aboutsummaryrefslogtreecommitdiffstats
path: root/tests/cert_bootstrap
diff options
context:
space:
mode:
authorThomas Vanbesien <tvanbesi@proton.me>2026-02-18 23:09:43 +0100
committerThomas Vanbesien <tvanbesi@proton.me>2026-02-18 23:09:43 +0100
commit8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a (patch)
tree8dc81d68d88652f2e4c7643c5cbfd17f24809366 /tests/cert_bootstrap
parent74f18c6264618187386a5dc8b1152faa8727bf53 (diff)
downloadBobinkCOpcUa-8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a.tar.gz
BobinkCOpcUa-8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a.zip
Add TOFU certificate bootstrap integration test
Make download-cert always use an unsecure client so it can connect to a server's None discovery endpoint without the server certificate in the trust store. Add a cert_bootstrap test that verifies the full Trust On First Use workflow: find-servers succeeds, get-endpoints fails (untrusted cert), download-cert retrieves the certificate via None, then get-endpoints and read-time both succeed.
Diffstat (limited to 'tests/cert_bootstrap')
-rw-r--r--tests/cert_bootstrap/certs/Client/cert.derbin0 -> 913 bytes
-rw-r--r--tests/cert_bootstrap/certs/Client/key.derbin0 -> 1217 bytes
-rw-r--r--tests/cert_bootstrap/certs/ServerLDS/cert.derbin0 -> 922 bytes
-rw-r--r--tests/cert_bootstrap/certs/ServerLDS/key.derbin0 -> 1217 bytes
-rw-r--r--tests/cert_bootstrap/certs/ServerRegister/cert.derbin0 -> 937 bytes
-rw-r--r--tests/cert_bootstrap/certs/ServerRegister/key.derbin0 -> 1217 bytes
-rw-r--r--tests/cert_bootstrap/certs/ServerRegisterClient/cert.derbin0 -> 949 bytes
-rw-r--r--tests/cert_bootstrap/certs/ServerRegisterClient/key.derbin0 -> 1219 bytes
-rw-r--r--tests/cert_bootstrap/certs/trust/Client_cert.derbin0 -> 913 bytes
-rw-r--r--tests/cert_bootstrap/certs/trust/ServerLDS_cert.derbin0 -> 922 bytes
-rw-r--r--tests/cert_bootstrap/certs/trust/ServerRegisterClient_cert.derbin0 -> 949 bytes
-rw-r--r--tests/cert_bootstrap/certs/trust/ServerRegister_cert.derbin0 -> 937 bytes
-rw-r--r--tests/cert_bootstrap/certs/trust_client/ServerLDS_cert.derbin0 -> 922 bytes
-rw-r--r--tests/cert_bootstrap/client.conf14
-rw-r--r--tests/cert_bootstrap/server_lds.conf13
-rw-r--r--tests/cert_bootstrap/server_register.conf12
-rw-r--r--tests/cert_bootstrap/server_register_client.conf13
17 files changed, 52 insertions, 0 deletions
diff --git a/tests/cert_bootstrap/certs/Client/cert.der b/tests/cert_bootstrap/certs/Client/cert.der
new file mode 100644
index 0000000..84724c1
--- /dev/null
+++ b/tests/cert_bootstrap/certs/Client/cert.der
Binary files differ
diff --git a/tests/cert_bootstrap/certs/Client/key.der b/tests/cert_bootstrap/certs/Client/key.der
new file mode 100644
index 0000000..17403f0
--- /dev/null
+++ b/tests/cert_bootstrap/certs/Client/key.der
Binary files differ
diff --git a/tests/cert_bootstrap/certs/ServerLDS/cert.der b/tests/cert_bootstrap/certs/ServerLDS/cert.der
new file mode 100644
index 0000000..9983c3b
--- /dev/null
+++ b/tests/cert_bootstrap/certs/ServerLDS/cert.der
Binary files differ
diff --git a/tests/cert_bootstrap/certs/ServerLDS/key.der b/tests/cert_bootstrap/certs/ServerLDS/key.der
new file mode 100644
index 0000000..ca209fc
--- /dev/null
+++ b/tests/cert_bootstrap/certs/ServerLDS/key.der
Binary files differ
diff --git a/tests/cert_bootstrap/certs/ServerRegister/cert.der b/tests/cert_bootstrap/certs/ServerRegister/cert.der
new file mode 100644
index 0000000..9fb39f5
--- /dev/null
+++ b/tests/cert_bootstrap/certs/ServerRegister/cert.der
Binary files differ
diff --git a/tests/cert_bootstrap/certs/ServerRegister/key.der b/tests/cert_bootstrap/certs/ServerRegister/key.der
new file mode 100644
index 0000000..62eaca2
--- /dev/null
+++ b/tests/cert_bootstrap/certs/ServerRegister/key.der
Binary files differ
diff --git a/tests/cert_bootstrap/certs/ServerRegisterClient/cert.der b/tests/cert_bootstrap/certs/ServerRegisterClient/cert.der
new file mode 100644
index 0000000..937960e
--- /dev/null
+++ b/tests/cert_bootstrap/certs/ServerRegisterClient/cert.der
Binary files differ
diff --git a/tests/cert_bootstrap/certs/ServerRegisterClient/key.der b/tests/cert_bootstrap/certs/ServerRegisterClient/key.der
