From 827e90e0daabe32e058e08dd2a253425898a7e7a Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Tue, 17 Feb 2026 19:06:22 +0100
Subject: Replace ClientFindServers with unified Client, use trust store
 directories

Replace the single-purpose ClientFindServers program with a unified Client
that supports three operations via CLI: find-servers, get-endpoints, and
read-time.  This simplifies the architecture by using one client binary with
a single config file instead of a monolithic program that did everything in
one run.

Split the ServerRegister config into separate server and client config files
so the LDS-registration credentials are isolated from the server's own
settings.  The discovery URL moves from config to a CLI argument.

Replace repeated trustList config entries with a single trustStore directory
path.  Each program now points to a directory under certs/trust/ containing
.der files, so adding or removing trust is a file-copy operation rather than
editing every config file.  Add loadTrustStore()/freeTrustStore() to
common.c and remove the now-unused configGetAll() from the config parser.

Simplify the test matrix from 6 to 4 cases (security and auth are
orthogonal, so the full 3x2 matrix is unnecessary).  Update run_test.sh to
invoke the new Client three times and use port-polling instead of sleep.
---
 config/server_register_client.conf | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 config/server_register_client.conf

(limited to 'config/server_register_client.conf')

diff --git a/config/server_register_client.conf b/config/server_register_client.conf
new file mode 100644
index 0000000..e4598a9
--- /dev/null
+++ b/config/server_register_client.conf
@@ -0,0 +1,26 @@
+# ServerRegister — client configuration for LDS registration
+#
+# Keys:
+#   applicationUri    OPC UA application URI
+#   certificate       Path to client certificate (.der)
+#   privateKey        Path to client private key (.der)
+#   securityMode      None, Sign, or SignAndEncrypt
+#   securityPolicy    None, Basic256Sha256, Aes256_Sha256_RsaPss,
+#                     Aes128_Sha256_RsaOaep, or ECC_nistP256
+#   authMode          "anonymous" or "user"
+#   username          Username (required when authMode = user)
+#   password          Password (required when authMode = user)
+#   trustStore        Directory containing trusted certificates (.der)
+
+applicationUri = urn:bobink.ServerRegister
+certificate = certs/ServerRegisterClient_cert.der
+privateKey = certs/ServerRegisterClient_key.der
+
+securityMode = SignAndEncrypt
+securityPolicy = Aes256_Sha256_RsaPss
+
+authMode = user
+username = user
+password = password
+
+trustStore = certs/trust/server_register_client
-- 
cgit v1.2.3