19 files changed, 412 insertions, 0 deletions

diff --git a/tests/aes128_anon/client_find_servers.conf b/tests/aes128_anon/client_find_servers.conf
new file mode 100644
index 0000000..87eed56
--- /dev/null
+++ b/tests/aes128_anon/client_find_servers.conf
@@ -0,0 +1,14 @@
+# ClientFindServers — test: aes128_anon
+
+discoveryEndpoint = opc.tcp://localhost:14840
+applicationUri = urn:bobink.ClientFindServers
+certificate = certs/ClientFindServers_cert.der
+privateKey = certs/ClientFindServers_key.der
+
+securityMode = SignAndEncrypt
+securityPolicy = Aes128_Sha256_RsaOaep
+
+authMode = anonymous
+
+trustList = certs/ServerLDS_cert.der
+trustList = certs/ServerRegister_cert.der
diff --git a/tests/aes128_anon/server_lds.conf b/tests/aes128_anon/server_lds.conf
new file mode 100644
index 0000000..e8601d0
--- /dev/null
+++ b/tests/aes128_anon/server_lds.conf
@@ -0,0 +1,12 @@
+# ServerLDS — test: aes128_anon
+
+port = 14840
+applicationUri = urn:bobink.ServerLDS
+certificate = certs/ServerLDS_cert.der
+privateKey = certs/ServerLDS_key.der
+cleanupTimeout = 60
+
+authMode = anonymous
+
+trustList = certs/ServerRegisterClient_cert.der
+trustList = certs/ClientFindServers_cert.der
diff --git a/tests/aes128_anon/server_register.conf b/tests/aes128_anon/server_register.conf
new file mode 100644
index 0000000..8a8d1d1
--- /dev/null
+++ b/tests/aes128_anon/server_register.conf
@@ -0,0 +1,21 @@
+# ServerRegister — test: aes128_anon
+
+port = 14841
+applicationUri = urn:bobink.ServerRegister
+serverCertificate = certs/ServerRegister_cert.der
+serverPrivateKey = certs/ServerRegister_key.der
+clientCertificate = certs/ServerRegisterClient_cert.der
+clientPrivateKey = certs/ServerRegisterClient_key.der
+
+discoveryEndpoint = opc.tcp://localhost:14840
+registerInterval = 10
+
+securityMode = SignAndEncrypt
+securityPolicy = Aes128_Sha256_RsaOaep
+
+serverAuthMode = anonymous
+
+clientAuthMode = anonymous
+
+trustList = certs/ServerLDS_cert.der
+trustList = certs/ClientFindServers_cert.der
diff --git a/tests/aes128_user/client_find_servers.conf b/tests/aes128_user/client_find_servers.conf
new file mode 100644
index 0000000..58d7bd1
--- /dev/null
+++ b/tests/aes128_user/client_find_servers.conf
@@ -0,0 +1,16 @@
+# ClientFindServers — test: aes128_user
+
+discoveryEndpoint = opc.tcp://localhost:14840
+applicationUri = urn:bobink.ClientFindServers
+certificate = certs/ClientFindServers_cert.der
+privateKey = certs/ClientFindServers_key.der
+
+securityMode = SignAndEncrypt
+securityPolicy = Aes128_Sha256_RsaOaep
+
+authMode = user
+username = user
+password = password
+
+trustList = certs/ServerLDS_cert.der
+trustList = certs/ServerRegister_cert.der
diff --git a/tests/aes128_user/server_lds.conf b/tests/aes128_user/server_lds.conf
new file mode 100644
index 0000000..484512a
--- /dev/null
+++ b/tests/aes128_user/server_lds.conf
@@ -0,0 +1,14 @@
+# ServerLDS — test: aes128_user
+
+port = 14840
+applicationUri = urn:bobink.ServerLDS
+certificate = certs/ServerLDS_cert.der
+privateKey = certs/ServerLDS_key.der
+cleanupTimeout = 60
+
+authMode = user
+username = user
+password = password
+
+trustList = certs/ServerRegisterClient_cert.der
+trustList = certs/ClientFindServers_cert.der
