Add configurable transport security profiles and bind address

Adds Security section to appsettings.json with configurable OPC UA transport profiles (None, Basic256Sha256-Sign, Basic256Sha256-SignAndEncrypt), certificate policy settings, and a configurable BindAddress for the OPC UA endpoint. Defaults preserve backward compatibility. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 15:59:43 -04:00
parent bbd043e97b
commit 55173665b1
28 changed files with 1092 additions and 87 deletions
--- a/tools/opcuacli-dotnet/Commands/AlarmsCommand.cs
+++ b/tools/opcuacli-dotnet/Commands/AlarmsCommand.cs
@@ -21,6 +21,9 @@ public class AlarmsCommand : ICommand
    [CommandOption("password", 'P', Description = "Password for authentication")]
    public string? Password { get; init; }

+    [CommandOption("security", 'S', Description = "Transport security: none, sign, encrypt (default: none)")]
+    public string Security { get; init; } = "none";
+
    /// <summary>
    /// Gets the node to subscribe to for event notifications, typically a source object or the server node.
    /// </summary>
@@ -45,7 +48,7 @@ public class AlarmsCommand : ICommand
    /// <param name="console">The CLI console used for cancellation and alarm-event output.</param>
    public async ValueTask ExecuteAsync(IConsole console)
    {
-        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
+        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password, Security);

        var nodeId = string.IsNullOrEmpty(NodeId)
            ? ObjectIds.Server
--- a/tools/opcuacli-dotnet/Commands/BrowseCommand.cs
+++ b/tools/opcuacli-dotnet/Commands/BrowseCommand.cs
@@ -21,6 +21,9 @@ public class BrowseCommand : ICommand
    [CommandOption("password", 'P', Description = "Password for authentication")]
    public string? Password { get; init; }

+    [CommandOption("security", 'S', Description = "Transport security: none, sign, encrypt (default: none)")]
+    public string Security { get; init; } = "none";
+
    /// <summary>
    /// Gets the optional node identifier to browse from; defaults to the OPC UA Objects folder.
    /// </summary>
@@ -45,7 +48,7 @@ public class BrowseCommand : ICommand
    /// <param name="console">The console used to emit browse output.</param>
    public async ValueTask ExecuteAsync(IConsole console)
    {
-        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
+        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password, Security);

        var startNode = string.IsNullOrEmpty(NodeId)
            ? ObjectIds.ObjectsFolder
--- a/tools/opcuacli-dotnet/Commands/ConnectCommand.cs
+++ b/tools/opcuacli-dotnet/Commands/ConnectCommand.cs
@@ -19,13 +19,16 @@ public class ConnectCommand : ICommand
    [CommandOption("password", 'P', Description = "Password for authentication")]
    public string? Password { get; init; }

+    [CommandOption("security", 'S', Description = "Transport security: none, sign, encrypt (default: none)")]
+    public string Security { get; init; } = "none";
+
    /// <summary>
    /// Connects to the OPC UA endpoint and prints the resolved server metadata.
    /// </summary>
    /// <param name="console">The console used to report connection results.</param>
    public async ValueTask ExecuteAsync(IConsole console)
    {
-        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
+        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password, Security);
        await console.Output.WriteLineAsync($"Connected to: {session.Endpoint.EndpointUrl}");
        await console.Output.WriteLineAsync($"Server: {session.Endpoint.Server!.ApplicationName}");
        await console.Output.WriteLineAsync($"Security Mode: {session.Endpoint.SecurityMode}");
--- a/tools/opcuacli-dotnet/Commands/HistoryReadCommand.cs
+++ b/tools/opcuacli-dotnet/Commands/HistoryReadCommand.cs
@@ -21,6 +21,9 @@ public class HistoryReadCommand : ICommand
    [CommandOption("password", 'P', Description = "Password for authentication")]
    public string? Password { get; init; }

+    [CommandOption("security", 'S', Description = "Transport security: none, sign, encrypt (default: none)")]
+    public string Security { get; init; } = "none";
+
    /// <summary>
    /// Gets the node identifier for the historized variable to query.
    /// </summary>
@@ -63,7 +66,7 @@ public class HistoryReadCommand : ICommand
    /// <param name="console">The CLI console used for output, errors, and cancellation handling.</param>
    public async ValueTask ExecuteAsync(IConsole console)
    {
-        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
+        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password, Security);

        var nodeId = new NodeId(NodeId);
        var start = string.IsNullOrEmpty(StartTime) ? DateTime.UtcNow.AddHours(-24) : DateTime.Parse(StartTime).ToUniversalTime();
--- a/tools/opcuacli-dotnet/Commands/ReadCommand.cs
+++ b/tools/opcuacli-dotnet/Commands/ReadCommand.cs
@@ -21,6 +21,9 @@ public class ReadCommand : ICommand
    [CommandOption("password", 'P', Description = "Password for authentication")]
    public string? Password { get; init; }

+    [CommandOption("security", 'S', Description = "Transport security: none, sign, encrypt (default: none)")]
+    public string Security { get; init; } = "none";
+
    /// <summary>
    /// Gets the node identifier whose value should be read.
    /// </summary>
@@ -33,7 +36,7 @@ public class ReadCommand : ICommand
    /// <param name="console">The console used to report the read result.</param>
    public async ValueTask ExecuteAsync(IConsole console)
    {
-        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
+        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password, Security);

        var node = new NodeId(NodeId);
        var value = await session.ReadValueAsync(node);
--- a/tools/opcuacli-dotnet/Commands/SubscribeCommand.cs
+++ b/tools/opcuacli-dotnet/Commands/SubscribeCommand.cs
@@ -21,6 +21,9 @@ public class SubscribeCommand : ICommand
    [CommandOption("password", 'P', Description = "Password for authentication")]
    public string? Password { get; init; }

+    [CommandOption("security", 'S', Description = "Transport security: none, sign, encrypt (default: none)")]
+    public string Security { get; init; } = "none";
+
    /// <summary>
    /// Gets the node identifier to monitor for value changes.
    /// </summary>
@@ -39,7 +42,7 @@ public class SubscribeCommand : ICommand
    /// <param name="console">The console used to display subscription updates.</param>
    public async ValueTask ExecuteAsync(IConsole console)
    {
-        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
+        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password, Security);

        var subscription = new Subscription(session.DefaultSubscription)
        {
--- a/tools/opcuacli-dotnet/Commands/WriteCommand.cs
+++ b/tools/opcuacli-dotnet/Commands/WriteCommand.cs
@@ -21,6 +21,9 @@ public class WriteCommand : ICommand
    [CommandOption("password", 'P', Description = "Password for authentication")]
    public string? Password { get; init; }

+    [CommandOption("security", 'S', Description = "Transport security: none, sign, encrypt (default: none)")]
+    public string Security { get; init; } = "none";
+
    /// <summary>
    /// Gets the node identifier that should receive the write.
    /// </summary>
@@ -39,7 +42,7 @@ public class WriteCommand : ICommand
    /// <param name="console">The console used to report the write result.</param>
    public async ValueTask ExecuteAsync(IConsole console)
    {
-        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
+        using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password, Security);

        var node = new NodeId(NodeId);
        var current = await session.ReadValueAsync(node);