Add support for pushing to arbitrary certificate groups to the ServerPushConfigurationClient#3585
Conversation
… groups and add overloads for backward compatibility. Extend ReadTrustList API to support arbitrary certificate groups and add overloads for backward compatibility. Extend UpdateTrustList to support arbitrary certificate groups and add overloads for backward compatibility.
|
|
|
@Tyrrx maybe you can add a fast path for the well known nodes, so no browse is issued for them |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #3585 +/- ##
===========================================
+ Coverage 51.86% 65.97% +14.10%
===========================================
Files 370 459 +89
Lines 78618 97763 +19145
Branches 13650 16326 +2676
===========================================
+ Hits 40779 64496 +23717
+ Misses 33705 28181 -5524
- Partials 4134 5086 +952 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
This pull request adds support for operating on arbitrary certificate groups in the ServerPushConfigurationClient class, addressing issue #3571. Previously, the methods could only work with the default application certificate group. The changes enable library consumers to read, update, add, and remove certificates from any certificate group on the server.
Changes:
- Extended
ReadTrustListAsync,UpdateTrustListAsync,AddCertificateAsync, andRemoveCertificateAsyncto accept an optionalcertificateGroupIdparameter - Added backward-compatible overloads that default to the
DefaultApplicationGroup - Implemented helper methods
BrowseNodeIdAsyncandFindChildByTypeDefinitionAsyncto dynamically discover NodeIds for arbitrary certificate groups - Applied formatting changes throughout the file for consistency
|
|
||
| const int maxAttempts = 5; | ||
| for (int attempt = 0; ; attempt++) | ||
| for (int attempt = 0;; attempt++) |
There was a problem hiding this comment.
Formatting change removes space after semicolon in for loop condition. While this doesn't affect functionality, it's typically more readable to have a space after semicolons in for loops (e.g., for (int attempt = 0; ; attempt++)). This change appears to be inconsistent with common C# formatting conventions. Consider reverting this spacing change or confirming it matches the project's .editorconfig rules.
| for (int attempt = 0;; attempt++) | |
| for (int attempt = 0; ; attempt++) |
| public async Task<bool> UpdateTrustListAsync( | ||
| TrustListDataType trustList, | ||
| NodeId certificateGroupId, | ||
| long maxTrustListSize, | ||
| CancellationToken ct = default) |
There was a problem hiding this comment.
The new public method overload is missing XML documentation for the certificateGroupId parameter. This parameter should be documented with a <param name="certificateGroupId"> tag explaining that it is the identifier for the CertificateGroup to which the trust list update should be applied.
| /// Add certificate. | ||
| /// </summary> |
There was a problem hiding this comment.
The new public method overload is missing XML documentation for the certificateGroupId parameter. This parameter should be documented with a <param name="certificateGroupId"> tag explaining that it is the identifier for the CertificateGroup to which the certificate should be added.
| /// Add certificate. | |
| /// </summary> | |
| /// Add a certificate to the specified certificate group on the server. | |
| /// </summary> | |
| /// <param name="certificate">The certificate to add to the certificate group.</param> | |
| /// <param name="isTrustedCertificate">If <c>true</c>, the certificate is added as a trusted certificate; otherwise it is added as an issuer certificate.</param> | |
| /// <param name="certificateGroupId">The identifier for the CertificateGroup to which the certificate should be added.</param> | |
| /// <param name="ct">The token that can be used to cancel the asynchronous operation.</param> | |
| /// <returns>A task that represents the asynchronous add-certificate operation.</returns> |
|
|
||
| /// <summary> | ||
| /// Remove certificate. | ||
| /// </summary> |
There was a problem hiding this comment.
The new public method overload is missing XML documentation for the certificateGroupId parameter. This parameter should be documented with a <param name="certificateGroupId"> tag explaining that it is the identifier for the CertificateGroup from which the certificate should be removed.
| /// </summary> | |
| /// </summary> | |
| /// <param name="thumbprint">The thumbprint of the certificate to remove.</param> | |
| /// <param name="isTrustedCertificate">Indicates whether the certificate is a trusted certificate.</param> | |
| /// <param name="certificateGroupId"> | |
| /// The identifier for the CertificateGroup from which the certificate should be removed. | |
| /// </param> | |
| /// <param name="ct">The token to monitor for cancellation requests.</param> | |
| /// <returns>A task that represents the asynchronous remove operation.</returns> |
| NodeId referenceTypeId, | ||
| CancellationToken ct = default) | ||
| { | ||
| Node node = await Session.ReadNodeAsync(searchNodeId, ct).ConfigureAwait(false); |
There was a problem hiding this comment.
