Merge branch 'master' into X509CrlSupport

Applications/ConsoleReferenceClient/Program.cs

@@ -83,6 +83,8 @@ public static async Task Main(string[] args)
             int timeout = Timeout.Infinite;
             string logFile = null;
             string reverseConnectUrlString = null;
+            bool leakChannels = false;
+            bool forever = false;
 
             Mono.Options.OptionSet options = new Mono.Options.OptionSet {
                 usage,
@@ -104,6 +106,8 @@ public static async Task Main(string[] args)
                 { "v|verbose", "Verbose output", v => { if (v != null) verbose = true; } },
                 { "s|subscribe", "Subscribe", s => { if (s != null) subscribe = true; } },
                 { "rc|reverseconnect=", "Connect using the reverse connect endpoint. (e.g. rc=opc.tcp://localhost:65300)", (string url) => reverseConnectUrlString = url},
+                { "forever", "run inner connect/disconnect loop forever", f => { if (f != null) forever = true; } },
+                { "leakchannels", "Leave a channel leak open when disconnecting a session.", l => { if (l != null) leakChannels = true; } },
             };
 
             ReverseConnectManager reverseConnectManager = null;
@@ -189,12 +193,23 @@ public static async Task Main(string[] args)
                         waitTime = timeout - (int)DateTime.UtcNow.Subtract(start).TotalMilliseconds;
                         if (waitTime <= 0)
                         {
+                            if (!forever)
+                            {
                             break;
                         }
+                            else
+                            {
+                                waitTime = 0;
                     }
+                        }
 
-                    // create the UA Client object and connect to configured server.
+                        if (forever)
+                        {
+                            start = DateTime.UtcNow;
+                        }
+                    }
 
+                    // create the UA Client object and connect to configured server.
                     using (UAClient uaClient = new UAClient(application.ApplicationConfiguration, reverseConnectManager, output, ClientBase.ValidateResponse) {
                         AutoAccept = autoAccept,
                         SessionLifeTime = 60_000,
@@ -308,7 +323,7 @@ public static async Task Main(string[] args)
 
                             output.WriteLine("Client disconnected.");
 
-                            uaClient.Disconnect();
+                            uaClient.Disconnect(leakChannels);
                         }
                         else
                         {

Applications/ConsoleReferenceClient/UAClient.cs

@@ -230,7 +230,8 @@ public async Task<bool> ConnectAsync(string serverUrl, bool useSecurity = true,
         /// <summary>
         /// Disconnects the session.
         /// </summary>
-        public void Disconnect()
+        /// <param name="leaveChannelOpen">Leaves the channel open.</param>
+        public void Disconnect(bool leaveChannelOpen = false)
         {
             try
             {
@@ -245,7 +246,12 @@ public void Disconnect()
                         m_reconnectHandler = null;
                     }
 
-                    m_session.Close();
+                    m_session.Close(!leaveChannelOpen);
+                    if (leaveChannelOpen)
+                    {
+                        // detach the channel, so it doesn't get closed when the session is disposed.
+                        m_session.DetachChannel();
+                    }
                     m_session.Dispose();
                     m_session = null;
 

Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml

@@ -69,7 +69,7 @@
     <MaxArrayLength>65535</MaxArrayLength>
     <MaxMessageSize>4194304</MaxMessageSize>
     <MaxBufferSize>65535</MaxBufferSize>
-    <ChannelLifetime>300000</ChannelLifetime>
+    <ChannelLifetime>30000</ChannelLifetime>
     <SecurityTokenLifetime>3600000</SecurityTokenLifetime>
   </TransportQuotas>
   <ServerConfiguration>
@@ -90,9 +90,9 @@
     -->
     <!--
     <AlternateBaseAddresses>
-      <ua:String>http://AlternateHostName/Quickstarts/ReferenceServer</ua:String>
-      <ua:String>http://10.10.103.150/Quickstarts/ReferenceServer</ua:String>
-      <ua:String>http://[2a01::626d]/Quickstarts/ReferenceServer</ua:String>
+      <ua:String>opc.tcp://AlternateHostName/Quickstarts/ReferenceServer</ua:String>
+      <ua:String>opc.tcp://10.10.103.150/Quickstarts/ReferenceServer</ua:String>
+      <ua:String>opc.tcp://[2a01::626d]/Quickstarts/ReferenceServer</ua:String>
     </AlternateBaseAddresses>
     -->
     <SecurityPolicies>
@@ -163,6 +163,7 @@
     <DiagnosticsEnabled>true</DiagnosticsEnabled>
     <!-- Settings for CTT testing -->
     <MaxSessionCount>75</MaxSessionCount>
+    <MaxChannelCount>1000</MaxChannelCount>
     <MinSessionTimeout>10000</MinSessionTimeout>
     <MaxSessionTimeout>3600000</MaxSessionTimeout>
     <MaxBrowseContinuationPoints>10</MaxBrowseContinuationPoints>
@@ -229,6 +230,7 @@
       <ua:String>http://opcfoundation.org/UA-Profile/Server/ReverseConnect</ua:String>
       <ua:String>http://opcfoundation.org/UA-Profile/Server/ClientRedundancy</ua:String>
     </ServerProfileArray>
+
     <ShutdownDelay>5</ShutdownDelay>
     <ServerCapabilities>
       <ua:String>DA</ua:String>
@@ -259,17 +261,15 @@
     <OperationLimits>
       <MaxNodesPerRead>2500</MaxNodesPerRead>
       <MaxNodesPerHistoryReadData>1000</MaxNodesPerHistoryReadData>
-      <MaxNodesPerHistoryReadEvents>1000</MaxNodesPerHistoryReadEvents>
       <MaxNodesPerWrite>2500</MaxNodesPerWrite>
-      <MaxNodesPerHistoryUpdateData>1000</MaxNodesPerHistoryUpdateData>
-      <MaxNodesPerHistoryUpdateEvents>1000</MaxNodesPerHistoryUpdateEvents>
       <MaxNodesPerMethodCall>2500</MaxNodesPerMethodCall>
       <MaxNodesPerBrowse>2500</MaxNodesPerBrowse>
       <MaxNodesPerRegisterNodes>2500</MaxNodesPerRegisterNodes>
       <MaxNodesPerTranslateBrowsePathsToNodeIds>2500</MaxNodesPerTranslateBrowsePathsToNodeIds>
       <MaxNodesPerNodeManagement>2500</MaxNodesPerNodeManagement>
       <MaxMonitoredItemsPerCall>2500</MaxMonitoredItemsPerCall>
     </OperationLimits>
+
     <AuditingEnabled>true</AuditingEnabled>
   </ServerConfiguration>
 

Applications/ReferenceServer/Quickstarts.ReferenceServer.Config.xml

@@ -41,8 +41,8 @@
     <AutoAcceptUntrustedCertificates>false</AutoAcceptUntrustedCertificates>
 
     <!-- WARNING: SHA1 signed certificates are by default rejected and should be phased out. 
-    The setting below to allow them is only required for UACTT (1.02.336.244) which uses SHA-1 signed certs. -->
-    <RejectSHA1SignedCertificates>false</RejectSHA1SignedCertificates>
+       only nano and embedded profiles are allowed to use sha1 signed certificates. -->
+    <RejectSHA1SignedCertificates>true</RejectSHA1SignedCertificates>
     <RejectUnknownRevocationStatus>true</RejectUnknownRevocationStatus>
     <MinimumCertificateKeySize>2048</MinimumCertificateKeySize>
     <AddAppCertToTrustedStore>false</AddAppCertToTrustedStore>
@@ -63,13 +63,13 @@
 