new file mode 100644
index 0000000..1bd17d2
--- /dev/null
+++ b/tests/cert_bootstrap/certs/ServerRegisterClient/key.der
Binary files differ
diff --git a/tests/cert_bootstrap/certs/trust/Client_cert.der b/tests/cert_bootstrap/certs/trust/Client_cert.der
new file mode 100644
index 0000000..84724c1
--- /dev/null
+++ b/tests/cert_bootstrap/certs/trust/Client_cert.der
Binary files differ
diff --git a/tests/cert_bootstrap/certs/trust/ServerLDS_cert.der b/tests/cert_bootstrap/certs/trust/ServerLDS_cert.der
new file mode 100644
index 0000000..9983c3b
--- /dev/null
+++ b/tests/cert_bootstrap/certs/trust/ServerLDS_cert.der
Binary files differ
diff --git a/tests/cert_bootstrap/certs/trust/ServerRegisterClient_cert.der b/tests/cert_bootstrap/certs/trust/ServerRegisterClient_cert.der
new file mode 100644
index 0000000..937960e
--- /dev/null
+++ b/tests/cert_bootstrap/certs/trust/ServerRegisterClient_cert.der
Binary files differ
diff --git a/tests/cert_bootstrap/certs/trust/ServerRegister_cert.der b/tests/cert_bootstrap/certs/trust/ServerRegister_cert.der
new file mode 100644
index 0000000..9fb39f5
--- /dev/null
+++ b/tests/cert_bootstrap/certs/trust/ServerRegister_cert.der
Binary files differ
diff --git a/tests/cert_bootstrap/certs/trust_client/ServerLDS_cert.der b/tests/cert_bootstrap/certs/trust_client/ServerLDS_cert.der
new file mode 100644
index 0000000..9983c3b
--- /dev/null
+++ b/tests/cert_bootstrap/certs/trust_client/ServerLDS_cert.der
Binary files differ
diff --git a/tests/cert_bootstrap/client.conf b/tests/cert_bootstrap/client.conf
new file mode 100644
index 0000000..8c54f04
--- /dev/null
+++ b/tests/cert_bootstrap/client.conf
@@ -0,0 +1,14 @@
+# Client — test: cert_bootstrap
+# Uses a restricted trust store with only the LDS certificate.
+# The ServerRegister certificate is NOT initially trusted.
+
+applicationUri = urn:localhost:bobink:Client
+
+certificate = tests/cert_bootstrap/certs/Client/cert.der
+privateKey = tests/cert_bootstrap/certs/Client/key.der
+trustStore = tests/cert_bootstrap/certs/trust_client
+
+securityMode = SignAndEncrypt
+securityPolicy = Aes256_Sha256_RsaPss
+
+authMode = anonymous
diff --git a/tests/cert_bootstrap/server_lds.conf b/tests/cert_bootstrap/server_lds.conf
new file mode 100644
index 0000000..6cbfdcf
--- /dev/null
+++ b/tests/cert_bootstrap/server_lds.conf
@@ -0,0 +1,13 @@
+# ServerLDS — test: cert_bootstrap
+# Secured LDS with discovery-only None endpoint.
+
+port = 14840
+applicationUri = urn:localhost:bobink:ServerLDS
+
+certificate = tests/cert_bootstrap/certs/ServerLDS/cert.der
+privateKey = tests/cert_bootstrap/certs/ServerLDS/key.der
+trustStore = tests/cert_bootstrap/certs/trust
+
+authMode = anonymous
+
+cleanupTimeout = 60
diff --git a/tests/cert_bootstrap/server_register.conf b/tests/cert_bootstrap/server_register.conf
new file mode 100644
index 0000000..b065f66
--- /dev/null
+++ b/tests/cert_bootstrap/server_register.conf
@@ -0,0 +1,12 @@
+# ServerRegister server config — test: cert_bootstrap
+
+port = 14841
+applicationUri = urn:localhost:bobink:ServerRegister
+
+certificate = tests/cert_bootstrap/certs/ServerRegister/cert.der
+privateKey = tests/cert_bootstrap/certs/ServerRegister/key.der
+trustStore = tests/cert_bootstrap/certs/trust
+
+authMode = anonymous
+
+registerInterval = 10
diff --git a/tests/cert_bootstrap/server_register_client.conf b/tests/cert_bootstrap/server_register_client.conf
new file mode 100644
index 0000000..e1cff06
--- /dev/null
+++ b/tests/cert_bootstrap/server_register_client.conf
@@ -0,0 +1,13 @@
+# ServerRegister client config — test: cert_bootstrap
+# Registers with the secured LDS over an encrypted channel.
+
+applicationUri = urn:localhost:bobink:ServerRegister
+
+certificate = tests/cert_bootstrap/certs/ServerRegisterClient/cert.der
+privateKey = tests/cert_bootstrap/certs/ServerRegisterClient/key.der
+trustStore = tests/cert_bootstrap/certs/trust
+
+securityMode = SignAndEncrypt
+securityPolicy = Aes256_Sha256_RsaPss
+
+authMode = anonymous
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-20 08:47:02 +0000