Merge pull request #3004 from OPCFoundation/master

Merge latest master into release/1.5.375

Author: mrsuciu

Applications/ConsoleReferenceClient/ConsoleReferenceClient.csproj

@@ -20,7 +20,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging" Version="9.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging" Version="9.0.1" />
     <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.1" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="9.0.0" />
     <PackageReference Include="Mono.Options" Version="6.12.0.148" />

Applications/ConsoleReferenceServer/ConsoleReferenceServer.csproj

@@ -29,7 +29,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging" Version="9.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging" Version="9.0.1" />
     <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.1" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="9.0.0" />
     <PackageReference Include="Mono.Options" Version="6.12.0.148" />

Fuzzing/Encoders/Fuzz.Tests/Opc.Ua.Encoders.Fuzz.Tests.csproj

@@ -21,7 +21,7 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="NUnit" Version="4.3.2" />
-    <PackageReference Include="NUnit.Console" Version="3.19.1" />
+    <PackageReference Include="NUnit.Console" Version="3.19.2" />
     <PackageReference Include="NUnit3TestAdapter" Version="4.6.0">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>

Libraries/Opc.Ua.Client/Session/SessionReconnectHandler.cs

@@ -459,9 +459,12 @@ private async Task<bool> DoReconnectAsync()
                     ITransportWaitingConnection connection;
                     do
                     {
+                        var endpointDescription = m_session.Endpoint;
+                        if(endpointDescription == null)
+                             endpointDescription = transportChannel.EndpointDescription;
                         connection = await m_reverseConnectManager.WaitForConnection(
-                                new Uri(m_session.Endpoint.EndpointUrl),
-                                m_session.Endpoint.Server.ApplicationUri
+                                new Uri(endpointDescription.EndpointUrl),
+                                endpointDescription.Server.ApplicationUri
                             ).ConfigureAwait(false);
 
                         if (m_updateFromServer)

Libraries/Opc.Ua.Gds.Server.Common/CertificateGroup.cs

@@ -82,7 +82,8 @@ [Optional] string trustedIssuerCertificatesStorePath
                 {
                     if (!Utils.IsSupportedCertificateType(certificateType))
                     {
-                        throw new NotImplementedException($"Unsupported certificate type {certificateType}");
+                        Utils.LogError("Certificate type {0} specified for Certificate Group is not supported on this platform", certificateType);
+                        continue;
                     }
 
                     CertificateTypes.Add(certificateType);
@@ -356,7 +357,10 @@ public virtual async Task<X509Certificate2> SigningRequestAsync(
 
 #if ECC_SUPPORT
                     certificate = TryGetECCCurve(certificateType, out ECCurve curve) ?
-                       builder.SetIssuer(signingKey).SetECDsaPublicKey(info.SubjectPublicKeyInfo.GetEncoded()).CreateForECDsa() :
+                       builder
+                       .SetIssuer(signingKey)
+                       .SetECDsaPublicKey(info.SubjectPublicKeyInfo.GetEncoded())
+                       .CreateForECDsa() :
                        builder.SetHashAlgorithm(X509Utils.GetRSAHashAlgorithmName(Configuration.DefaultCertificateHashSize))
                                 .SetIssuer(signingKey)
                                 .SetRSAPublicKey(info.SubjectPublicKeyInfo.GetEncoded())

Libraries/Opc.Ua.Security.Certificates/X509Certificate/CertificateBuilderBase.cs

@@ -291,7 +291,9 @@ public virtual ICertificateBuilderIssuer SetIssuer(X509Certificate2 issuerCertif
         private void SetHashAlgorithmSize(ECCurve curve)
         {
             if (curve.Oid.FriendlyName.CompareTo(ECCurve.NamedCurves.nistP384.Oid.FriendlyName) == 0 ||
-               (curve.Oid.FriendlyName.CompareTo(ECCurve.NamedCurves.brainpoolP384r1.Oid.FriendlyName) == 0))
+                curve.Oid.FriendlyName.CompareTo(ECCurve.NamedCurves.brainpoolP384r1.Oid.FriendlyName) == 0 ||
+                // special case for linux where friendly name could be ECDSA_P384 instead of nistP384
+                (curve.Oid?.Value != null && curve.Oid.Value.CompareTo(ECCurve.NamedCurves.nistP384.Oid.Value) == 0))
             {
                 SetHashAlgorithm(HashAlgorithmName.SHA384);
             }
@@ -388,7 +390,7 @@ protected virtual void NewSerialNumber()
         /// </summary>
         private protected ECCurve? m_curve;
 #endif
-#endregion
+        #endregion
 
         #region Private Fields
         private X509Certificate2 m_issuerCAKeyCert;

