using System.Collections.Generic; namespace ZB.MOM.WW.OtOpcUa.Host.Configuration { ///

/// Transport security settings that control which OPC UA security profiles the server exposes and how client /// certificates are handled. ///

public class SecurityProfileConfiguration { ///

/// Gets or sets the list of security profile names to expose as server endpoints. /// Valid values: "None", "Basic256Sha256-Sign", "Basic256Sha256-SignAndEncrypt". /// Defaults to ["None"] for backward compatibility. ///

public List Profiles { get; set; } = new() { "None" }; ///

/// Gets or sets a value indicating whether the server automatically accepts client certificates /// that are not in the trusted store. Should be in production. ///

public bool AutoAcceptClientCertificates { get; set; } = true; ///

/// Gets or sets a value indicating whether client certificates signed with SHA-1 are rejected. ///

public bool RejectSHA1Certificates { get; set; } = true; ///

/// Gets or sets the minimum RSA key size required for client certificates. ///

public int MinimumCertificateKeySize { get; set; } = 2048; ///

/// Gets or sets an optional override for the PKI root directory. /// When , defaults to %LOCALAPPDATA%\OPC Foundation\pki. ///

public string? PkiRootPath { get; set; } ///

/// Gets or sets an optional override for the server certificate subject name. /// When , defaults to CN={ServerName}, O=ZB MOM, DC=localhost. ///

public string? CertificateSubject { get; set; } ///

/// Gets or sets the lifetime of the auto-generated server certificate in months. /// Defaults to 60 months (5 years). ///

public int CertificateLifetimeMonths { get; set; } = 60; } }