   <TransportConfigurations></TransportConfigurations>
   <TransportQuotas>
-    <OperationTimeout>600000</OperationTimeout>
+    <OperationTimeout>120000</OperationTimeout>
     <MaxStringLength>1048576</MaxStringLength>
     <MaxByteStringLength>1048576</MaxByteStringLength>
     <MaxArrayLength>65535</MaxArrayLength>
     <MaxMessageSize>4194304</MaxMessageSize>
     <MaxBufferSize>65535</MaxBufferSize>
-    <ChannelLifetime>300000</ChannelLifetime>
+    <ChannelLifetime>30000</ChannelLifetime>
     <SecurityTokenLifetime>3600000</SecurityTokenLifetime>
   </TransportQuotas>
   <ServerConfiguration>
@@ -90,23 +90,27 @@
     -->
     <!--
     <AlternateBaseAddresses>
-      <ua:String>http://AlternateHostName/Quickstarts/ReferenceServer</ua:String>
-      <ua:String>http://10.10.103.150/Quickstarts/ReferenceServer</ua:String>
-      <ua:String>http://[2a01::626d]/Quickstarts/ReferenceServer</ua:String>
+      <ua:String>opc.tcp://AlternateHostName/Quickstarts/ReferenceServer</ua:String>
+      <ua:String>opc.tcp://10.10.103.150/Quickstarts/ReferenceServer</ua:String>
+      <ua:String>opc.tcp://[2a01::626d]/Quickstarts/ReferenceServer</ua:String>
     </AlternateBaseAddresses>
     -->
     <SecurityPolicies>
       <ServerSecurityPolicy>
-        <SecurityMode>Sign_2</SecurityMode>
+        <SecurityMode>SignAndEncrypt_3</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>
       </ServerSecurityPolicy>
       <ServerSecurityPolicy>
         <SecurityMode>None_1</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#None</SecurityPolicyUri>
       </ServerSecurityPolicy>
+      <ServerSecurityPolicy>
+        <SecurityMode>Sign_2</SecurityMode>
+        <SecurityPolicyUri></SecurityPolicyUri>
+      </ServerSecurityPolicy>
       <ServerSecurityPolicy>
         <SecurityMode>SignAndEncrypt_3</SecurityMode>
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>
+        <SecurityPolicyUri></SecurityPolicyUri>
       </ServerSecurityPolicy>
       <!-- deprecated security policies for reference only 
       <ServerSecurityPolicy>
@@ -126,30 +130,6 @@
           <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15</SecurityPolicyUri>
       </ServerSecurityPolicy>
       -->
-      <ServerSecurityPolicy>
-        <SecurityMode>Sign_2</SecurityMode>
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep</SecurityPolicyUri>
-      </ServerSecurityPolicy>
-      <ServerSecurityPolicy>
-        <SecurityMode>SignAndEncrypt_3</SecurityMode>
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep</SecurityPolicyUri>
-      </ServerSecurityPolicy>
-      <ServerSecurityPolicy>
-        <SecurityMode>Sign_2</SecurityMode>
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss</SecurityPolicyUri>
-      </ServerSecurityPolicy>
-      <ServerSecurityPolicy>
-        <SecurityMode>SignAndEncrypt_3</SecurityMode>
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss</SecurityPolicyUri>
-      </ServerSecurityPolicy>
-      <ServerSecurityPolicy>
-        <SecurityMode>Sign_2</SecurityMode>
-        <SecurityPolicyUri></SecurityPolicyUri>
-      </ServerSecurityPolicy>
-      <ServerSecurityPolicy>
-        <SecurityMode>SignAndEncrypt_3</SecurityMode>
-        <SecurityPolicyUri></SecurityPolicyUri>
-      </ServerSecurityPolicy>
     </SecurityPolicies>
 
     <MinRequestThreadCount>5</MinRequestThreadCount>
@@ -180,7 +160,9 @@
     </UserTokenPolicies>
 
