using Opc.Ua;
namespace ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests;
///
/// Builds the client-side the integration tests use to
/// open a real OPC UA session. The SDK's ApplicationConfiguration.ValidateAsync requires
/// the trusted-issuer / trusted-peer / rejected stores to carry an explicit StorePath
/// (it throws TrustedIssuerCertificates StorePath must be specified otherwise), so — unlike
/// a bare new SecurityConfiguration() — each store is rooted at a throwaway PKI directory,
/// mirroring src/Client/.../DefaultApplicationConfigurationFactory.cs.
///
internal static class TestClientSecurity
{
/// Allocates a fresh throwaway client PKI root under the temp directory.
/// An absolute path that does not yet exist; the SDK creates the stores under it.
public static string AllocatePkiRoot() =>
Path.Combine(Path.GetTempPath(), $"otopcua-client-pki-{Guid.NewGuid():N}");
/// Builds an auto-accepting client security config with Directory stores under .
/// Root directory for the own / issuer / trusted / rejected stores.
/// A validated-ready .
public static SecurityConfiguration Build(string pkiRoot) => new()
{
ApplicationCertificate = new CertificateIdentifier
{
StoreType = CertificateStoreType.Directory,
StorePath = Path.Combine(pkiRoot, "own"),
},
TrustedIssuerCertificates = new CertificateTrustList
{
StoreType = CertificateStoreType.Directory,
StorePath = Path.Combine(pkiRoot, "issuer"),
},
TrustedPeerCertificates = new CertificateTrustList
{
StoreType = CertificateStoreType.Directory,
StorePath = Path.Combine(pkiRoot, "trusted"),
},
RejectedCertificateStore = new CertificateTrustList
{
StoreType = CertificateStoreType.Directory,
StorePath = Path.Combine(pkiRoot, "rejected"),
},
AutoAcceptUntrustedCertificates = true,
};
}