From bb2dd3639539909a495a6242280e377e43e760ef Mon Sep 17 00:00:00 2001
From: Rafael Schlatter <rafaelschlatter@gmail.com>
Date: Fri, 22 Mar 2024 20:56:10 +0100
Subject: [PATCH] Use client certificate in connector

---
 Source/OpcuaClient.cs    |  9 ++++++++-
 Source/OpcuaConnector.cs | 12 +++++++-----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/Source/OpcuaClient.cs b/Source/OpcuaClient.cs
index 5d53c94..a3b92a2 100644
--- a/Source/OpcuaClient.cs
+++ b/Source/OpcuaClient.cs
@@ -160,7 +160,14 @@ private void CertificateValidation(CertificateValidator sender, CertificateValid
 
         if (certificateAccepted)
         {
-            _logger.Information("Untrusted Certificate accepted. SubjectName = {0}", e.Certificate.SubjectName);
+            _logger.Information("Untrusted Certificate accepted. Subject = {0}", e.Certificate.Subject);
+            _logger.Information("Untrusted Certificate accepted. Issuer = {0}", e.Certificate.Issuer);
+        }
+        
+        else
+        {
+            _logger.Information("Untrusted Certificate rejected. Subject = {0}", e.Certificate.Subject);
+            _logger.Information("Untrusted Certificate rejected. Issuer = {0}", e.Certificate.Issuer);
         }
 
         e.AcceptAll = certificateAccepted;
diff --git a/Source/OpcuaConnector.cs b/Source/OpcuaConnector.cs
index c898125..b553522 100644
--- a/Source/OpcuaConnector.cs
+++ b/Source/OpcuaConnector.cs
@@ -42,13 +42,15 @@ public OpcuaConnector(ILogger logger, OpcuaConfiguration opcuaConfiguration, IMe
 
         var securityConfig = new SecurityConfiguration()
         {
-            AutoAcceptUntrustedCertificates = true // ONLY for debugging/early dev
+            TrustedIssuerCertificates = new CertificateTrustList { StoreType = @"Directory", StorePath = "/Users/rafaelschlatter/raalabs/edge/Connectors.OPCUA/Source/config/certs/ca" },
+            TrustedPeerCertificates = new CertificateTrustList { StoreType = @"Directory", StorePath = "/Users/rafaelschlatter/raalabs/edge/Connectors.OPCUA/Source/config/certs/ca" },
+            ApplicationCertificate = new CertificateIdentifier { StoreType = @"Directory", StorePath = "/Users/rafaelschlatter/raalabs/edge/Connectors.OPCUA/Source/config/certs/client", SubjectName = string.Format("DC={0},O={1},CN={2}", "Rafaels-MacBook-Pro.local", "Prosys OPC", "SimulationServer@Rafaels-MacBook-Pro") },
         };
 
         var config = new ApplicationConfiguration()
         {
-            ApplicationName = "Raa Labs OPC UA connector",
-            ApplicationUri = "Raa Labs OPC UA connector",
+            ApplicationName = "RaaLabsOPCUAConnector",
+            ApplicationUri = "urn:Rafaels-MacBook-Pro.local:OPCUA:SimulationServer",
             ApplicationType = ApplicationType.Client,
             TransportConfigurations = new TransportConfigurationCollection(),
             TransportQuotas = new TransportQuotas { OperationTimeout = 15000 },
@@ -59,11 +61,11 @@ public OpcuaConnector(ILogger logger, OpcuaConfiguration opcuaConfiguration, IMe
 
         _opcuaAppInstance = new ApplicationInstance()
         {
-            ApplicationName = "Raa Labs OPC UA connector",
-            ApplicationType = ApplicationType.Client,
             ApplicationConfiguration = config
         };
 
+        _opcuaAppInstance.CheckApplicationInstanceCertificate(false, 2048).GetAwaiter().GetResult();
+
         _nodesToRead = InitializeReadValueIdCollection();
     }