Libraries/Opc.Ua.Server/Configuration/ConfigurationNodeManager.cs

@@ -433,7 +433,7 @@ private ServiceResult UpdateCertificate(
                 // identify the existing certificate to be updated
                 // it should be of the same type and same subject name as the new certificate
                 CertificateIdentifier existingCertIdentifier = certificateGroup.ApplicationCertificates.FirstOrDefault(cert =>
-                    X509Utils.CompareDistinguishedName(cert.Certificate.Subject, newCert.Subject) &&
+                    X509Utils.CompareDistinguishedName(cert.SubjectName, newCert.Subject) &&
                     cert.CertificateType == certificateTypeId);
 
                 // if no cert was found search by ApplicationUri
@@ -566,6 +566,8 @@ private ServiceResult UpdateCertificate(
                             var certOnly = X509CertificateLoader.LoadCertificate(updateCertificate.CertificateWithPrivateKey.RawData);
                             updateCertificate.CertificateWithPrivateKey.Dispose();
                             updateCertificate.CertificateWithPrivateKey = certOnly;
+                            //update certificate identifier with new certificate
+                            existingCertIdentifier.Find(m_configuration.ApplicationUri).GetAwaiter().GetResult();
                         }
 
                         ICertificateStore issuerStore = certificateGroup.IssuerStore.OpenStore();
@@ -800,7 +802,7 @@ private ServiceResult GetCertificates(
             }
 
             certificateTypeIds = certificateGroup.CertificateTypes;
-            certificates = certificateGroup.ApplicationCertificates.Select(s => s.Certificate.RawData).ToArray();
+            certificates = certificateGroup.ApplicationCertificates.Select(s => s.Certificate?.RawData).ToArray();
 
             return ServiceResult.Good;
         }

Libraries/Opc.Ua.Server/NodeManager/SamplingGroup.cs

@@ -106,7 +106,7 @@ public void Startup()
             {
                 m_shutdownEvent.Reset();
 
-                Task.Factory.StartNew(() => {
+                m_samplingTask = Task.Factory.StartNew(() => {
                     SampleMonitoredItems(m_samplingInterval);
                 }, TaskCreationOptions.LongRunning | TaskCreationOptions.DenyChildAttach);
             }
@@ -121,6 +121,9 @@ public void Shutdown()
             {
                 m_shutdownEvent.Set();
                 m_items.Clear();
+                Utils.SilentDispose(m_samplingTask);
+                m_samplingTask = null;
+                Utils.SilentDispose(m_shutdownEvent);
             }
         }
 
@@ -243,7 +246,7 @@ public bool ApplyChanges()
                 m_itemsToRemove.Clear();
 
                 // start the group if it is not running.
-                if (m_items.Count > 0)
+                if (m_samplingTask == null && m_items.Count > 0)
                 {
                     Startup();
                 }
@@ -487,6 +490,7 @@ private void DoSample(object state)
         private Dictionary<uint, ISampledDataChangeMonitoredItem> m_items;
         private ManualResetEvent m_shutdownEvent;
         private List<SamplingRateGroup> m_samplingRates;
+        private Task m_samplingTask;
         #endregion
     }
 }

Libraries/Opc.Ua.Server/Server/StandardServer.cs

@@ -2394,7 +2394,7 @@ public bool RegisterWithDiscoveryServer()
                                 requestHeader.Timestamp = DateTime.UtcNow;
 
                                 // create the client.
-                                var instanceCertificate = InstanceCertificateTypesProvider.GetInstanceCertificate(null);
+                                var instanceCertificate = InstanceCertificateTypesProvider.GetInstanceCertificate(endpoint.Description?.SecurityPolicyUri ?? SecurityPolicies.None);
                                 client = RegistrationClient.Create(
                                     configuration,
                                     endpoint.Description,

Libraries/Opc.Ua.Server/Subscription/MonitoredItem.cs

@@ -1042,7 +1042,7 @@ public virtual void QueueEvent(IFilterTarget instance, bool bypassFilter)
                 // apply filter.
                 if (!bypassFilter)
                 {
-                    if (!filter.WhereClause.Evaluate(context, instance))
+                    if ( !CanSendFilteredAlarm( context, filter, instance ) )
                     {
                         return;
                     }
@@ -1079,6 +1079,78 @@ public virtual void QueueEvent(EventFieldList fields)
             }
         }
 
