using ZB.MOM.WW.OtOpcUa.Server.Security; namespace ZB.MOM.WW.OtOpcUa.Server.OpcUa; ///

/// OPC UA transport security profile selector. Controls which ServerSecurityPolicy /// entries the endpoint advertises + which token types the UserTokenPolicies permits. ///

public enum OpcUaSecurityProfile { ///

Anonymous only on SecurityPolicies.None — dev-only, no signing or encryption.

None, ///

/// Basic256Sha256 SignAndEncrypt with UserName and Anonymous token /// policies. Clients must present a valid application certificate + user credentials. ///

Basic256Sha256SignAndEncrypt, } ///

/// OPC UA server endpoint + application-identity configuration. Bound from the /// OpcUaServer section of appsettings.json. PR 17 minimum-viable scope: no LDAP, /// no security profiles beyond None — those wire in alongside a future deployment-policy PR /// that reads from the central config DB instead of appsettings. ///

public sealed class OpcUaServerOptions { public const string SectionName = "OpcUaServer"; ///

/// Fully-qualified endpoint URI clients connect to. Use 0.0.0.0 to bind all /// interfaces; the stack rewrites to the machine's hostname for the returned endpoint /// description at GetEndpoints time. ///

public string EndpointUrl { get; init; } = "opc.tcp://0.0.0.0:4840/OtOpcUa"; ///

Human-readable application name surfaced in the endpoint description.

public string ApplicationName { get; init; } = "OtOpcUa Server"; ///

Stable application URI — must match the subjectAltName of the app cert.

public string ApplicationUri { get; init; } = "urn:OtOpcUa:Server"; ///

/// Directory where the OPC UA stack stores the application certificate + trusted / /// rejected cert folders. Defaults to %ProgramData%\OtOpcUa\pki; the stack /// creates the directory tree on first run and generates a self-signed cert. ///

public string PkiStoreRoot { get; init; } = System.IO.Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), "OtOpcUa", "pki"); ///

/// When true, the stack auto-trusts client certs on first connect. Dev-default = true, /// production deployments should flip this to false and manually trust clients via the /// Admin UI. ///

public bool AutoAcceptUntrustedClientCertificates { get; init; } = true; ///

/// Whether to start the Phase 6.1 Stream C /healthz + /readyz HTTP listener. /// Defaults to true; set false in embedded deployments that don't need HTTP /// (e.g. tests that only exercise the OPC UA surface). ///

public bool HealthEndpointsEnabled { get; init; } = true; ///

/// URL prefix the health endpoints bind to. Default http://localhost:4841/ — loopback /// avoids Windows URL-ACL elevation. Production deployments that need remote probing should /// either reverse-proxy or use http://+:4841/ with netsh urlacl granted. ///

public string HealthEndpointsPrefix { get; init; } = "http://localhost:4841/"; ///

/// Security profile advertised on the endpoint. Default /// preserves the PR 17 endpoint shape; set to /// for production deployments with LDAP-backed UserName auth. ///

public OpcUaSecurityProfile SecurityProfile { get; init; } = OpcUaSecurityProfile.None; ///

/// LDAP binding for UserName token validation. Only consulted when the active /// advertises a UserName token policy. When /// LdapOptions.Enabled = false, UserName token attempts are rejected. ///

public LdapOptions Ldap { get; init; } = new(); }