.NET Based OPC UA Client/Server SDK
3.0.6.477
|
The interface for methods implemented on the ServerConfigurationModel object. More...
Inherited by UnifiedAutomation.UaServer.ServerManager.
Public Member Functions | |
StatusCode | ApplyChanges (RequestContext context, ServerConfigurationModel model) |
Used to tell the Server to apply any security changes. More... | |
StatusCode | CreateSigningRequest (RequestContext context, ServerConfigurationModel model, NodeId CertificateGroupId, NodeId CertificateTypeId, string SubjectName, bool RegeneratePrivateKey, byte[] Nonce, out byte[] CertificateRequest) |
Asks the Server to create a PKCS#10 DER encoded certificate request that is signed with the Server’s private key. More... | |
StatusCode | GetRejectedList (RequestContext context, ServerConfigurationModel model, out byte[][] Certificates) |
Returns the list of Certificates that have been rejected by the Server. More... | |
StatusCode | UpdateCertificate (RequestContext context, ServerConfigurationModel model, NodeId CertificateGroupId, NodeId CertificateTypeId, byte[] Certificate, byte[][] IssuerCertificates, string PrivateKeyFormat, byte[] PrivateKey, out bool ApplyChangesRequired) |
Used to update a certificate for a Server. More... | |
The interface for methods implemented on the ServerConfigurationModel object.
StatusCode UnifiedAutomation.UaServer.IServerConfigurationMethods.ApplyChanges | ( | RequestContext | context, |
ServerConfigurationModel | model | ||
) |
Used to tell the Server to apply any security changes.
This method should only be called if a previous call to a method that changed the configuration returns ApplyChangesRequired=true (see UnifiedAutomation.UaServer.IServerConfigurationMethods.UpdateCertificate ).
ApplyChanges can have different meanings depending on the Server architecture. In the ideal case it would only require the endpoints to be closed and reopened. However, it could require a complete Server shutdown and restart.
This method requires an encrypted channel and that the Client provides credentials with administrative rights on the Server.
Method Result Codes
Result Code | Description |
---|---|
Bad_UserAccessDenied | The current user does not have the rights required. |
context | |
model |
Implemented in UnifiedAutomation.UaServer.ServerManager.
StatusCode UnifiedAutomation.UaServer.IServerConfigurationMethods.CreateSigningRequest | ( | RequestContext | context, |
ServerConfigurationModel | model, | ||
NodeId | CertificateGroupId, | ||
NodeId | CertificateTypeId, | ||
string | SubjectName, | ||
bool | RegeneratePrivateKey, | ||
byte[] | Nonce, | ||
out byte[] | CertificateRequest | ||
) |
Asks the Server to create a PKCS#10 DER encoded certificate request that is signed with the Server’s private key.
This request can be then used to request a certificate from a CA that expects requests in this format. See RFC 2986 (txt file) for a description of PKCS#10.
This method requires an encrypted channel and that the Client provides credentials with administrative rights on the Server.
Method Result Codes
Result Code | Description |
---|---|
Bad_InvalidArgument | The CertificateTypeId, certificateGroupId or SubjectName is not valid. |
Bad_UserAccessDenied | The current user does not have the rights required. |
context | |
model | |
CertificateGroupId | The NodeId of the certificate group object which is affected by the request. If null, the UnifiedAutomation.UaServer.CertificateGroupFolderModel.DefaultApplicationGroup is used. |
CertificateTypeId | The type of certificate being requested. The set of permitted types is specified by the UnifiedAutomation.UaServer.CertificateGroupModel.CertificateTypes property belonging to the certificate group. |
SubjectName | The subject name to use in the certificate request. If not specified, the SubjectName from the current certificate is used. |
RegeneratePrivateKey | Flag indicating whether to create a new private key. If TRUE, the Server shall create a new private key which it stores until the matching signed certificate is uploaded with the UnifiedAutomation.UaServer.IServerConfigurationMethods.UpdateCertificate method. Previously created private keys may be discarded if UnifiedAutomation.UaServer.IServerConfigurationMethods.UpdateCertificate was not called before calling this method again. If FALSE, the Server uses its existing private key. |
Nonce | Additional entropy which the caller shall provide if RegeneratePrivateKey is TRUE. It shall be at least 32 bytes long. |
CertificateRequest | The PKCS#10 DER encoded certificate request. |
Implemented in UnifiedAutomation.UaServer.ServerManager.
StatusCode UnifiedAutomation.UaServer.IServerConfigurationMethods.GetRejectedList | ( | RequestContext | context, |
ServerConfigurationModel | model, | ||
out byte | Certificates[][] | ||
) |
Returns the list of Certificates that have been rejected by the Server.
No rules are defined for how the Server updates this list or how long a certificate is kept in the list. It is recommended that every valid but untrusted certificate be added to the rejected list as long as storage is available. Servers should omit older entries from the list returned if the maximum message size is not large enough to allow the entire list to be returned.
This method requires an encrypted channel and that the Client provides credentials with administrative rights on the Server.
Method Result Codes
Result Code | Description |
---|---|
Bad_UserAccessDenied | The current user does not have the rights required. |
context | |
model | |
Certificates | The DER encoded form of the Certificates rejected by the Server. |
Implemented in UnifiedAutomation.UaServer.ServerManager.
StatusCode UnifiedAutomation.UaServer.IServerConfigurationMethods.UpdateCertificate | ( | RequestContext | context, |
ServerConfigurationModel | model, | ||
NodeId | CertificateGroupId, | ||
NodeId | CertificateTypeId, | ||
byte[] | Certificate, | ||
byte | IssuerCertificates[][], | ||
string | PrivateKeyFormat, | ||
byte[] | PrivateKey, | ||
out bool | ApplyChangesRequired | ||
) |
Used to update a certificate for a Server.
There are the following three use cases for this method.
The Server shall do all normal integrity checks on the certificate and all of the issuer certificates. If errors occur, the Bad_SecurityChecksFailed error is returned.
The Server shall report an error if the public key does not match the existing certificate and PrivateKey was not provided.
This method requires an encrypted channel and that the Client provides credentials with administrative rights on the Server.
This method may require the UnifiedAutomation.UaServer.IServerConfigurationMethods.ApplyChanges method to be called.
Method Result Codes
Result Code | Description |
---|---|
Bad_InvalidArgument | The CertificateTypeId or certificateGroupId is not valid. |
Bad_CertificateInvalid | The certificate is invalid or the format is not supported. |
Bad_NotSupported | The PrivateKey is invalid or the format is not supported. |
Bad_UserAccessDenied | The current user does not have the rights required. |
Bad_SecurityChecksFailed | Some failure occurred verifying the integrity of the certificate. |
context | |
model | |
CertificateGroupId | The NodeId of the certificate group object which is affected by the update. If null the DefaultApplicationGroup is used. |
CertificateTypeId | The type of certificate being updated. The set of permitted types is specified by the UnifiedAutomation.UaServer.CertificateGroupModel.CertificateTypes property belonging to the certificate group. |
Certificate | The DER encoded certificate which replaces the existing certificate. |
IssuerCertificates | The issuer certificates needed to verify the signature on the new certificate. |
PrivateKeyFormat | The format of the private key (PEM or PFX). If the privateKey is not specified the privateKeyFormat is null or empty. |
PrivateKey | The private key encoded in the PrivateKeyFormat. |
ApplyChangesRequired | Indicates that the UnifiedAutomation.UaServer.IServerConfigurationMethods.ApplyChanges method must be called before the new certificate will be used. |
Implemented in UnifiedAutomation.UaServer.ServerManager.