From 827e90e0daabe32e058e08dd2a253425898a7e7a Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Tue, 17 Feb 2026 19:06:22 +0100 Subject: Replace ClientFindServers with unified Client, use trust store directories Replace the single-purpose ClientFindServers program with a unified Client that supports three operations via CLI: find-servers, get-endpoints, and read-time. This simplifies the architecture by using one client binary with a single config file instead of a monolithic program that did everything in one run. Split the ServerRegister config into separate server and client config files so the LDS-registration credentials are isolated from the server's own settings. The discovery URL moves from config to a CLI argument. Replace repeated trustList config entries with a single trustStore directory path. Each program now points to a directory under certs/trust/ containing .der files, so adding or removing trust is a file-copy operation rather than editing every config file. Add loadTrustStore()/freeTrustStore() to common.c and remove the now-unused configGetAll() from the config parser. Simplify the test matrix from 6 to 4 cases (security and auth are orthogonal, so the full 3x2 matrix is unnecessary). Update run_test.sh to invoke the new Client three times and use port-polling instead of sleep. --- config/server_register.conf | 54 ++++++++++++++------------------------------- 1 file changed, 16 insertions(+), 38 deletions(-) (limited to 'config/server_register.conf') diff --git a/config/server_register.conf b/config/server_register.conf index c32c61e..ddacbac 100644 --- a/config/server_register.conf +++ b/config/server_register.conf @@ -1,47 +1,25 @@ -# ServerRegister configuration +# ServerRegister — server configuration # # Keys: -# port Server port number -# applicationUri OPC UA application URI -# serverCertificate Path to server certificate (.der) -# serverPrivateKey Path to server private key (.der) -# clientCertificate Path to client certificate for LDS connection (.der) -# clientPrivateKey Path to client private key for LDS connection (.der) -# discoveryEndpoint LDS endpoint URL (e.g. opc.tcp://localhost:4840) -# registerInterval Seconds between re-registrations with the LDS -# securityMode None, Sign, or SignAndEncrypt -# securityPolicy None, Basic256Sha256, Aes256_Sha256_RsaPss, -# Aes128_Sha256_RsaOaep, or ECC_nistP256 -# serverAuthMode Auth mode for clients connecting to this server: -# "anonymous" or "user" -# serverUsername Username (required when serverAuthMode = user) -# serverPassword Password (required when serverAuthMode = user) -# clientAuthMode Auth mode for connecting to the LDS: -# "anonymous" or "user" -# clientUsername Username (required when clientAuthMode = user) -# clientPassword Password (required when clientAuthMode = user) -# trustList Trusted certificate path (repeat for multiple) +# port Server port number +# applicationUri OPC UA application URI +# certificate Path to server certificate (.der) +# privateKey Path to server private key (.der) +# registerInterval Seconds between re-registrations with the LDS +# authMode "anonymous" or "user" +# username Username (required when authMode = user) +# password Password (required when authMode = user) +# trustStore Directory containing trusted certificates (.der) port = 4841 applicationUri = urn:bobink.ServerRegister -serverCertificate = certs/ServerRegister_cert.der -serverPrivateKey = certs/ServerRegister_key.der -clientCertificate = certs/ServerRegisterClient_cert.der -clientPrivateKey = certs/ServerRegisterClient_key.der +certificate = certs/ServerRegister_cert.der +privateKey = certs/ServerRegister_key.der -discoveryEndpoint = opc.tcp://localhost:4840 registerInterval = 10 -securityMode = SignAndEncrypt -securityPolicy = Aes256_Sha256_RsaPss +authMode = user +username = user +password = password -serverAuthMode = user -serverUsername = user -serverPassword = password - -clientAuthMode = user -clientUsername = user -clientPassword = password - -trustList = certs/ServerLDS_cert.der -trustList = certs/ClientFindServers_cert.der +trustStore = certs/trust/server_register -- cgit v1.2.3