diff --git a/tests/aes128_user/server_register.conf b/tests/aes128_user/server_register.conf
new file mode 100644
index 0000000..e100129
--- /dev/null
+++ b/tests/aes128_user/server_register.conf
@@ -0,0 +1,25 @@
+# ServerRegister — test: aes128_user
+
+port = 14841
+applicationUri = urn:bobink.ServerRegister
+serverCertificate = certs/ServerRegister_cert.der
+serverPrivateKey = certs/ServerRegister_key.der
+clientCertificate = certs/ServerRegisterClient_cert.der
+clientPrivateKey = certs/ServerRegisterClient_key.der
+
+discoveryEndpoint = opc.tcp://localhost:14840
+registerInterval = 10
+
+securityMode = SignAndEncrypt
+securityPolicy = Aes128_Sha256_RsaOaep
+
+serverAuthMode = user
+serverUsername = user
+serverPassword = password
+
+clientAuthMode = user
+clientUsername = user
+clientPassword = password
+
+trustList = certs/ServerLDS_cert.der
+trustList = certs/ClientFindServers_cert.der
diff --git a/tests/basic256sha256_anon/client_find_servers.conf b/tests/basic256sha256_anon/client_find_servers.conf
new file mode 100644
index 0000000..fb3d9d4
--- /dev/null
+++ b/tests/basic256sha256_anon/client_find_servers.conf
@@ -0,0 +1,14 @@
+# ClientFindServers — test: basic256sha256_anon
+
+discoveryEndpoint = opc.tcp://localhost:14840
+applicationUri = urn:bobink.ClientFindServers
+certificate = certs/ClientFindServers_cert.der
+privateKey = certs/ClientFindServers_key.der
+
+securityMode = SignAndEncrypt
+securityPolicy = Basic256Sha256
+
+authMode = anonymous
+
+trustList = certs/ServerLDS_cert.der
+trustList = certs/ServerRegister_cert.der
diff --git a/tests/basic256sha256_anon/server_lds.conf b/tests/basic256sha256_anon/server_lds.conf
new file mode 100644
index 0000000..7da2fd6
--- /dev/null
+++ b/tests/basic256sha256_anon/server_lds.conf
@@ -0,0 +1,12 @@
+# ServerLDS — test: basic256sha256_anon
+
+port = 14840
+applicationUri = urn:bobink.ServerLDS
+certificate = certs/ServerLDS_cert.der
+privateKey = certs/ServerLDS_key.der
+cleanupTimeout = 60
+
+authMode = anonymous
+
+trustList = certs/ServerRegisterClient_cert.der
+trustList = certs/ClientFindServers_cert.der
diff --git a/tests/basic256sha256_anon/server_register.conf b/tests/basic256sha256_anon/server_register.conf
new file mode 100644
index 0000000..798bf31
--- /dev/null
+++ b/tests/basic256sha256_anon/server_register.conf
@@ -0,0 +1,21 @@
+# ServerRegister — test: basic256sha256_anon
+
+port = 14841
+applicationUri = urn:bobink.ServerRegister
+serverCertificate = certs/ServerRegister_cert.der
+serverPrivateKey = certs/ServerRegister_key.der
+clientCertificate = certs/ServerRegisterClient_cert.der
+clientPrivateKey = certs/ServerRegisterClient_key.der
+
+discoveryEndpoint = opc.tcp://localhost:14840
+registerInterval = 10
+
+securityMode = SignAndEncrypt
+securityPolicy = Basic256Sha256
+
+serverAuthMode = anonymous
+
+clientAuthMode = anonymous
+
+trustList = certs/ServerLDS_cert.der
+trustList = certs/ClientFindServers_cert.der
diff --git a/tests/basic256sha256_user/client_find_servers.conf b/tests/basic256sha256_user/client_find_servers.conf
new file mode 100644
index 0000000..93f511c
--- /dev/null
+++ b/tests/basic256sha256_user/client_find_servers.conf
@@ -0,0 +1,16 @@
+# ClientFindServers — test: basic256sha256_user