     <DiagnosticsEnabled>true</DiagnosticsEnabled>
-    <MaxSessionCount>100</MaxSessionCount>
+    <!-- Settings for CTT testing -->
+    <MaxSessionCount>75</MaxSessionCount>
+    <MaxChannelCount>1000</MaxChannelCount>
     <MinSessionTimeout>10000</MinSessionTimeout>
     <MaxSessionTimeout>3600000</MaxSessionTimeout>
     <MaxBrowseContinuationPoints>10</MaxBrowseContinuationPoints>
@@ -244,6 +226,8 @@
       <ua:String>http://opcfoundation.org/UA-Profile/Server/StandardUA2017</ua:String>
       <ua:String>http://opcfoundation.org/UA-Profile/Server/DataAccess</ua:String>
       <ua:String>http://opcfoundation.org/UA-Profile/Server/Methods</ua:String>
+      <ua:String>http://opcfoundation.org/UA-Profile/Server/ReverseConnect</ua:String>
+      <ua:String>http://opcfoundation.org/UA-Profile/Server/ClientRedundancy</ua:String>
     </ServerProfileArray>
 
     <ShutdownDelay>5</ShutdownDelay>
@@ -256,14 +240,35 @@
     </SupportedPrivateKeyFormats>
     <MaxTrustListSize>0</MaxTrustListSize>
     <MultiCastDnsEnabled>false</MultiCastDnsEnabled>
+
+    <!--  Reverse connection parameters for aggregation server sample -->
+    <!--
+    <ReverseConnect>
+      <Clients>
+        <ReverseConnectClient>
+          <EndpointUrl>opc.tcp://localhost:65300</EndpointUrl>
+          <MaxSessionCount>0</MaxSessionCount>
+          <Enabled>true</Enabled>
+        </ReverseConnectClient>
+      </Clients>
+      <ConnectInterval>15000</ConnectInterval>
+      <ConnectTimeout>30000</ConnectTimeout>
+      <RejectTimeout>60000</RejectTimeout>
+    </ReverseConnect>
+    -->
+
     <OperationLimits>
-      <MaxNodesPerRead>1000</MaxNodesPerRead>
-      <MaxNodesPerWrite>1000</MaxNodesPerWrite>
-      <MaxNodesPerMethodCall>250</MaxNodesPerMethodCall>
+      <MaxNodesPerRead>2500</MaxNodesPerRead>
+      <MaxNodesPerHistoryReadData>1000</MaxNodesPerHistoryReadData>
+      <MaxNodesPerWrite>2500</MaxNodesPerWrite>
+      <MaxNodesPerMethodCall>2500</MaxNodesPerMethodCall>
       <MaxNodesPerBrowse>2500</MaxNodesPerBrowse>
-      <MaxNodesPerTranslateBrowsePathsToNodeIds>1000</MaxNodesPerTranslateBrowsePathsToNodeIds>
-      <MaxMonitoredItemsPerCall>1000</MaxMonitoredItemsPerCall>
+      <MaxNodesPerRegisterNodes>2500</MaxNodesPerRegisterNodes>
+      <MaxNodesPerTranslateBrowsePathsToNodeIds>2500</MaxNodesPerTranslateBrowsePathsToNodeIds>
+      <MaxNodesPerNodeManagement>2500</MaxNodesPerNodeManagement>
+      <MaxMonitoredItemsPerCall>2500</MaxMonitoredItemsPerCall>
     </OperationLimits>
+
     <AuditingEnabled>true</AuditingEnabled>
   </ServerConfiguration>
 

Libraries/Opc.Ua.Configuration/ApplicationConfigurationBuilder.cs

@@ -534,6 +534,13 @@ public IApplicationConfigurationBuilderServerOptions SetMaxSessionCount(int maxS
             return this;
         }
 
+        /// <inheritdoc/>
+        public IApplicationConfigurationBuilderServerOptions SetMaxChannelCount(int maxChannelCount)
+        {
+            ApplicationConfiguration.ServerConfiguration.MaxChannelCount = maxChannelCount;
+            return this;
+        }
+
         /// <inheritdoc/>
         public IApplicationConfigurationBuilderServerOptions SetMinSessionTimeout(int minSessionTimeout)
         {

