uses a restricted trust store with only the LDS certificate. +# The ServerRegister certificate is NOT initially trusted. + +applicationUri = urn:localhost:bobink:Client + +certificate = tests/cert_bootstrap/certs/Client/cert.der +privateKey = tests/cert_bootstrap/certs/Client/key.der +trustStore = tests/cert_bootstrap/certs/trust_client + +securityMode = SignAndEncrypt +securityPolicy = Aes256_Sha256_RsaPss + +authMode = anonymous |