The ReadNodeAsync call on line 1373 may fail if the searchNodeId cannot be resolved in the server's namespace (e.g., if namespace mappings differ). Consider wrapping this in a try-catch block with a more specific error message indicating that the standard node definition could not be read, which would help with debugging issues related to namespace mismatches.
| Node node = await Session.ReadNodeAsync(searchNodeId, ct).ConfigureAwait(false); | |
| Node node; | |
| try | |
| { | |
| node = await Session.ReadNodeAsync(searchNodeId, ct).ConfigureAwait(false); | |
| } | |
| catch (ServiceResultException ex) | |
| { | |
| m_logger.LogError( | |
| ex, | |
| "Failed to read standard node definition for NodeId {SearchNodeId}. " + | |
| "This may indicate a namespace mapping mismatch between client and server.", | |
| searchNodeId); | |
| throw; | |
| } |
| if (IsConnected) | ||
| { | ||
| NodeId closeMethodId = | ||
| await BrowseNodeIdAsync(trustListNodeId, | ||
| Ua.MethodIds.FileType_Close, ReferenceTypeIds.HasComponent, ct) | ||
| .ConfigureAwait(false); | ||
|
|
||
| await session.CallAsync( | ||
| ExpandedNodeId.ToNodeId( | ||
| Ua.ObjectIds.ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList, | ||
| session.NamespaceUris | ||
| ), | ||
| ExpandedNodeId.ToNodeId( | ||
| Ua.MethodIds | ||
| .ServerConfiguration_CertificateGroups_DefaultApplicationGroup_TrustList_Close, | ||
| session.NamespaceUris | ||
| ), | ||
| ct, | ||
| fileHandle) | ||
| trustListNodeId, | ||
| closeMethodId, | ||
| ct, | ||
| fileHandle) | ||
| .ConfigureAwait(false); |
There was a problem hiding this comment.
The error handler attempts to call BrowseNodeIdAsync and session.CallAsync to close the file handle, but these calls can also fail (e.g., if the connection is lost or if there's a timeout). Consider wrapping these cleanup calls in a try-catch block to prevent the original exception from being masked by a cleanup failure. This pattern is important for ensuring the original error is always propagated to the caller.
…outside of loop.
Yes, I also thought about that and I added it here: 293f281. But now the problem is that the actual browse methods are not covered by the tests anymore. Is it possible to introduce a custom group in the sample server and if so, how? |
…izing `NodeId` resolution.
Tyrrx
force-pushed
the
feature/custom-certificate-group-support
branch
from
b062a99 to
293f281
Compare
|
@Tyrrx thank you for the fast fix, for the Server it is not that easy. However the GDS has this functionality to specifiy additional certificate groups in the configuration. Maybe you can add a tests utilizing that in the GDS.Tests project? |
Libraries/Opc.Ua.Gds.Client.Common/ServerPushConfigurationClient.cs
Outdated
Show resolved
Hide resolved
marcschier
left a comment
marcschier
left a comment
There was a problem hiding this comment.
Can you add tests too, please?
@romanett: I checked the implementation of 
The actual node id is inferred by the certificate types in the group in |
…ozenDictionary` for improved performance.
|
@Tyrrx i think an extenstion is just needed in applicationsNodeManager.SetCertificateGroupNodes to check the existing certificategroup.Id config. Thank you👍. If this doesnt work I See No harm in adding the optional NodeId config propery |
|
@romanett Okay I took a closer look and it seems like it's not done by just adding a |
|
Another option would be to test the private methods but I think that's worse. |
Proposed changes
See: #3571.
Related Issues
Types of changes
What types of changes does your code introduce?
Put an
xin the boxes that apply. You can also fill these out after creating the PR.Checklist
Put an
xin the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.Further comments
Is there a auto formatting rule set that needs to be applied?
Do the new methods need additional tests because the back-ports technically already call them?
Do the new methods need additional documentation because I think they are self explanatory?
Would it make sense to make the
ServerPushConfigurationClientpartial in general so that it is easier for a library consumer to implement custom logic?