fix(opcuaserver-tests): supply client cert-store paths + adapt to SDK read-throws
OpcUaServer.IntegrationTests was 4F. Two distinct, previously-masked issues: 1. Cert-store gap: the in-test client SecurityConfiguration used a bare new SecurityConfiguration()/CertificateIdentifier(), so ValidateAsync threw 'TrustedIssuerCertificates StorePath must be specified' before any connect. Added TestClientSecurity helper building Directory own/issuer/trusted/rejected stores under a throwaway temp PKI dir (mirrors DefaultApplicationConfigurationFactory); wired into DualEndpointTests + SubscriptionSurvivalTests. 2. Fixing #1 unmasked an SDK-version drift: the 1.5.378 node-cache read path throws ServiceResultException(BadNodeIdUnknown) for a removed node instead of returning a bad DataValue. The two subscription-survival assertions now expect the throw via Should.ThrowAsync. Behavior under test (removed node -> unknown) is unchanged; only the delivery mechanism differs. Suite 4F -> 4/4 green. Integration-sweep follow-up #5.
This commit is contained in:
@@ -72,40 +72,44 @@ public sealed class DualEndpointTests
|
||||
// SDK 1.5.374 sync-style session-open path — mirrors src/Client/.../DefaultSessionFactory.cs
|
||||
// and DefaultApplicationConfigurationFactory.cs. The 1.5.378 telemetry/async overloads are
|
||||
// not available at this pinned version.
|
||||
var appConfig = new ApplicationConfiguration
|
||||
var clientPki = TestClientSecurity.AllocatePkiRoot();
|
||||
try
|
||||
{
|
||||
ApplicationName = "OtOpcUa.DualEndpointClient",
|
||||
ApplicationUri = $"urn:OtOpcUa.DualEndpointClient.{Guid.NewGuid():N}",
|
||||
ApplicationType = ApplicationType.Client,
|
||||
SecurityConfiguration = new SecurityConfiguration
|
||||
var appConfig = new ApplicationConfiguration
|
||||
{
|
||||
ApplicationCertificate = new CertificateIdentifier(),
|
||||
AutoAcceptUntrustedCertificates = true,
|
||||
},
|
||||
ClientConfiguration = new ClientConfiguration { DefaultSessionTimeout = 60_000 },
|
||||
};
|
||||
await appConfig.ValidateAsync(ApplicationType.Client, default);
|
||||
appConfig.CertificateValidator.CertificateValidation += (_, e) => e.Accept = true;
|
||||
ApplicationName = "OtOpcUa.DualEndpointClient",
|
||||
ApplicationUri = $"urn:OtOpcUa.DualEndpointClient.{Guid.NewGuid():N}",
|
||||
ApplicationType = ApplicationType.Client,
|
||||
SecurityConfiguration = TestClientSecurity.Build(clientPki),
|
||||
ClientConfiguration = new ClientConfiguration { DefaultSessionTimeout = 60_000 },
|
||||
};
|
||||
await appConfig.ValidateAsync(ApplicationType.Client, default);
|
||||
appConfig.CertificateValidator.CertificateValidation += (_, e) => e.Accept = true;
|
||||
|
||||
// 1.5.378: the discovery/session/read client surface moved to async.
|
||||
var endpoint = await CoreClientUtils.SelectEndpointAsync(
|
||||
appConfig, endpointUrl, false, DefaultTelemetry.Create(_ => { }), default);
|
||||
var endpointConfiguration = EndpointConfiguration.Create(appConfig);
|
||||
var configuredEndpoint = new ConfiguredEndpoint(null, endpoint, endpointConfiguration);
|
||||
// 1.5.378: the discovery/session/read client surface moved to async.
