Implementing ServerConfiguration's ResetToServerDefaults

Questions regarding the use of the .NET SDK 2.0 for Server or Client development or integration into customer products ...

Moderator: uasdknet

Post Reply
node.dave
Sr. Member
Sr. Member
Posts: 10
Joined: 24 Feb 2023, 21:27

Implementing ServerConfiguration's ResetToServerDefaults

Post by node.dave »

Hi, all. I'm evaluating the .NET SDK to see if it's suitable for a server project, and I seem to be running into a little snag around certificate management. I'll sketch out what I'm doing and perhaps someone can point out where I've gone astray. For full disclosure, I'm pretty new to OPC UA as well, so going astray comes easily.

One of the requirements I need to support for this server is the Push Management model as outlined in Section 12 of the spec. When I connect to my server with UaExpert with admin credentials on an encrypted endpoint, I can browse the ServerConfiguration object. As far as I can tell from poking at it with UaExpert, this mostly works as expected.

Where things start getting more difficult is that I also need to implement the optional ResetToServerDefaults method on the ServerConfiguration object. The IServerConfigurationMethods interface doesn't define any of the optional ServerConfiguration methods, but I eventually figured out how to create the method with the correct NodeId with CoreNodeManager.CreateMethod(), then attach it to the CoreNodeManager's list of dispatchers using CoreNodeManager.SetMethodDispatcher().

The implementation of ResetToServerDefaults is supposed to take the following actions: clear all TrustLists, delete all assigned certificates, reset all Endpoints and ReverseEndpoints to defaults, set all UserTokenPolicies to defaults, delete all CertificateManagerEndpoints, and reset any passwords for built-in admin accounts. Finally, the ServerState needs to be set to SHUTDOWN.

Not all of these apply to what I'm doing at the moment, but TrustLists need to be cleared and certificates need to be deleted, including the application instance certificate which is expected to be regenerated when the server restarts.

What I'm doing to clear the TrustLists and certificates is to iterate the Application's TrustedStore and RejectedStore to get their thumbprints, then iterating the thumbprints calling the store's Remove() method for each one, then finally calling RequestServerStateChange() to shut down the server. This does result in the certificates being deleted from their folders. What is curious, however, is that if I don't shut the server process down but instead have Main() loop to restart the server, it seems like the trust relationships are still cached somewhere: I can reconnect to the server over the Basic256Sha256 endpoint with no certificates in trusted\certs.

I've tried inserting a GC.Collect() call just before looping back to recreate the server objects from scratch, thinking that might flush any cached data, but that also hasn't helped.

I suspect I'm just not doing the right things to properly and fully reset the TrustLists and certificates, but it's unclear to me exactly what I need to do with the SDK to accomplish this.

I'm also not sure what I should do to reset the server's own application instance certificate. Obviously, I can just delete certificates from their stores on disk, but deleting data out from under the server seems like it might not be the right way to go about it. Or is it?

Sorry if this is long-winded, but any advice on implementing ServerConfiguration's ResetToServerDefaults would be greatly appreciated.

Thanks,
Dave

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: Implementing ServerConfiguration's ResetToServerDefaults

Post by Support Team »

Hello Dave,

The SDK 3.3, which will be released within the next few weeks, will contain the version 1.05.2 of the OPC Foundation namespace. In this version the ResetToServerDefaults method is part of the ServerConfiguration object. So you do not need to create the method node when using version 3.3 of the sdk.
However the next version of the sdk will not support this feature directly, but you can override the method in your ServerManager implementation.

But before implementing the ResetToServerDefaults method I recommend to analyze if it is a better approach to register the server at a Global Discovery Server (GDS) and let the GDS do the certificate handling. The next version of the sdk will contain a class that can be used for server to register themselves at a GDS.

An evaluation version of the SDK can be downloaded here: https://www.unified-automation.com/products/ua-runtime-software/uagds.html.
Best regards
Unified Automation Support Team

node.dave
Sr. Member
Sr. Member
Posts: 10
Joined: 24 Feb 2023, 21:27

Re: Implementing ServerConfiguration's ResetToServerDefaults

Post by node.dave »

Thanks for the quick support!

It's great to hear that this optional method will soon become a relatively simple override --- hopefully this will apply to other optional methods throughout the SDK as well. I'll look forward to that.

The server I'm building at present is meant to simulate devices that will be provisioned and optionally reset by another product; a separate GDS might not be present. I will need to implement ResetToServerDefaults method to fulfill the requirements in this design.

Dave

node.dave
Sr. Member
Sr. Member
Posts: 10
Joined: 24 Feb 2023, 21:27

Re: Implementing ServerConfiguration's ResetToServerDefaults

Post by node.dave »

The 3.3 SDK worked great for ServerConfiguration's ResetToServerDefaults; just a small override, as you said, rather than having to build up the method and attach it manually. Very nice!

Curiously, though, while an override also exists for the optional GetCertificates method, if I browse the ServerConfiguration object in UaExpert (with SecurityAdmin access), I do not see the GetCertificates method. Is there something that needs to be done to enable this?

[Update: Looks like for ResetToServerDefaults, both the ServerConfigurationType_ResetToServerDefaults and the ServerConfiguration_ResetToServerDefaults nodes have been created, but for GetCertificates, only the ServerConfigurationType_GetCertificates node is there. There isn't even a value defined for UnifiedAutomation.UaBase.MethodIds.ServerConfiguration_GetCertificates (should be 32333, I believe).]

Dave

Post Reply