Make client/server encryption optional, rename tests to full names

Make encryption optional for both ServerRegister's LDS client
connection and the server side of ServerLDS/ServerRegister: when
certificate, privateKey, and trustStore are omitted the programs
run with SecurityPolicy#None only.  Secure servers also add a
discovery-only None endpoint so unencrypted clients can still call
FindServers and GetEndpoints.

Consolidate tests from 5 policy-specific cases (nosec_anon,
none_user, basic256sha256_anon, aes256_anon, aes128_user) down to
3 that cover the important axes: unsecure_anonymous,
secure_anonymous, secure_user.  Rename directories to use full
names.  Auto-generate certificates and trust stores in run_test.sh.

Update readme and CLAUDE.md to reflect the current program
interface (unified Client binary, split ServerRegister configs)
and the new test names.

4 files changed, 49 insertions, 0 deletions

diff --git a/tests/unsecure_anonymous/client.conf b/tests/unsecure_anonymous/client.conf
new file mode 100644
index 0000000..d93000e
--- /dev/null
+++ b/tests/unsecure_anonymous/client.conf
@@ -0,0 +1,15 @@
+# Client — test: unsecure_anonymous
+# Has certs for encryption support (needed to negotiate with the secured
+# LDS) but no securityMode/securityPolicy — lets the client auto-select
+# the best available endpoint on each server.
+
+applicationUri = urn:localhost:bobink:Client
+
+# certificate = certs/Client_cert.der
+# privateKey = certs/Client_key.der
+# trustStore = certs/trust/client
+#
+securityMode = None
+securityPolicy = None
+
+authMode = anonymous
diff --git a/tests/unsecure_anonymous/server_lds.conf b/tests/unsecure_anonymous/server_lds.conf
new file mode 100644
index 0000000..b50d03f
--- /dev/null
+++ b/tests/unsecure_anonymous/server_lds.conf
@@ -0,0 +1,13 @@
+# ServerLDS — test: unsecure_anonymous
+# Secured LDS with discovery-only None endpoint.
+
+port = 14840
+applicationUri = urn:localhost:bobink:ServerLDS
+
+# certificate = certs/ServerLDS_cert.der
+# privateKey = certs/ServerLDS_key.der
+# trustStore = certs/trust/server_lds
+
+authMode = anonymous
+
+cleanupTimeout = 60
diff --git a/tests/unsecure_anonymous/server_register.conf b/tests/unsecure_anonymous/server_register.conf
new file mode 100644
index 0000000..db96fa7
--- /dev/null
+++ b/tests/unsecure_anonymous/server_register.conf
@@ -0,0 +1,8 @@
+# ServerRegister server config — test: unsecure_anonymous
+
+port = 14841
+applicationUri = urn:localhost:bobink:ServerRegister
+
+authMode = anonymous
+
+registerInterval = 10
diff --git a/tests/unsecure_anonymous/server_register_client.conf b/tests/unsecure_anonymous/server_register_client.conf
new file mode 100644
index 0000000..c2ae348
--- /dev/null
+++ b/tests/unsecure_anonymous/server_register_client.conf
@@ -0,0 +1,13 @@
+# ServerRegister client config — test: unsecure_anonymous
+# Registers with the secured LDS over an encrypted channel.
+
+applicationUri = urn:localhost:bobink:ServerRegister
+
+certificate = certs/ServerRegisterClient_cert.der
+privateKey = certs/ServerRegisterClient_key.der
+trustStore = certs/trust/server_register_client
+
+securityMode = None
+securityPolicy = None
+
+authMode = anonymous