using Opc.Ua; namespace ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests; /// /// Builds the client-side the integration tests use to /// open a real OPC UA session. The SDK's ApplicationConfiguration.ValidateAsync requires /// the trusted-issuer / trusted-peer / rejected stores to carry an explicit StorePath /// (it throws TrustedIssuerCertificates StorePath must be specified otherwise), so — unlike /// a bare new SecurityConfiguration() — each store is rooted at a throwaway PKI directory, /// mirroring src/Client/.../DefaultApplicationConfigurationFactory.cs. /// internal static class TestClientSecurity { /// Allocates a fresh throwaway client PKI root under the temp directory. /// An absolute path that does not yet exist; the SDK creates the stores under it. public static string AllocatePkiRoot() => Path.Combine(Path.GetTempPath(), $"otopcua-client-pki-{Guid.NewGuid():N}"); /// Builds an auto-accepting client security config with Directory stores under . /// Root directory for the own / issuer / trusted / rejected stores. /// A validated-ready . public static SecurityConfiguration Build(string pkiRoot) => new() { ApplicationCertificate = new CertificateIdentifier { StoreType = CertificateStoreType.Directory, StorePath = Path.Combine(pkiRoot, "own"), }, TrustedIssuerCertificates = new CertificateTrustList { StoreType = CertificateStoreType.Directory, StorePath = Path.Combine(pkiRoot, "issuer"), }, TrustedPeerCertificates = new CertificateTrustList { StoreType = CertificateStoreType.Directory, StorePath = Path.Combine(pkiRoot, "trusted"), }, RejectedCertificateStore = new CertificateTrustList { StoreType = CertificateStoreType.Directory, StorePath = Path.Combine(pkiRoot, "rejected"), }, AutoAcceptUntrustedCertificates = true, }; }