Libraries/Opc.Ua.Configuration/IApplicationConfigurationBuilder.cs

@@ -156,6 +156,11 @@ public interface IApplicationConfigurationBuilderServerOptions :
         /// <inheritdoc cref="ServerConfiguration.MaxSessionCount"/>
         IApplicationConfigurationBuilderServerOptions SetMaxSessionCount(int maxSessionCount);
 
+        /// <inheritdoc cref="ServerConfiguration.MaxChannelCount"/>
+        /// <remarks>applies to <see cref="ServerConfiguration.MaxChannelCount"/></remarks>
+        /// <param name="maxChannelCount">The lifetime.</param>
+        IApplicationConfigurationBuilderServerOptions SetMaxChannelCount(int maxChannelCount);
+
         /// <inheritdoc cref="ServerConfiguration.MinSessionTimeout"/>
         IApplicationConfigurationBuilderServerOptions SetMinSessionTimeout(int minSessionTimeout);
 

Libraries/Opc.Ua.Server/Diagnostics/AuditEvents.cs

@@ -827,7 +827,7 @@ public static class AuditEvents
                     message = new TranslationInfo(
                      "AuditActivateSessionEvent",
                     "en-US",
-                    $"Session with Id:{session.Id} was activated.");
+                    $"Session with Id:{session?.Id} was activated.");
                 }
                 else
                 {

Libraries/Opc.Ua.Server/Server/StandardServer.cs

@@ -30,6 +30,7 @@
 using System;
 using System.Collections;
 using System.Collections.Generic;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
@@ -505,6 +506,7 @@ protected override void Dispose(bool disposing)
                 }
 
                 Utils.LogInfo("Server - SESSION CREATED. SessionId={0}", sessionId);
+
                 // report audit for successful create session
                 ServerInternal.ReportAuditCreateSessionEvent(context?.AuditEntryId, session, revisedSessionTimeout);
 
@@ -2949,6 +2951,9 @@ protected override void StartApplication(ApplicationConfiguration configuration)
                     SessionManager sessionManager = CreateSessionManager(m_serverInternal, configuration);
                     sessionManager.Startup();
 
+                    // use event to trigger channel that should not be closed.
+                    sessionManager.SessionChannelKeepAlive += SessionChannelKeepAliveEvent;
+
                     // start the subscription manager.
                     Utils.LogInfo(TraceMasks.StartStop, "Server - CreateSubscriptionManager.");
                     SubscriptionManager subscriptionManager = CreateSubscriptionManager(m_serverInternal, configuration);
@@ -3086,6 +3091,7 @@ protected override void OnServerStopping()
                 {
                     if (m_serverInternal != null)
                     {
+                        m_serverInternal.SessionManager.SessionChannelKeepAlive -= SessionChannelKeepAliveEvent;
                         m_serverInternal.SubscriptionManager.Shutdown();
                         m_serverInternal.SessionManager.Shutdown();
                         m_serverInternal.NodeManager.Shutdown();
@@ -3338,6 +3344,24 @@ public virtual void RemoveNodeManager(INodeManagerFactory nodeManagerFactory)
         }
         #endregion
 
+        #region Private Methods
+        /// <summary>
+        /// Reacts to a session channel keep alive event to signal
+        /// a listener channel that a session is still active.
+        /// </summary>
+        private void SessionChannelKeepAliveEvent(Session session, SessionEventReason reason)
+        {
+            Debug.Assert(reason == SessionEventReason.ChannelKeepAlive);
+
+            string secureChannelId = session?.SecureChannelId;
+            if (!string.IsNullOrEmpty(secureChannelId))
+            {
+                var transportListener = TransportListeners.FirstOrDefault(tl => secureChannelId.StartsWith(tl.ListenerId, StringComparison.Ordinal));
+                transportListener?.UpdateChannelLastActiveTime(secureChannelId);
+            }
+        }
+        #endregion
+
         #region Private Properties
         private OperationLimitsState OperationLimits => ServerInternal.ServerObject.ServerCapabilities.OperationLimits;
         #endregion