C++ Based OPC UA Client/Server/PubSub SDK
1.7.9.586
|
This class is a proxy class for access to a ServerConfiguration Object in the server. More...
#include <uaserverconfigurationobject.h>
Public Member Functions | |
UaServerConfigurationObject (UaSession *pSession) | |
Constructs a ServerConfiguraiton object used to access the ServerConfiguraiton object on the server. More... | |
virtual | ~UaServerConfigurationObject () |
Destroys the ServerConfiguraiton object. | |
UaStatus | getCertificateGroups (UaReferenceDescriptions &certificateGroups) |
Returns the list of certificate groups used by the server. More... | |
UaStatus | getSupportedCertificateTypes (const UaNodeId &certificateGroupId, UaNodeIdArray &supportedCertificateTypes) |
Returns the list of certificate types used by the server for a certificate group. More... | |
UaStatus | getSupportedPrivateKeyFormats (UaStringArray &supportedPrivateKeyFormats) |
Returns the list of server supported private key formats. More... | |
UaNodeId | getTrustListObjectNodeId (const UaNodeId &certificateGroupId=UaNodeId()) |
Returns the NodeId of the trust list object used by a server for a certificate group. More... | |
UaStatus | updateCertificate (ServiceSettings &serviceSettings, const UaNodeId &certificateGroupId, const UaNodeId &certificateTypeId, const UaByteString &certificate, const UaByteStringArray &issuerCertificates, const UaString &privateKeyFormat, const UaByteString &privateKey, OpcUa_Boolean &applyChangesRequired) |
Used to to update a Certificate for the Server. More... | |
UaStatus | applyChanges (ServiceSettings &serviceSettings) |
Used to tell the Server to apply any security changes. More... | |
UaStatus | createSigningRequest (ServiceSettings &serviceSettings, const UaNodeId &certificateGroupId, const UaNodeId &certificateTypeId, const UaString &subjectName, OpcUa_Boolean regeneratePrivateKey, const UaByteString &nonce, UaByteString &certificateRequest) |
Used to create a certificate signing request. More... | |
UaStatus | getRejectedList (ServiceSettings &serviceSettings, UaByteStringArray &certificates) |
Used to get the list of Certificates that have been rejected by the Server. More... | |
This class is a proxy class for access to a ServerConfiguration Object in the server.
The ServerConfiguration Object is an instance of the ServerConfigurationType. There is always exactly one instance in the Server AddressSpace. The Object provides security configuration capabilities like updating the server certificate or configuration of the server trust list.
A server may have different application instance certificates and trust lists. The available groups can be requested with getCertificateGroups. The certificate types per group can be requested with getSupportedCertificateTypes.
A server must support at least the DefaultApplicationGroup (OpcUaId_ServerConfiguration_CertificateGroups_DefaultApplicationGroup). The NodeId of the trust list for this group or any other group can be requested with getTrustListObjectNodeId. The trust list can be accessed using the class UaTrustListObject.
The certificates in the rejected list of the server can be requested with getRejectedList. If a certificate from this list or another certificate should be added to the trust list, this can be done through a method of the class UaTrustListObject without the need to transfer the whole trust list.
The configuraiton of the server application instance certificates is done through the methods createSigningRequest, updateCertificate, and applyChanges.
UaClientSdk::UaServerConfigurationObject::UaServerConfigurationObject | ( | UaSession * | pSession | ) |
Constructs a ServerConfiguraiton object used to access the ServerConfiguraiton object on the server.
A UaSession connected to the server must be passed in. The methods on the server require special Client’s user credentials. Therefore it is required to configure the UaSession object with the right user token.
[in] | pSession | The UaSession object used to communicate with the server |
UaStatus UaClientSdk::UaServerConfigurationObject::applyChanges | ( | ServiceSettings & | serviceSettings | ) |
Used to tell the Server to apply any security changes.
This Method should only be called if a previous call to a Method that changed the configuration returns applyChangesRequired=true.
ApplyChanges can have different meanings depending on the Server architecture. In the ideal case it would only require the endpoints to be closed and reopened, however, it may force a complete Server shutdown and restart.
This Method requires that the Client provides credentials with administrative rights on the Server.
[in,out] | serviceSettings | The general service settings like timeout. See ServiceSettings for more details. |
UaStatus UaClientSdk::UaServerConfigurationObject::createSigningRequest | ( | ServiceSettings & | serviceSettings, |
const UaNodeId & | certificateGroupId, | ||
const UaNodeId & | certificateTypeId, | ||
const UaString & | subjectName, | ||
OpcUa_Boolean | regeneratePrivateKey, | ||
const UaByteString & | nonce, | ||
UaByteString & | certificateRequest | ||
) |
Used to create a certificate signing request.
The CreateSigningRequest Method asks the Server to create a PKCS #10 DER encoded Certificate Request that is signed with the Server’s private key. This request can be then used to request a Certificate from a CA that expects requests in this format.
This Method requires that the Client provide credentials with administrative rights on the Server.
