From 827e90e0daabe32e058e08dd2a253425898a7e7a Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Tue, 17 Feb 2026 19:06:22 +0100 Subject: Replace ClientFindServers with unified Client, use trust store directories Replace the single-purpose ClientFindServers program with a unified Client that supports three operations via CLI: find-servers, get-endpoints, and read-time. This simplifies the architecture by using one client binary with a single config file instead of a monolithic program that did everything in one run. Split the ServerRegister config into separate server and client config files so the LDS-registration credentials are isolated from the server's own settings. The discovery URL moves from config to a CLI argument. Replace repeated trustList config entries with a single trustStore directory path. Each program now points to a directory under certs/trust/ containing .der files, so adding or removing trust is a file-copy operation rather than editing every config file. Add loadTrustStore()/freeTrustStore() to common.c and remove the now-unused configGetAll() from the config parser. Simplify the test matrix from 6 to 4 cases (security and auth are orthogonal, so the full 3x2 matrix is unnecessary). Update run_test.sh to invoke the new Client three times and use port-polling instead of sleep. --- tests/basic256sha256_anon/client.conf | 9 +++++++++ tests/basic256sha256_anon/client_find_servers.conf | 20 -------------------- tests/basic256sha256_anon/server_lds.conf | 3 +-- tests/basic256sha256_anon/server_register.conf | 19 +++++-------------- .../basic256sha256_anon/server_register_client.conf | 12 ++++++++++++ 5 files changed, 27 insertions(+), 36 deletions(-) create mode 100644 tests/basic256sha256_anon/client.conf delete mode 100644 tests/basic256sha256_anon/client_find_servers.conf create mode 100644 tests/basic256sha256_anon/server_register_client.conf (limited to 'tests/basic256sha256_anon') diff --git a/tests/basic256sha256_anon/client.conf b/tests/basic256sha256_anon/client.conf new file mode 100644 index 0000000..e46bb4c --- /dev/null +++ b/tests/basic256sha256_anon/client.conf @@ -0,0 +1,9 @@ +# Client — test: basic256sha256_anon + +applicationUri = urn:bobink.ClientFindServers +certificate = certs/ClientFindServers_cert.der +privateKey = certs/ClientFindServers_key.der +securityMode = SignAndEncrypt +securityPolicy = Basic256Sha256 +authMode = anonymous +trustStore = certs/trust/client diff --git a/tests/basic256sha256_anon/client_find_servers.conf b/tests/basic256sha256_anon/client_find_servers.conf deleted file mode 100644 index 332c3da..0000000 --- a/tests/basic256sha256_anon/client_find_servers.conf +++ /dev/null @@ -1,20 +0,0 @@ -# ClientFindServers — test: basic256sha256_anon - -discoveryEndpoint = opc.tcp://localhost:14840 -applicationUri = urn:bobink.ClientFindServers - -# Discovery (LDS) side -discoveryCertificate = certs/ClientFindServers_cert.der -discoveryPrivateKey = certs/ClientFindServers_key.der -discoverySecurityMode = SignAndEncrypt -discoverySecurityPolicy = Basic256Sha256 -discoveryAuthMode = anonymous -discoveryTrustList = certs/ServerLDS_cert.der - -# Server side -serverCertificate = certs/ClientFindServers_cert.der -serverPrivateKey = certs/ClientFindServers_key.der -serverSecurityMode = SignAndEncrypt -serverSecurityPolicy = Basic256Sha256 -serverAuthMode = anonymous -serverTrustList = certs/ServerRegister_cert.der diff --git a/tests/basic256sha256_anon/server_lds.conf b/tests/basic256sha256_anon/server_lds.conf index 7da2fd6..add5f46 100644 --- a/tests/basic256sha256_anon/server_lds.conf +++ b/tests/basic256sha256_anon/server_lds.conf @@ -8,5 +8,4 @@ cleanupTimeout = 60 authMode = anonymous -trustList = certs/ServerRegisterClient_cert.der -trustList = certs/ClientFindServers_cert.der +trustStore = certs/trust/server_lds diff --git a/tests/basic256sha256_anon/server_register.conf b/tests/basic256sha256_anon/server_register.conf index 798bf31..a5f904c 100644 --- a/tests/basic256sha256_anon/server_register.conf +++ b/tests/basic256sha256_anon/server_register.conf @@ -1,21 +1,12 @@ -# ServerRegister — test: basic256sha256_anon +# ServerRegister server config — test: basic256sha256_anon port = 14841 applicationUri = urn:bobink.ServerRegister -serverCertificate = certs/ServerRegister_cert.der -serverPrivateKey = certs/ServerRegister_key.der -clientCertificate = certs/ServerRegisterClient_cert.der -clientPrivateKey = certs/ServerRegisterClient_key.der +certificate = certs/ServerRegister_cert.der +privateKey = certs/ServerRegister_key.der -discoveryEndpoint = opc.tcp://localhost:14840 registerInterval = 10 -securityMode = SignAndEncrypt -securityPolicy = Basic256Sha256 +authMode = anonymous -serverAuthMode = anonymous - -clientAuthMode = anonymous - -trustList = certs/ServerLDS_cert.der -trustList = certs/ClientFindServers_cert.der +trustStore = certs/trust/server_register diff --git a/tests/basic256sha256_anon/server_register_client.conf b/tests/basic256sha256_anon/server_register_client.conf new file mode 100644 index 0000000..3a80d21 --- /dev/null +++ b/tests/basic256sha256_anon/server_register_client.conf @@ -0,0 +1,12 @@ +# ServerRegister client config — test: basic256sha256_anon + +applicationUri = urn:bobink.ServerRegister +certificate = certs/ServerRegisterClient_cert.der +privateKey = certs/ServerRegisterClient_key.der + +securityMode = SignAndEncrypt +securityPolicy = Basic256Sha256 + +authMode = anonymous + +trustStore = certs/trust/server_register_client -- cgit v1.2.3