Add configurable transport security profiles and bind address
Adds Security section to appsettings.json with configurable OPC UA transport profiles (None, Basic256Sha256-Sign, Basic256Sha256-SignAndEncrypt), certificate policy settings, and a configurable BindAddress for the OPC UA endpoint. Defaults preserve backward compatibility. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
@@ -49,7 +49,12 @@ namespace ZB.MOM.WW.LmxOpcUa.Tests.Helpers
|
||||
/// Connects the helper to an OPC UA endpoint exposed by the test bridge.
|
||||
/// </summary>
|
||||
/// <param name="endpointUrl">The OPC UA endpoint URL to connect to.</param>
|
||||
public async Task ConnectAsync(string endpointUrl)
|
||||
/// <param name="securityMode">The requested message security mode (default: None).</param>
|
||||
/// <param name="username">Optional username for authenticated connections.</param>
|
||||
/// <param name="password">Optional password for authenticated connections.</param>
|
||||
public async Task ConnectAsync(string endpointUrl,
|
||||
MessageSecurityMode securityMode = MessageSecurityMode.None,
|
||||
string? username = null, string? password = null)
|
||||
{
|
||||
var config = new ApplicationConfiguration
|
||||
{
|
||||
@@ -87,13 +92,64 @@ namespace ZB.MOM.WW.LmxOpcUa.Tests.Helpers
|
||||
await config.Validate(ApplicationType.Client);
|
||||
config.CertificateValidator.CertificateValidation += (_, e) => e.Accept = true;
|
||||
|
||||
var endpoint = CoreClientUtils.SelectEndpoint(config, endpointUrl, false);
|
||||
EndpointDescription endpoint;
|
||||
if (securityMode != MessageSecurityMode.None)
|
||||
{
|
||||
// Ensure client certificate exists for secure connections
|
||||
var app = new ApplicationInstance
|
||||
{
|
||||
ApplicationName = "OpcUaTestClient",
|
||||
ApplicationType = ApplicationType.Client,
|
||||
ApplicationConfiguration = config
|
||||
};
|
||||
await app.CheckApplicationInstanceCertificate(false, 2048);
|
||||
|
||||
// Discover and select endpoint matching the requested mode
|
||||
endpoint = SelectEndpointByMode(endpointUrl, securityMode);
|
||||
}
|
||||
else
|
||||
{
|
||||
endpoint = CoreClientUtils.SelectEndpoint(config, endpointUrl, false);
|
||||
}
|
||||
|
||||
var endpointConfig = EndpointConfiguration.Create(config);
|
||||
var configuredEndpoint = new ConfiguredEndpoint(null, endpoint, endpointConfig);
|
||||
|
||||
UserIdentity identity = username != null
|
||||
? new UserIdentity(username, password ?? "")
|
||||
: new UserIdentity();
|
||||
|
||||
_session = await Session.Create(
|
||||
config, configuredEndpoint, false,
|
||||
"OpcUaTestClient", 30000, null, null);
|
||||
"OpcUaTestClient", 30000, identity, null);
|
||||
}
|
||||
|
||||
private static EndpointDescription SelectEndpointByMode(string endpointUrl, MessageSecurityMode mode)
|
||||
{
|
||||
using var client = DiscoveryClient.Create(new Uri(endpointUrl));
|
||||
var endpoints = client.GetEndpoints(null);
|
||||
|
||||
foreach (var ep in endpoints)
|
||||
{
|
||||
if (ep.SecurityMode == mode && ep.SecurityPolicyUri == SecurityPolicies.Basic256Sha256)
|
||||
{
|
||||
ep.EndpointUrl = endpointUrl;
|
||||
return ep;
|
||||
}
|
||||
}
|
||||
|
||||
// Fall back to any matching mode
|
||||
foreach (var ep in endpoints)
|
||||
{
|
||||
if (ep.SecurityMode == mode)
|
||||
{
|
||||
ep.EndpointUrl = endpointUrl;
|
||||
return ep;
|
||||
}
|
||||
}
|
||||
|
||||
throw new InvalidOperationException(
|
||||
$"No endpoint with security mode {mode} found on {endpointUrl}");
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
|
||||
Reference in New Issue
Block a user