+
+discoveryEndpoint = opc.tcp://localhost:14840
+applicationUri = urn:bobink.ClientFindServers
+certificate = certs/ClientFindServers_cert.der
+privateKey = certs/ClientFindServers_key.der
+
+securityMode = SignAndEncrypt
+securityPolicy = Basic256Sha256
+
+authMode = user
+username = user
+password = password
+
+trustList = certs/ServerLDS_cert.der
+trustList = certs/ServerRegister_cert.der
diff --git a/tests/basic256sha256_user/server_lds.conf b/tests/basic256sha256_user/server_lds.conf
new file mode 100644
index 0000000..6841bb6
--- /dev/null
+++ b/tests/basic256sha256_user/server_lds.conf
@@ -0,0 +1,14 @@
+# ServerLDS — test: basic256sha256_user
+
+port = 14840
+applicationUri = urn:bobink.ServerLDS
+certificate = certs/ServerLDS_cert.der
+privateKey = certs/ServerLDS_key.der
+cleanupTimeout = 60
+
+authMode = user
+username = user
+password = password
+
+trustList = certs/ServerRegisterClient_cert.der
+trustList = certs/ClientFindServers_cert.der
diff --git a/tests/basic256sha256_user/server_register.conf b/tests/basic256sha256_user/server_register.conf
new file mode 100644
index 0000000..636edd8
--- /dev/null
+++ b/tests/basic256sha256_user/server_register.conf
@@ -0,0 +1,25 @@
+# ServerRegister — test: basic256sha256_user
+
+port = 14841
+applicationUri = urn:bobink.ServerRegister
+serverCertificate = certs/ServerRegister_cert.der
+serverPrivateKey = certs/ServerRegister_key.der
+clientCertificate = certs/ServerRegisterClient_cert.der
+clientPrivateKey = certs/ServerRegisterClient_key.der
+
+discoveryEndpoint = opc.tcp://localhost:14840
+registerInterval = 10
+
+securityMode = SignAndEncrypt
+securityPolicy = Basic256Sha256
+
+serverAuthMode = user
+serverUsername = user
+serverPassword = password
+
+clientAuthMode = user
+clientUsername = user
+clientPassword = password
+
+trustList = certs/ServerLDS_cert.der
+trustList = certs/ClientFindServers_cert.der
diff --git a/tests/none_anon/client_find_servers.conf b/tests/none_anon/client_find_servers.conf
new file mode 100644
index 0000000..8d874e7
--- /dev/null
+++ b/tests/none_anon/client_find_servers.conf
@@ -0,0 +1,14 @@
+# ClientFindServers — test: none_anon
+
+discoveryEndpoint = opc.tcp://localhost:14840
+applicationUri = urn:bobink.ClientFindServers
+certificate = certs/ClientFindServers_cert.der
+privateKey = certs/ClientFindServers_key.der
+
+securityMode = None
+securityPolicy = None
+
+authMode = anonymous
+
+trustList = certs/ServerLDS_cert.der
+trustList = certs/ServerRegister_cert.der
diff --git a/tests/none_anon/server_lds.conf b/tests/none_anon/server_lds.conf
new file mode 100644
index 0000000..705b51f
--- /dev/null
+++ b/tests/none_anon/server_lds.conf
@@ -0,0 +1,12 @@
+# ServerLDS — test: none_anon
+
+port = 14840
+applicationUri = urn:bobink.ServerLDS
+certificate = certs/ServerLDS_cert.der
+privateKey = certs/ServerLDS_key.der
+cleanupTimeout = 60
+
+authMode = anonymous
+
+trustList = certs/ServerRegisterClient_cert.der
+trustList = certs/ClientFindServers_cert.der
diff --git a/tests/none_anon/server_register.conf b/tests/none_anon/server_register.conf
new file mode 100644
index 0000000..349b6c7
--- /dev/null
+++ b/tests/none_anon/server_register.conf
@@ -0,0 +1,21 @@
