.NET Based OPC UA Client/Server SDK  3.3.3.537
UnifiedAutomation.UaServer.IServerConfigurationMethods Interface Reference

The interface for methods implemented on the ServerConfigurationModel object. More...

Inherited by UnifiedAutomation.UaServer.ServerManager.

Public Member Functions

StatusCode ApplyChanges (RequestContext context, ServerConfigurationModel model)
 Used to tell the Server to apply any security changes. More...
 
StatusCode CancelChanges (RequestContext context, ServerConfigurationModel model)
 https://reference.opcfoundation.org/v105/Core/docs/Part12/7.10.8 More...
 
StatusCode CreateSigningRequest (RequestContext context, ServerConfigurationModel model, NodeId CertificateGroupId, NodeId CertificateTypeId, string SubjectName, bool RegeneratePrivateKey, byte[] Nonce, out byte[] CertificateRequest)
 Asks the Server to create a PKCS#10 DER encoded certificate request that is signed with the Server’s private key. More...
 
StatusCode GetCertificates (RequestContext context, ServerConfigurationModel model, NodeId CertificateGroupId, out NodeId[] CertificateTypeIds, out byte[][] Certificates)
 https://reference.opcfoundation.org/v105/Core/docs/Part12/7.10.5 More...
 
StatusCode GetRejectedList (RequestContext context, ServerConfigurationModel model, out byte[][] Certificates)
 Returns the list of Certificates that have been rejected by the Server. More...
 
StatusCode ResetToServerDefaults (RequestContext context, ServerConfigurationModel model)
 https://reference.opcfoundation.org/v105/Core/docs/Part12/7.10.10 More...
 
StatusCode UpdateCertificate (RequestContext context, ServerConfigurationModel model, NodeId CertificateGroupId, NodeId CertificateTypeId, byte[] Certificate, byte[][] IssuerCertificates, string PrivateKeyFormat, byte[] PrivateKey, out bool ApplyChangesRequired)
 Used to update a certificate for a Server. More...
 

Detailed Description

The interface for methods implemented on the ServerConfigurationModel object.

Member Function Documentation

StatusCode UnifiedAutomation.UaServer.IServerConfigurationMethods.ApplyChanges ( RequestContext  context,
ServerConfigurationModel  model 
)

Used to tell the Server to apply any security changes.

This method should only be called if a previous call to a method that changed the configuration returns ApplyChangesRequired=true (see UnifiedAutomation.UaServer.IServerConfigurationMethods.UpdateCertificate ).

ApplyChanges can have different meanings depending on the Server architecture. In the ideal case it would only require the endpoints to be closed and reopened. However, it could require a complete Server shutdown and restart.

This method requires an encrypted channel and that the Client provides credentials with administrative rights on the Server.

Method Result Codes

Result Code Description
Bad_UserAccessDenied The current user does not have the rights required.
Parameters
context
model
Returns

Implemented in UnifiedAutomation.UaServer.ServerManager.

StatusCode UnifiedAutomation.UaServer.IServerConfigurationMethods.CancelChanges ( RequestContext  context,
ServerConfigurationModel  model 
)
StatusCode UnifiedAutomation.UaServer.IServerConfigurationMethods.CreateSigningRequest ( RequestContext  context,
ServerConfigurationModel  model,
NodeId  CertificateGroupId,
NodeId  CertificateTypeId,
string  SubjectName,
bool  RegeneratePrivateKey,
byte[]  Nonce,
out byte[]  CertificateRequest 
)

Asks the Server to create a PKCS#10 DER encoded certificate request that is signed with the Server’s private key.

This request can be then used to request a certificate from a CA that expects requests in this format. See RFC 2986 (txt file) for a description of PKCS#10.

This method requires an encrypted channel and that the Client provides credentials with administrative rights on the Server.

Method Result Codes

Result Code Description
Bad_InvalidArgument The CertificateTypeId, certificateGroupId or SubjectName is not valid.
Bad_UserAccessDenied The current user does not have the rights required.
Parameters
context
model
CertificateGroupIdThe NodeId of the certificate group object which is affected by the request. If null, the UnifiedAutomation.UaServer.CertificateGroupFolderModel.DefaultApplicationGroup is used.
CertificateTypeIdThe type of certificate being requested. The set of permitted types is specified by the UnifiedAutomation.UaServer.CertificateGroupModel.CertificateTypes property belonging to the certificate group.
SubjectNameThe subject name to use in the certificate request. If not specified, the SubjectName from the current certificate is used.
RegeneratePrivateKeyFlag indicating whether to create a new private key. If TRUE, the Server shall create a new private key which it stores until the matching signed certificate is uploaded with the UnifiedAutomation.UaServer.IServerConfigurationMethods.UpdateCertificate method. Previously created private keys may be discarded if UnifiedAutomation.UaServer.IServerConfigurationMethods.UpdateCertificate was not called before calling this method again. If FALSE, the Server uses its existing private key.
NonceAdditional entropy which the caller shall provide if RegeneratePrivateKey is TRUE. It shall be at least 32 bytes long.
CertificateRequestThe PKCS#10 DER encoded certificate request.
Returns

Implemented in UnifiedAutomation.UaServer.ServerManager.

