search

OPCFoundation / UA-.NETStandard

OPC Unified Architecture .NET Standard
Other
1.94k stars 942 forks source link

[Server] update endpoint descriptions after certificate update #2735

Open romanett opened 1 month ago

romanett commented 1 month ago

Proposed changes

Update the Server Endpoint Descriptions after certificate update e.g. from a GDS Push. Until this PR this needed a resart.

Confirmed working with the Discovery client and this code:

var endpoint = DiscoveryClient.Create(new Uri("opc.tcp://localhost:62541/Quickstarts/ReferenceServer"))
                .GetEndpoints(null)
                .First(endpoint => endpoint.ServerCertificate != null);

X509Certificate2 endpointCertificate = Utils.ParseCertificateBlob(endpoint.ServerCertificate);

Related Issues

Types of changes

Checklist

Further comments

codecov[bot] commented 1 month ago

Codecov Report

Attention: Patch coverage is 81.42857% with 13 lines in your changes missing coverage. Please review.

Project coverage is 54.66%. Comparing base (cf2e788) to head (b98517b).

Files with missing lines Patch % Lines
...ndings.Https/Stack/Https/HttpsTransportListener.cs 0.00% 7 Missing :warning:
Stack/Opc.Ua.Core/Stack/Server/ServerBase.cs 89.47% 2 Missing and 2 partials :warning:
Stack/Opc.Ua.Core/Types/Utils/Utils.cs 81.81% 1 Missing and 1 partial :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #2735 +/- ## ========================================== - Coverage 55.04% 54.66% -0.39% ========================================== Files 349 349 Lines 65697 65673 -24 Branches 13441 13428 -13 ========================================== - Hits 36162 35899 -263 - Misses 25688 25875 +187 - Partials 3847 3899 +52 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

mregen commented 4 weeks ago

There are a few helper defined already, e.g. in CertificateIdentifier.ParseBlob and CertificateIdentifier.CreateBlob, just as an example for the API. There is also Utils.ParseCertificateChainBlob() and Utils.ParseCertificateBlob(), you could provide a generic function to create a blob. The CertificateIdentifier Parse/Create code is not used much afaik (maybe in a GDS app?) and can be marked obsolete and removed in a while.

mregen commented 4 weeks ago

Please check also the CertificateUpdate methods in HttpsTransportListenerand TcpTransportListener. The way the descriptions are updated also seems not quite right?

romanett commented 3 weeks ago

There are a few helper defined already, e.g. in CertificateIdentifier.ParseBlob and CertificateIdentifier.CreateBlob, just as an example for the API. There is also Utils.ParseCertificateChainBlob() and Utils.ParseCertificateBlob(), you could provide a generic function to create a blob. The CertificateIdentifier Parse/Create code is not used much afaik (maybe in a GDS app?) and can be marked obsolete and removed in a while.

I could not find any usage of CertificateIdentified ParseBlob /CreateBlob. I will mark them obsolete and instead point to Utils. ParseCertificateChainBlob() / create Utils.CreateCertificateChainBlob

romanett commented 3 weeks ago

Please check also the CertificateUpdate methods in HttpsTransportListenerand TcpTransportListener. The way the descriptions are updated also seems not quite right?

On startup the CertificateChain is Initialized always to the full chain, only on certificate update an empty CertificateChain is constructed. I will switch to this to ensure consistent behaviour of the property also after certificate update.

Why does Session have a Property ServerCertificateChain that is never actually initialized with the ServerCertificateChain, can it be removed?