+# ServerRegister — test: none_anon
+
+port = 14841
+applicationUri = urn:bobink.ServerRegister
+serverCertificate = certs/ServerRegister_cert.der
+serverPrivateKey = certs/ServerRegister_key.der
+clientCertificate = certs/ServerRegisterClient_cert.der
+clientPrivateKey = certs/ServerRegisterClient_key.der
+
+discoveryEndpoint = opc.tcp://localhost:14840
+registerInterval = 10
+
+securityMode = None
+securityPolicy = None
+
+serverAuthMode = anonymous
+
+clientAuthMode = anonymous
+
+trustList = certs/ServerLDS_cert.der
+trustList = certs/ClientFindServers_cert.der
diff --git a/tests/none_user/client_find_servers.conf b/tests/none_user/client_find_servers.conf
new file mode 100644
index 0000000..10e9888
--- /dev/null
+++ b/tests/none_user/client_find_servers.conf
@@ -0,0 +1,16 @@
+# ClientFindServers — test: none_user
+
+discoveryEndpoint = opc.tcp://localhost:14840
+applicationUri = urn:bobink.ClientFindServers
+certificate = certs/ClientFindServers_cert.der
+privateKey = certs/ClientFindServers_key.der
+
+securityMode = None
+securityPolicy = None
+
+authMode = user
+username = user
+password = password
+
+trustList = certs/ServerLDS_cert.der
+trustList = certs/ServerRegister_cert.der
diff --git a/tests/none_user/server_lds.conf b/tests/none_user/server_lds.conf
new file mode 100644
index 0000000..eb6c2ff
--- /dev/null
+++ b/tests/none_user/server_lds.conf
@@ -0,0 +1,14 @@
+# ServerLDS — test: none_user
+
+port = 14840
+applicationUri = urn:bobink.ServerLDS
+certificate = certs/ServerLDS_cert.der
+privateKey = certs/ServerLDS_key.der
+cleanupTimeout = 60
+
+authMode = user
+username = user
+password = password
+
+trustList = certs/ServerRegisterClient_cert.der
+trustList = certs/ClientFindServers_cert.der
diff --git a/tests/none_user/server_register.conf b/tests/none_user/server_register.conf
new file mode 100644
index 0000000..890790e
--- /dev/null
+++ b/tests/none_user/server_register.conf
@@ -0,0 +1,25 @@
+# ServerRegister — test: none_user
+
+port = 14841
+applicationUri = urn:bobink.ServerRegister
+serverCertificate = certs/ServerRegister_cert.der
+serverPrivateKey = certs/ServerRegister_key.der
+clientCertificate = certs/ServerRegisterClient_cert.der
+clientPrivateKey = certs/ServerRegisterClient_key.der
+
+discoveryEndpoint = opc.tcp://localhost:14840
+registerInterval = 10
+
+securityMode = None
+securityPolicy = None
+
+serverAuthMode = user
+serverUsername = user
+serverPassword = password
+
+clientAuthMode = user
+clientUsername = user
+clientPassword = password
+
+trustList = certs/ServerLDS_cert.der
+trustList = certs/ClientFindServers_cert.der
diff --git a/tests/run_test.sh b/tests/run_test.sh
new file mode 100755
index 0000000..5173fa3
--- /dev/null
+++ b/tests/run_test.sh
@@ -0,0 +1,106 @@
+#!/usr/bin/env bash
+# ---------------------------------------------------------------
+# Integration-test helper for OPC UA discovery.
+#
+# Usage:  tests/run_test.sh <config_dir> <expected_policy>
+#
+#   config_dir       — directory containing server_lds.conf,
+#                      server_register.conf, client_find_servers.conf
+#   expected_policy  — security-policy string that must appear in
+#                      the client's endpoint listing (e.g.