StatusCode UnifiedAutomation.UaServer.IServerConfigurationMethods.GetCertificates ( RequestContext  context,
ServerConfigurationModel  model,
NodeId  CertificateGroupId,
out NodeId[]  CertificateTypeIds,
out byte  Certificates[][] 
)

https://reference.opcfoundation.org/v105/Core/docs/Part12/7.10.5

Parameters
context
model
CertificateGroupId
CertificateTypeIdsout:
Certificatesout:
Returns

Implemented in UnifiedAutomation.UaServer.ServerManager.

StatusCode UnifiedAutomation.UaServer.IServerConfigurationMethods.GetRejectedList ( RequestContext  context,
ServerConfigurationModel  model,
out byte  Certificates[][] 
)

Returns the list of Certificates that have been rejected by the Server.

No rules are defined for how the Server updates this list or how long a certificate is kept in the list. It is recommended that every valid but untrusted certificate be added to the rejected list as long as storage is available. Servers should omit older entries from the list returned if the maximum message size is not large enough to allow the entire list to be returned.

This method requires an encrypted channel and that the Client provides credentials with administrative rights on the Server.

Method Result Codes

Result Code Description
Bad_UserAccessDenied The current user does not have the rights required.
Parameters
context
model
CertificatesThe DER encoded form of the Certificates rejected by the Server.
Returns

Implemented in UnifiedAutomation.UaServer.ServerManager.

StatusCode UnifiedAutomation.UaServer.IServerConfigurationMethods.ResetToServerDefaults ( RequestContext  context,
ServerConfigurationModel  model 
)
StatusCode UnifiedAutomation.UaServer.IServerConfigurationMethods.UpdateCertificate ( RequestContext  context,
ServerConfigurationModel  model,
NodeId  CertificateGroupId,
NodeId  CertificateTypeId,
byte[]  Certificate,
byte  IssuerCertificates[][],
string  PrivateKeyFormat,
byte[]  PrivateKey,
out bool  ApplyChangesRequired 
)

Used to update a certificate for a Server.

There are the following three use cases for this method.

  • The new certificate was created based on a signing request created with the method UnifiedAutomation.UaServer.IServerConfigurationMethods.CreateSigningRequest . In this case, there is no PrivateKey provided.
  • A new PrivateKey and certificate were created outside the Server and both are updated with this method.
  • A new certificate was created and signed with the information from the old Certificate. In this case, there is no PrivateKey provided.

The Server shall do all normal integrity checks on the certificate and all of the issuer certificates. If errors occur, the Bad_SecurityChecksFailed error is returned.

The Server shall report an error if the public key does not match the existing certificate and PrivateKey was not provided.

This method requires an encrypted channel and that the Client provides credentials with administrative rights on the Server.

This method may require the UnifiedAutomation.UaServer.IServerConfigurationMethods.ApplyChanges method to be called.

Method Result Codes

Result Code Description
Bad_InvalidArgument The CertificateTypeId or certificateGroupId is not valid.
Bad_CertificateInvalid The certificate is invalid or the format is not supported.
Bad_NotSupported The PrivateKey is invalid or the format is not supported.
Bad_UserAccessDenied The current user does not have the rights required.
Bad_SecurityChecksFailed Some failure occurred verifying the integrity of the certificate.
Parameters
context
model
CertificateGroupIdThe NodeId of the certificate group object which is affected by the update. If null the DefaultApplicationGroup is used.
CertificateTypeIdThe type of certificate being updated. The set of permitted types is specified by the UnifiedAutomation.UaServer.CertificateGroupModel.CertificateTypes property belonging to the certificate group.
CertificateThe DER encoded certificate which replaces the existing certificate.
IssuerCertificatesThe issuer certificates needed to verify the signature on the new certificate.
PrivateKeyFormatThe format of the private key (PEM or PFX). If the privateKey is not specified the privateKeyFormat is null or empty.
PrivateKeyThe private key encoded in the PrivateKeyFormat.
ApplyChangesRequiredIndicates that the UnifiedAutomation.UaServer.IServerConfigurationMethods.ApplyChanges method must be called before the new certificate will be used.
Returns

Implemented in UnifiedAutomation.UaServer.ServerManager.


The documentation for this interface was generated from the following file: