Files
lmxopcua/tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests/TestClientSecurity.cs
T
Joseph Doherty de9d9697fd
v2-ci / build (pull_request) Successful in 7m23s
v2-ci / unit-tests (pull_request) Failing after 15m33s
fix(opcuaserver-tests): supply client cert-store paths + adapt to SDK read-throws
OpcUaServer.IntegrationTests was 4F. Two distinct, previously-masked issues:

1. Cert-store gap: the in-test client SecurityConfiguration used a bare
   new SecurityConfiguration()/CertificateIdentifier(), so ValidateAsync threw
   'TrustedIssuerCertificates StorePath must be specified' before any connect.
   Added TestClientSecurity helper building Directory own/issuer/trusted/rejected
   stores under a throwaway temp PKI dir (mirrors DefaultApplicationConfigurationFactory);
   wired into DualEndpointTests + SubscriptionSurvivalTests.

2. Fixing #1 unmasked an SDK-version drift: the 1.5.378 node-cache read path
   throws ServiceResultException(BadNodeIdUnknown) for a removed node instead of
   returning a bad DataValue. The two subscription-survival assertions now expect
   the throw via Should.ThrowAsync. Behavior under test (removed node -> unknown)
   is unchanged; only the delivery mechanism differs.

Suite 4F -> 4/4 green. Integration-sweep follow-up #5.
2026-07-15 03:34:14 -04:00

48 lines
2.2 KiB
C#

using Opc.Ua;
namespace ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests;
/// <summary>
/// Builds the client-side <see cref="SecurityConfiguration"/> the integration tests use to
/// open a real OPC UA session. The SDK's <c>ApplicationConfiguration.ValidateAsync</c> requires
/// the trusted-issuer / trusted-peer / rejected stores to carry an explicit <c>StorePath</c>
/// (it throws <c>TrustedIssuerCertificates StorePath must be specified</c> otherwise), so — unlike
/// a bare <c>new SecurityConfiguration()</c> — each store is rooted at a throwaway PKI directory,
/// mirroring <c>src/Client/.../DefaultApplicationConfigurationFactory.cs</c>.
/// </summary>
internal static class TestClientSecurity
{
/// <summary>Allocates a fresh throwaway client PKI root under the temp directory.</summary>
/// <returns>An absolute path that does not yet exist; the SDK creates the stores under it.</returns>
public static string AllocatePkiRoot() =>
Path.Combine(Path.GetTempPath(), $"otopcua-client-pki-{Guid.NewGuid():N}");
/// <summary>Builds an auto-accepting client security config with Directory stores under <paramref name="pkiRoot"/>.</summary>
/// <param name="pkiRoot">Root directory for the own / issuer / trusted / rejected stores.</param>
/// <returns>A validated-ready <see cref="SecurityConfiguration"/>.</returns>
public static SecurityConfiguration Build(string pkiRoot) => new()
{
ApplicationCertificate = new CertificateIdentifier
{
StoreType = CertificateStoreType.Directory,
StorePath = Path.Combine(pkiRoot, "own"),
},
TrustedIssuerCertificates = new CertificateTrustList
{
StoreType = CertificateStoreType.Directory,
StorePath = Path.Combine(pkiRoot, "issuer"),
},
TrustedPeerCertificates = new CertificateTrustList
{
StoreType = CertificateStoreType.Directory,
StorePath = Path.Combine(pkiRoot, "trusted"),
},
RejectedCertificateStore = new CertificateTrustList
{
StoreType = CertificateStoreType.Directory,
StorePath = Path.Combine(pkiRoot, "rejected"),
},
AutoAcceptUntrustedCertificates = true,
};
}