+#                      "Basic256Sha256", "Aes128_Sha256_RsaOaep",
+#                      or "None")
+#
+# Exit: 0 when all checks pass, 1 on any failure.
+# ---------------------------------------------------------------
+set -uo pipefail
+# NOTE: we intentionally omit "set -e" so that every check runs
+# even if the client itself returns non-zero.
+
+CONFIG_DIR="${1:?Usage: $0 <config_dir> <expected_policy>}"
+EXPECTED_POLICY="${2:?Usage: $0 <config_dir> <expected_policy>}"
+
+LDS_PORT=14840
+SR_PORT=14841
+LDS_PID=""
+SR_PID=""
+TMPFILE=""
+FAILURES=0
+
+# ── cleanup ────────────────────────────────────────────────────
+cleanup() {
+	[ -n "$LDS_PID" ] && kill "$LDS_PID" 2>/dev/null && wait "$LDS_PID" 2>/dev/null
+	[ -n "$SR_PID" ] && kill "$SR_PID" 2>/dev/null && wait "$SR_PID" 2>/dev/null
+	[ -n "$TMPFILE" ] && rm -f "$TMPFILE"
+}
+trap cleanup EXIT
+
+# ── port check ─────────────────────────────────────────────────
+for port in $LDS_PORT $SR_PORT; do
+	if ss -tlnp 2>/dev/null | grep -q ":${port} "; then
+		echo "FAIL: port $port is already in use"
+		exit 1
+	fi
+done
+
+# ── start LDS ──────────────────────────────────────────────────
+build/ServerLDS "$CONFIG_DIR/server_lds.conf" >/dev/null 2>&1 &
+LDS_PID=$!
+sleep 2
+if ! kill -0 "$LDS_PID" 2>/dev/null; then
+	echo "FAIL: ServerLDS exited prematurely"
+	exit 1
+fi
+
+# ── start ServerRegister ───────────────────────────────────────
+build/ServerRegister "$CONFIG_DIR/server_register.conf" >/dev/null 2>&1 &
+SR_PID=$!
+sleep 3
+if ! kill -0 "$SR_PID" 2>/dev/null; then
+	echo "FAIL: ServerRegister exited prematurely"
+	exit 1
+fi
+
+# ── run client ─────────────────────────────────────────────────
+TMPFILE=$(mktemp)
+# UA_Log_Stdout writes to stdout; capture both stdout and stderr.
+build/ClientFindServers "$CONFIG_DIR/client_find_servers.conf" >"$TMPFILE" 2>&1
+CLIENT_RC=$?
+CLIENT_OUTPUT=$(<"$TMPFILE")
+
+# ── validation checks ─────────────────────────────────────────
+check() {
+	local label="$1" result="$2"
+	if [ "$result" -eq 0 ]; then
+		echo "PASS: $label"
+	else
+		echo "FAIL: $label"
+		FAILURES=$((FAILURES + 1))
+	fi
+}
+
+# 1. Exit code
+[ "$CLIENT_RC" -eq 0 ]
+check "client exit code is 0 (got $CLIENT_RC)" $?
+
+# 2. FindServers returned the registered server
+echo "$CLIENT_OUTPUT" | grep -q "urn:bobink.ServerRegister"
+check "FindServers contains urn:bobink.ServerRegister" $?
+
+# 3. Client read the current time
+echo "$CLIENT_OUTPUT" | grep -q "date is:"
+check "client read current time" $?
+
+# 4. Endpoint lists expected security policy
+echo "$CLIENT_OUTPUT" | grep -q "$EXPECTED_POLICY"
+check "endpoint contains $EXPECTED_POLICY" $?
+
+# ── result ─────────────────────────────────────────────────────
+if [ "$FAILURES" -ne 0 ]; then
+	echo ""
+	echo "--- client output ---"
+	echo "$CLIENT_OUTPUT"
+	echo "--- end ---"
+	exit 1
+fi
+exit 0