From 827e90e0daabe32e058e08dd2a253425898a7e7a Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Tue, 17 Feb 2026 19:06:22 +0100
Subject: Replace ClientFindServers with unified Client, use trust store
 directories

Replace the single-purpose ClientFindServers program with a unified Client
that supports three operations via CLI: find-servers, get-endpoints, and
read-time.  This simplifies the architecture by using one client binary with
a single config file instead of a monolithic program that did everything in
one run.

Split the ServerRegister config into separate server and client config files
so the LDS-registration credentials are isolated from the server's own
settings.  The discovery URL moves from config to a CLI argument.

Replace repeated trustList config entries with a single trustStore directory
path.  Each program now points to a directory under certs/trust/ containing
.der files, so adding or removing trust is a file-copy operation rather than
editing every config file.  Add loadTrustStore()/freeTrustStore() to
common.c and remove the now-unused configGetAll() from the config parser.

Simplify the test matrix from 6 to 4 cases (security and auth are
orthogonal, so the full 3x2 matrix is unnecessary).  Update run_test.sh to
invoke the new Client three times and use port-polling instead of sleep.
---
 src/common.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 100 insertions(+), 14 deletions(-)

(limited to 'src/common.c')

diff --git a/src/common.c b/src/common.c
index 7d378f1..568e4d0 100644
--- a/src/common.c
+++ b/src/common.c
@@ -9,6 +9,7 @@
 #include <open62541/plugin/log_stdout.h>
 #include <open62541/server_config_default.h>
 
+#include <dirent.h>
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -55,6 +56,102 @@ loadFile (const char *const path)
   return fileContents;
 }
 
+/* ========================================================================
+ * Trust Store
+ * ======================================================================== */
+
+int
+loadTrustStore (const char *dirPath, char ***outPaths, size_t *outSize)
+{
+  *outPaths = NULL;
+  *outSize = 0;
+
+  DIR *dir = opendir (dirPath);
+  if (!dir)
+    {
+      UA_LOG_ERROR (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
+                    "Cannot open trust store directory '%s'", dirPath);
+      return -1;
+    }
+
+  size_t capacity = 8;
+  size_t count = 0;
+  char **paths = malloc (capacity * sizeof (char *));
+  if (!paths)
+    {
+      UA_LOG_ERROR (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
+                    "loadTrustStore: out of memory");
+      closedir (dir);
+      return -1;
+    }
+
+  struct dirent *entry;
+  while ((entry = readdir (dir)) != NULL)
+    {
+      const char *name = entry->d_name;
+      size_t nameLen = strlen (name);
+      /* Skip entries that are not *.der files.  5 = strlen("x.der"). */
+      if (nameLen < 5 || strcmp (name + nameLen - 4, ".der") != 0)
+        continue;
+
+      /* Build full path: dirPath/name */
+      size_t dirLen = strlen (dirPath);
+      size_t fullLen = dirLen + 1 + nameLen + 1;
+      char *full = malloc (fullLen);
+      if (!full)
+        {
+          UA_LOG_ERROR (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
+                        "loadTrustStore: out of memory");
+          for (size_t i = 0; i < count; i++)
+            free (paths[i]);
+          free (paths);
+          closedir (dir);
+          return -1;
+        }
+      snprintf (full, fullLen, "%s/%s", dirPath, name);
+
+      if (count == capacity)
+        {
+          capacity *= 2;
+          char **tmp = realloc (paths, capacity * sizeof (char *));
+          if (!tmp)
+            {
+              UA_LOG_ERROR (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
+                            "loadTrustStore: out of memory");
+              free (full);
+              for (size_t i = 0; i < count; i++)
+                free (paths[i]);
+              free (paths);
+              closedir (dir);
+              return -1;
+            }
+          paths = tmp;
+        }
+
+      paths[count++] = full;
+    }
+
+  closedir (dir);
+
+  if (count == 0)
+    {
+      free (paths);
+      return 0;
+    }
+
+  *outPaths = paths;
+  *outSize = count;
+  return 0;
+}
+
+void
+freeTrustStore (char **paths, size_t size)
+{
+  for (size_t i = 0; i < size; i++)
+    free (paths[i]);
+  free (paths);
+}
+
 /* ========================================================================
  * Security Helpers
  * ======================================================================== */
@@ -223,18 +320,12 @@ createSecureServer (UA_UInt16 port, const char *applicationUri,
   for (size_t i = 0; i < trustSize; i++)
     trustList[i] = loadFile (trustPaths[i]);
 
-  /* Issuer and revocation lists are unused in this demo. */
-  size_t issuerListSize = 0;
-  UA_ByteString *issuerList = NULL;
-  UA_ByteString *revocationList = NULL;
-  size_t revocationListSize = 0;
-
   UA_Server *server = UA_Server_new ();
   UA_ServerConfig *config = UA_Server_getConfig (server);
 
   *retval = UA_ServerConfig_setDefaultWithSecurityPolicies (
-      config, port, &certificate, &privateKey, trustList, trustSize,
-      issuerList, issuerListSize, revocationList, revocationListSize);
+      config, port, &certificate, &privateKey, trustList, trustSize, NULL, 0,
+      NULL, 0);
 
   UA_ByteString_clear (&certificate);
   UA_ByteString_clear (&privateKey);
@@ -269,13 +360,8 @@ createSecureClientConfig (UA_ClientConfig *cc, const char *applicationUri,
   for (size_t i = 0; i < trustSize; i++)
     trustList[i] = loadFile (trustPaths[i]);
 
-  /* Revocation list is unused in this demo. */
-  UA_ByteString *revocationList = NULL;
-  size_t revocationListSize = 0;
-
   UA_StatusCode retval = UA_ClientConfig_setDefaultEncryption (
-      cc, certificate, privateKey, trustList, trustSize, revocationList,
-      revocationListSize);
+      cc, certificate, privateKey, trustList, trustSize, NULL, 0);
 
   UA_ByteString_clear (&certificate);
   UA_ByteString_clear (&privateKey);
-- 
cgit v1.2.3