diff options
Diffstat (limited to 'CLAUDE.md')
| -rw-r--r-- | CLAUDE.md | 21 |
1 files changed, 15 insertions, 6 deletions
@@ -69,10 +69,11 @@ All three programs run from the project root. Start them in order in separate te build/ServerLDS 4840 "urn:bobink.ServerLDS" \ certs/ServerLDS_cert.der certs/ServerLDS_key.der \ 60 \ + user user password \ certs/ServerRegisterClient_cert.der certs/ClientFindServers_cert.der ``` -Args: `<port> <applicationUri> <cert> <key> <cleanup-timeout-seconds> [trustlist...]` +Args: `<port> <applicationUri> <cert> <key> <cleanup-timeout-seconds> <auth-mode> [<username> <password>] [trustlist...]` The trustlist must include the client certs that will connect over encrypted channels: `ServerRegisterClient_cert.der` (used by `ServerRegister`) and `ClientFindServers_cert.der` (used by `ClientFindServers`). Cleanup timeout must be > 10. @@ -84,12 +85,14 @@ build/ServerRegister 4841 "urn:bobink.ServerRegister" \ certs/ServerRegisterClient_cert.der certs/ServerRegisterClient_key.der \ "opc.tcp://localhost:4840" 10 \ SignAndEncrypt Aes128_Sha256_RsaOaep \ + user user password \ + user user password \ certs/ServerLDS_cert.der certs/ClientFindServers_cert.der ``` -Args: `<port> <applicationUri> <server-cert> <server-key> <client-cert> <client-key> <discovery-endpoint> <register-interval-seconds> <security-mode> <security-policy> [trustlist...]` +Args: `<port> <applicationUri> <server-cert> <server-key> <client-cert> <client-key> <discovery-endpoint> <register-interval-seconds> <security-mode> <security-policy> <server-auth-mode> [<server-user> <server-pass>] <client-auth-mode> [<client-user> <client-pass>] [trustlist...]` -Uses separate server/client certificate pairs. The client cert+key are for the secure channel to the LDS. Re-registers periodically at the given interval. Trustlist should include the LDS cert and any client certs that will query this server's endpoints (e.g. `ClientFindServers_cert.der`). +Uses separate server/client certificate pairs. The client cert+key are for the secure channel to the LDS. Re-registers periodically at the given interval. Server auth mode controls what clients connecting to this server need; client auth mode controls how this server authenticates to the LDS. Trustlist should include the LDS cert and any client certs that will query this server's endpoints (e.g. `ClientFindServers_cert.der`). **3. Find Servers Client** @@ -98,14 +101,15 @@ build/ClientFindServers "opc.tcp://localhost:4840" \ "urn:bobink.ClientFindServers" \ certs/ClientFindServers_cert.der certs/ClientFindServers_key.der \ SignAndEncrypt Aes128_Sha256_RsaOaep \ + user user password \ certs/ServerLDS_cert.der certs/ServerRegister_cert.der ``` -Args: `<discovery-server-endpoint> <applicationUri> <cert> <key> <security-mode> <security-policy> [trustlist...]` +Args: `<discovery-server-endpoint> <applicationUri> <cert> <key> <security-mode> <security-policy> <auth-mode> [<username> <password>] [trustlist...]` -Queries the LDS and prints all registered servers and their endpoints. The trustlist should include the certs of all servers whose endpoints will be queried. +Queries the LDS and prints all registered servers and their endpoints. Auth mode controls how the client authenticates when reading server time. The trustlist should include the certs of all servers whose endpoints will be queried. -**Security options** (for both ServerRegister and ClientFindServers): +**Security and auth options** (for both ServerRegister and ClientFindServers): | Security modes | Security policies | |----------------|-------------------| @@ -115,6 +119,11 @@ Queries the LDS and prints all registered servers and their endpoints. The trust | | `Aes128_Sha256_RsaOaep` | | | `ECC_nistP256` | +| Auth modes | Description | +|------------|-------------| +| `anonymous` | No session credentials | +| `user` | Username/password (requires two extra args) | + ## Project Structure | Path | Purpose | |