3b2defd94f
Renames all 11 projects (5 src + 6 tests), the .slnx solution file, all source-file namespaces, all axaml namespace references, and all v1 documentation references in CLAUDE.md and docs/*.md (excluding docs/v2/ which is already in OtOpcUa form). Also updates the TopShelf service registration name from "LmxOpcUa" to "OtOpcUa" per Phase 0 Task 0.6.
Preserves runtime identifiers per Phase 0 Out-of-Scope rules to avoid breaking v1/v2 client trust during coexistence: OPC UA `ApplicationUri` defaults (`urn:{GalaxyName}:LmxOpcUa`), server `EndpointPath` (`/LmxOpcUa`), `ServerName` default (feeds cert subject CN), `MxAccessConfiguration.ClientName` default (defensive — stays "LmxOpcUa" for MxAccess audit-trail consistency), client OPC UA identifiers (`ApplicationName = "LmxOpcUaClient"`, `ApplicationUri = "urn:localhost:LmxOpcUaClient"`, cert directory `%LocalAppData%\LmxOpcUaClient\pki\`), and the `LmxOpcUaServer` class name (class rename out of Phase 0 scope per Task 0.5 sed pattern; happens in Phase 1 alongside `LmxNodeManager → GenericDriverNodeManager` Core extraction). 23 LmxOpcUa references retained, all enumerated and justified in `docs/v2/implementation/exit-gate-phase-0.md`.
Build clean: 0 errors, 30 warnings (lower than baseline 167). Tests at strict improvement over baseline: 821 passing / 1 failing vs baseline 820 / 2 (one flaky pre-existing failure passed this run; the other still fails — both pre-existing and unrelated to the rename). `Client.UI.Tests`, `Historian.Aveva.Tests`, `Client.Shared.Tests`, `IntegrationTests` all match baseline exactly. Exit gate compliance results recorded in `docs/v2/implementation/exit-gate-phase-0.md` with all 7 checks PASS or DEFERRED-to-PR-review (#7 service install verification needs Windows service permissions on the reviewer's box).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
52 lines
2.2 KiB
C#
52 lines
2.2 KiB
C#
using System.Collections.Generic;
|
|
|
|
namespace ZB.MOM.WW.OtOpcUa.Host.Configuration
|
|
{
|
|
/// <summary>
|
|
/// Transport security settings that control which OPC UA security profiles the server exposes and how client
|
|
/// certificates are handled.
|
|
/// </summary>
|
|
public class SecurityProfileConfiguration
|
|
{
|
|
/// <summary>
|
|
/// Gets or sets the list of security profile names to expose as server endpoints.
|
|
/// Valid values: "None", "Basic256Sha256-Sign", "Basic256Sha256-SignAndEncrypt".
|
|
/// Defaults to ["None"] for backward compatibility.
|
|
/// </summary>
|
|
public List<string> Profiles { get; set; } = new() { "None" };
|
|
|
|
/// <summary>
|
|
/// Gets or sets a value indicating whether the server automatically accepts client certificates
|
|
/// that are not in the trusted store. Should be <see langword="false" /> in production.
|
|
/// </summary>
|
|
public bool AutoAcceptClientCertificates { get; set; } = true;
|
|
|
|
/// <summary>
|
|
/// Gets or sets a value indicating whether client certificates signed with SHA-1 are rejected.
|
|
/// </summary>
|
|
public bool RejectSHA1Certificates { get; set; } = true;
|
|
|
|
/// <summary>
|
|
/// Gets or sets the minimum RSA key size required for client certificates.
|
|
/// </summary>
|
|
public int MinimumCertificateKeySize { get; set; } = 2048;
|
|
|
|
/// <summary>
|
|
/// Gets or sets an optional override for the PKI root directory.
|
|
/// When <see langword="null" />, defaults to <c>%LOCALAPPDATA%\OPC Foundation\pki</c>.
|
|
/// </summary>
|
|
public string? PkiRootPath { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets an optional override for the server certificate subject name.
|
|
/// When <see langword="null" />, defaults to <c>CN={ServerName}, O=ZB MOM, DC=localhost</c>.
|
|
/// </summary>
|
|
public string? CertificateSubject { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets the lifetime of the auto-generated server certificate in months.
|
|
/// Defaults to 60 months (5 years).
|
|
/// </summary>
|
|
public int CertificateLifetimeMonths { get; set; } = 60;
|
|
}
|
|
} |