From 99b5b4416193fafaa815746ea756900d2ab26917 Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Wed, 18 Feb 2026 15:39:29 +0100 Subject: Make client/server encryption optional, rename tests to full names Make encryption optional for both ServerRegister's LDS client connection and the server side of ServerLDS/ServerRegister: when certificate, privateKey, and trustStore are omitted the programs run with SecurityPolicy#None only. Secure servers also add a discovery-only None endpoint so unencrypted clients can still call FindServers and GetEndpoints. Consolidate tests from 5 policy-specific cases (nosec_anon, none_user, basic256sha256_anon, aes256_anon, aes128_user) down to 3 that cover the important axes: unsecure_anonymous, secure_anonymous, secure_user. Rename directories to use full names. Auto-generate certificates and trust stores in run_test.sh. Update readme and CLAUDE.md to reflect the current program interface (unified Client binary, split ServerRegister configs) and the new test names. --- tests/unsecure_anonymous/client.conf | 15 +++++++++++++++ tests/unsecure_anonymous/server_lds.conf | 13 +++++++++++++ tests/unsecure_anonymous/server_register.conf | 8 ++++++++ tests/unsecure_anonymous/server_register_client.conf | 13 +++++++++++++ 4 files changed, 49 insertions(+) create mode 100644 tests/unsecure_anonymous/client.conf create mode 100644 tests/unsecure_anonymous/server_lds.conf create mode 100644 tests/unsecure_anonymous/server_register.conf create mode 100644 tests/unsecure_anonymous/server_register_client.conf (limited to 'tests/unsecure_anonymous') diff --git a/tests/unsecure_anonymous/client.conf b/tests/unsecure_anonymous/client.conf new file mode 100644 index 0000000..d93000e --- /dev/null +++ b/tests/unsecure_anonymous/client.conf @@ -0,0 +1,15 @@ +# Client — test: unsecure_anonymous +# Has certs for encryption support (needed to negotiate with the secured +# LDS) but no securityMode/securityPolicy — lets the client auto-select +# the best available endpoint on each server. + +applicationUri = urn:localhost:bobink:Client + +# certificate = certs/Client_cert.der +# privateKey = certs/Client_key.der +# trustStore = certs/trust/client +# +securityMode = None +securityPolicy = None + +authMode = anonymous diff --git a/tests/unsecure_anonymous/server_lds.conf b/tests/unsecure_anonymous/server_lds.conf new file mode 100644 index 0000000..b50d03f --- /dev/null +++ b/tests/unsecure_anonymous/server_lds.conf @@ -0,0 +1,13 @@ +# ServerLDS — test: unsecure_anonymous +# Secured LDS with discovery-only None endpoint. + +port = 14840 +applicationUri = urn:localhost:bobink:ServerLDS + +# certificate = certs/ServerLDS_cert.der +# privateKey = certs/ServerLDS_key.der +# trustStore = certs/trust/server_lds + +authMode = anonymous + +cleanupTimeout = 60 diff --git a/tests/unsecure_anonymous/server_register.conf b/tests/unsecure_anonymous/server_register.conf new file mode 100644 index 0000000..db96fa7 --- /dev/null +++ b/tests/unsecure_anonymous/server_register.conf @@ -0,0 +1,8 @@ +# ServerRegister server config — test: unsecure_anonymous + +port = 14841 +applicationUri = urn:localhost:bobink:ServerRegister + +authMode = anonymous + +registerInterval = 10 diff --git a/tests/unsecure_anonymous/server_register_client.conf b/tests/unsecure_anonymous/server_register_client.conf new file mode 100644 index 0000000..c2ae348 --- /dev/null +++ b/tests/unsecure_anonymous/server_register_client.conf @@ -0,0 +1,13 @@ +# ServerRegister client config — test: unsecure_anonymous +# Registers with the secured LDS over an encrypted channel. + +applicationUri = urn:localhost:bobink:ServerRegister + +certificate = certs/ServerRegisterClient_cert.der +privateKey = certs/ServerRegisterClient_key.der +trustStore = certs/trust/server_register_client + +securityMode = None +securityPolicy = None + +authMode = anonymous -- cgit v1.2.3