|
||||
var endpoint = await CoreClientUtils.SelectEndpointAsync(
|
||||
appConfig, endpointUrl, false, DefaultTelemetry.Create(_ => { }), default);
|
||||
var endpointConfiguration = EndpointConfiguration.Create(appConfig);
|
||||
var configuredEndpoint = new ConfiguredEndpoint(null, endpoint, endpointConfiguration);
|
||||
|
||||
using var session = await new DefaultSessionFactory(DefaultTelemetry.Create(_ => { })).CreateAsync(
|
||||
appConfig,
|
||||
configuredEndpoint,
|
||||
updateBeforeConnect: false,
|
||||
checkDomain: false,
|
||||
sessionName: "DualEndpointTests",
|
||||
sessionTimeout: 60_000,
|
||||
identity: new UserIdentity(new AnonymousIdentityToken()),
|
||||
preferredLocales: null,
|
||||
ct: default);
|
||||
using var session = await new DefaultSessionFactory(DefaultTelemetry.Create(_ => { })).CreateAsync(
|
||||
appConfig,
|
||||
configuredEndpoint,
|
||||
updateBeforeConnect: false,
|
||||
checkDomain: false,
|
||||
sessionName: "DualEndpointTests",
|
||||
sessionTimeout: 60_000,
|
||||
identity: new UserIdentity(new AnonymousIdentityToken()),
|
||||
preferredLocales: null,
|
||||
ct: default);
|
||||
|
||||
var value = await session.ReadValueAsync(VariableIds.Server_ServerArray, default);
|
||||
return (string[])value.Value;
|
||||
var value = await session.ReadValueAsync(VariableIds.Server_ServerArray, default);
|
||||
return (string[])value.Value;
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (Directory.Exists(clientPki)) Directory.Delete(clientPki, recursive: true);
|
||||
}
|
||||
}
|
||||
|
||||
private static int AllocateFreePort()
|
||||
|
||||
+13
-10
@@ -215,9 +215,11 @@ public sealed class SubscriptionSurvivalTests
|
||||
sink.WriteValue(nodeIdAString, 11, Commons.OpcUa.OpcUaQuality.Good, DateTime.UtcNow);
|
||||
await WaitUntilAsync(() => { lock (gate) return receivedA.Any(v => Equals(v.Value, 11)); }, TimeSpan.FromSeconds(5));
|
||||
|
||||
// B is gone: a re-read returns BadNodeIdUnknown.
|
||||
var bRead = await session.ReadValueAsync(nodeIdB, ct);
|
||||
bRead.StatusCode.ShouldBe((StatusCode)StatusCodes.BadNodeIdUnknown);
|
||||
// B is gone: a re-read surfaces BadNodeIdUnknown. The 1.5.378 node-cache read path
|
||||
// throws ServiceResultException for an unknown node rather than returning a bad DataValue.
|
||||
var bReadEx = await Should.ThrowAsync<ServiceResultException>(
|
||||
async () => await session.ReadValueAsync(nodeIdB, ct));
|
||||
bReadEx.StatusCode.ShouldBe(StatusCodes.BadNodeIdUnknown);
|
||||
}
|
||||
finally
|
||||
{
|
||||
@@ -296,9 +298,11 @@ public sealed class SubscriptionSurvivalTests
|
||||
sink.WriteValue(nodeIdAString, 11, Commons.OpcUa.OpcUaQuality.Good, DateTime.UtcNow);
|
||||
await WaitUntilAsync(() => { lock (gate) return receivedA.Any(v => Equals(v.Value, 11)); }, TimeSpan.FromSeconds(5));
|
||||
|
||||
// B is gone.
|
||||
// B is gone. (1.5.378 node-cache read throws for an unknown node — see above.)
|
||||
var nodeIdB = new NodeId(Commons.OpcUa.EquipmentNodeIds.Variable("eq-1", "", "B"), ns);
|
||||
(await session.ReadValueAsync(nodeIdB, ct)).StatusCode.ShouldBe((StatusCode)StatusCodes.BadNodeIdUnknown);
|
||||
var bReadEx = await Should.ThrowAsync<ServiceResultException>(
|
||||
async () => await session.ReadValueAsync(nodeIdB, ct));
|
||||
bReadEx.StatusCode.ShouldBe(StatusCodes.BadNodeIdUnknown);
|
||||
|
||||
// C is browsable + readable.