[in,out] | serviceSettings | The general service settings like timeout. See ServiceSettings for more details. |
[in] | certificateGroupId | The certificateGroupId parameter allows the caller to specify a Certificate Group that provides context for the request. If null the CertificateManager shall choose DefaultApplicationGroup. |
[in] | certificateTypeId | The type of Certificate being updated. The set of permitted types is specified by the SupportedCertificateTypes property or the ServerConfiguration object. |
[in] | subjectName | The subject name to use in the Certificate Request. If not specified, the SubjectName from the current Certificate is used. |
[in] | regeneratePrivateKey | If TRUE, the Server shall create a new Private Key which it stores until the matching signed Certificate is uploaded with the UpdateCertificate Method. If FALSE, the Server uses its existing Private Key. |
[in] | nonce | Additional entropy which the caller shall provide if regeneratePrivateKey is TRUE. It must be at least 32 bytes long. |
[out] | certificateRequest | The PKCS #10 DER encoded Certificate Request. |
UaStatus UaClientSdk::UaServerConfigurationObject::getCertificateGroups | ( | UaReferenceDescriptions & | certificateGroups | ) |
Returns the list of certificate groups used by the server.
The main default certificate group is called DefaultApplicationGroup. Other default groups are DefaultHttpsGroup or DefaultUserTokenGroup.
UaStatus UaClientSdk::UaServerConfigurationObject::getRejectedList | ( | ServiceSettings & | serviceSettings, |
UaByteStringArray & | certificates | ||
) |
Used to get the list of Certificates that have been rejected by the Server.
No rules are defined for how the Server updates this list or how long a Certificate is kept in the list. It is recommended that every valid but untrusted Certificate be added to the rejected list as long as storage is available. Servers will omit older entries from the list returned if the maximum message size is not large enough to allow the entire list to be returned.
This Method requires that the Client provides credentials with administrative rights on the Server.
[in,out] | serviceSettings | The general service settings like timeout. See ServiceSettings for more details. |
[out] | certificates | The DER encoded form of the Certificates rejected by the Server. |
UaStatus UaClientSdk::UaServerConfigurationObject::getSupportedCertificateTypes | ( | const UaNodeId & | certificateGroupId, |
UaNodeIdArray & | supportedCertificateTypes | ||
) |
Returns the list of certificate types used by the server for a certificate group.
The SupportedCertificateTypes specify the number and purpose of the certificates used by the Server for a certificate gorup. Every Server must have at least one certificat group called DefaultApplicationGroup with at least one entry which is a subtype of ApplicationCertificateType which refers to the ApplicationInstance Certificate.
The main default certificate group is called DefaultApplicationGroup. Other default groups are DefaultHttpsGroup or DefaultUserTokenGroup. See getCertificateGroups for getting the available groups from the server.
If the Server supports HTTPS, it must have one entry in the DefaultHttpsGroup which is HttpsCertificateType that refers to the HTTPS Certificate.
[in] | certificateGroupId | The NodeId of the certificate group. If a null NodeId is passed in, the DefaultApplicationGroup is used |
[out] | supportedCertificateTypes | Server certificate types |
UaStatus UaClientSdk::UaServerConfigurationObject::getSupportedPrivateKeyFormats | ( | UaStringArray & | supportedPrivateKeyFormats | ) |
Returns the list of server supported private key formats.
Possible values include PEM (see RFC 5958) or PFX (see PKCS #12).
[out] | supportedPrivateKeyFormats | Server supported private key formats |
UaNodeId UaClientSdk::UaServerConfigurationObject::getTrustListObjectNodeId | ( | const UaNodeId & | certificateGroupId = UaNodeId() | ) |
Returns the NodeId of the trust list object used by a server for a certificate group.
The main default certificat group is called DefaultApplicationGroup. Other default groups are DefaultHttpsGroup or DefaultUserTokenGroup. See getCertificateGroups for getting the available groups from the server.
This NodeId is passed in to different trust list related access methods like UaClientSdk::UaTrustListObject::readTrustList() or UaClientSdk::UaTrustListObject::writeTrustList().
[in] | certificateGroupId | The NodeId of the certificate group. If a null NodeId is passed in, the DefaultApplicationGroup is used |
UaStatus UaClientSdk::UaServerConfigurationObject::updateCertificate | ( | ServiceSettings & | serviceSettings, |
const UaNodeId & | certificateGroupId, | ||
const UaNodeId & | certificateTypeId, | ||
const UaByteString & | certificate, | ||
const UaByteStringArray & | issuerCertificates, | ||
const UaString & | privateKeyFormat, | ||
const UaByteString & | privateKey, | ||
OpcUa_Boolean & | applyChangesRequired | ||
) |
Used to to update a Certificate for the Server.
There are the following three use cases for this Method.
This Method requires that the Client provides credentials with administrative rights on the Server.
[in,out] | serviceSettings | The general service settings like timeout. See ServiceSettings for more details. |
[in] | certificateGroupId | The certificateGroupId parameter allows the caller to specify a Certificate Group that provides context for the request. |
[in] | certificateTypeId | The type of Certificate being updated. The set of permitted types is specified by the SupportedCertificateTypes property or the ServerConfiguration object. |
[in] | certificate | The DER encoded Certificate which replaces the existing Certificate. |
[in] | issuerCertificates | The issuer Certificates needed to verify the signature on the new Certificate. |
[in] | privateKeyFormat | The format of the Private Key (PEM or PFX). If the privateKey is not specified, the privateKeyFormat is null or empty. |
[in] | privateKey | The Private Key encoded in the privateKeyFormat. If the privateKey is not specified, the privateKey is null or empty. |
[out] | applyChangesRequired | Indicates that the ApplyChanges Method must be called before the new Certificate will be used. |