|
||||
var nodeIdC = new NodeId(Commons.OpcUa.EquipmentNodeIds.Variable("eq-1", "", "C"), ns);
|
||||
@@ -331,11 +335,10 @@ public sealed class SubscriptionSurvivalTests
|
||||
ApplicationName = "OtOpcUa.SubscriptionSurvivalClient",
|
||||
ApplicationUri = $"urn:OtOpcUa.SubscriptionSurvivalClient.{Guid.NewGuid():N}",
|
||||
ApplicationType = ApplicationType.Client,
|
||||
SecurityConfiguration = new SecurityConfiguration
|
||||
{
|
||||
ApplicationCertificate = new CertificateIdentifier(),
|
||||
AutoAcceptUntrustedCertificates = true,
|
||||
},
|
||||
// Directory cert stores rooted at a throwaway temp PKI dir — ValidateAsync rejects a
|
||||
// bare SecurityConfiguration ("TrustedIssuerCertificates StorePath must be specified").
|
||||
// The returned session outlives this method, so the dir is left for the OS temp sweep.
|
||||
SecurityConfiguration = TestClientSecurity.Build(TestClientSecurity.AllocatePkiRoot()),
|
||||
ClientConfiguration = new ClientConfiguration { DefaultSessionTimeout = 60_000 },
|
||||
};
|
||||
await appConfig.ValidateAsync(ApplicationType.Client, ct);
|
||||
|
||||
@@ -0,0 +1,47 @@
|
||||
using Opc.Ua;
|
||||
|
||||
namespace ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests;
|
||||
|
||||
/// <summary>
|
||||
/// Builds the client-side <see cref="SecurityConfiguration"/> the integration tests use to
|
||||
/// open a real OPC UA session. The SDK's <c>ApplicationConfiguration.ValidateAsync</c> requires
|
||||
/// the trusted-issuer / trusted-peer / rejected stores to carry an explicit <c>StorePath</c>
|
||||
/// (it throws <c>TrustedIssuerCertificates StorePath must be specified</c> otherwise), so — unlike
|
||||
/// a bare <c>new SecurityConfiguration()</c> — each store is rooted at a throwaway PKI directory,
|
||||
/// mirroring <c>src/Client/.../DefaultApplicationConfigurationFactory.cs</c>.
|
||||
/// </summary>
|
||||
internal static class TestClientSecurity
|
||||
{
|
||||
/// <summary>Allocates a fresh throwaway client PKI root under the temp directory.</summary>
|
||||
/// <returns>An absolute path that does not yet exist; the SDK creates the stores under it.</returns>
|
||||
public static string AllocatePkiRoot() =>
|
||||
Path.Combine(Path.GetTempPath(), $"otopcua-client-pki-{Guid.NewGuid():N}");
|
||||
|
||||
/// <summary>Builds an auto-accepting client security config with Directory stores under <paramref name="pkiRoot"/>.</summary>
|
||||
/// <param name="pkiRoot">Root directory for the own / issuer / trusted / rejected stores.</param>
|
||||
/// <returns>A validated-ready <see cref="SecurityConfiguration"/>.</returns>
|
||||
public static SecurityConfiguration Build(string pkiRoot) => new()
|
||||
{
|
||||
ApplicationCertificate = new CertificateIdentifier
|
||||
{
|
||||
StoreType = CertificateStoreType.Directory,
|
||||
StorePath = Path.Combine(pkiRoot, "own"),
|
||||
},
|
||||
TrustedIssuerCertificates = new CertificateTrustList
|
||||
{
|
||||
StoreType = CertificateStoreType.Directory,
|
||||
StorePath = Path.Combine(pkiRoot, "issuer"),
|
||||
},
|
||||
TrustedPeerCertificates = new CertificateTrustList
|
||||
{
|
||||
StoreType = CertificateStoreType.Directory,
|
||||
StorePath = Path.Combine(pkiRoot, "trusted"),
|
||||
},
|
||||
RejectedCertificateStore = new CertificateTrustList
|
||||
{
|
||||
StoreType = CertificateStoreType.Directory,
|
||||
StorePath = Path.Combine(pkiRoot, "rejected"),
|
||||
},
|
||||
AutoAcceptUntrustedCertificates = true,
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user