+        /// <summary>
+        /// Determines whether an event can be sent with SupportsFilteredRetain in consideration.
+        /// </summary>
+        /// <returns></returns>
+        protected bool CanSendFilteredAlarm(FilterContext context, EventFilter filter, IFilterTarget instance)
+        {
+            bool passedFilter = filter.WhereClause.Evaluate(context, instance);
+
+            ConditionState alarmCondition = null;
+            NodeId conditionId = null;
+            InstanceStateSnapshot instanceStateSnapshot = instance as InstanceStateSnapshot;
+            if (instanceStateSnapshot != null)
+            {
+                alarmCondition = instanceStateSnapshot.Handle as ConditionState;
+
+                if (alarmCondition != null &&
+                    alarmCondition.SupportsFilteredRetain != null &&
+                    alarmCondition.SupportsFilteredRetain.Value &&
+                    filter.SelectClauses != null)
+                {
+                    conditionId = alarmCondition.NodeId;
+                }
+            }
+
+            bool canSend = passedFilter;
+
+            // ConditionId is valid only if FilteredRetain is set for the alarm condition
+            if (conditionId != null && alarmCondition != null)
+            {
+                HashSet<string> conditionIds = GetFilteredRetainConditionIds();
+
+                string key = conditionId.ToString();
+
+                bool saved = conditionIds.Contains(key);
+
+                if ( saved )
+                {
+                    conditionIds.Remove(key);
+                }
+
+                if ( passedFilter )
+                {
+                    // Archie - December 17 2024
+                    // Requires discussion with Part 9 Editor
+                    // if (alarmCondition.Retain.Value)
+                    {
+                        conditionIds.Add(key);
+                    }
+                }
+                else
+                {
+                    if ( saved )
+                    {
+                        canSend = true;
+                    }
+                }
+            }
+
+            return canSend;
+        }
+
+        private HashSet<string> GetFilteredRetainConditionIds()
+        {
+            if (m_filteredRetainConditionIds == null)
+            {
+                m_filteredRetainConditionIds = new HashSet<string>();
+            }
+
+            return m_filteredRetainConditionIds;
+        }
+
+
         /// <summary>
         /// Whether the item has notifications that are ready to publish.
         /// </summary>
@@ -1873,6 +1945,9 @@ private void QueueOverflowHandler()
         private IAggregateCalculator m_calculator;
         private bool m_triggered;
         private bool m_resendData;
+        private HashSet<string> m_filteredRetainConditionIds = null;
+
+
         #endregion
     }
 }

Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs

@@ -577,6 +577,10 @@ public static NodeId GetCertificateType(X509Certificate2 certificate)
         /// <param name="certificateType">The NodeId of the certificate type.</param>
         public static bool ValidateCertificateType(X509Certificate2 certificate, NodeId certificateType)
         {
+            if (certificateType == null)
+            {
+                return true;
+            }
             switch (certificate.SignatureAlgorithm.Value)
             {
                 case Oids.ECDsaWithSha1:
@@ -594,18 +598,21 @@ public static bool ValidateCertificateType(X509Certificate2 certificate, NodeId
                     }
 
 
-                    // special cases
-                    if (certType == ObjectTypeIds.EccNistP384ApplicationCertificateType &&
-                        certificateType == ObjectTypeIds.EccNistP256ApplicationCertificateType)
-                    {
-                        return true;
-                    }
-
-                    if (certType == ObjectTypeIds.EccBrainpoolP384r1ApplicationCertificateType &&
-                        certificateType == ObjectTypeIds.EccBrainpoolP256r1ApplicationCertificateType)
-                    {
-                        return true;
-                    }
+                    // not needed: An end entity Certificate shall use P-256.
+                    // http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256
+                    //if (certType == ObjectTypeIds.EccNistP384ApplicationCertificateType &&
+                    //    certificateType == ObjectTypeIds.EccNistP256ApplicationCertificateType)
+                    //{
+                    //    return true;
+                    //}
+
+                    // not needed: An end entity Certificate shall use P256r1.
+                    // http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1
+                    //if (certType == ObjectTypeIds.EccBrainpoolP384r1ApplicationCertificateType &&
+                    //    certificateType == ObjectTypeIds.EccBrainpoolP256r1ApplicationCertificateType)
+                    //{
+                    //    return true;
+                    //}
 
                     break;
 

Stack/Opc.Ua.Core/Security/Certificates/CertificateValidator.cs

@@ -257,10 +257,9 @@ public virtual async Task UpdateCertificateAsync(SecurityConfiguration securityC
 
             try
             {
-
+                m_applicationCertificates.Clear();
                 foreach (var applicationCertificate in securityConfiguration.ApplicationCertificates)
                 {
-                    m_applicationCertificates.RemoveAll(cert => Utils.IsEqual(cert.RawData, applicationCertificate.RawData));
                     applicationCertificate.DisposeCertificate();
                 }
 

Stack/Opc.Ua.Core/Stack/State/ConditionState.cs

@@ -49,6 +49,29 @@ protected override void OnAfterCreate(ISystemContext context, NodeState node)
         }
         #endregion
 
+        #region Public Properties
+
+        /// <remarks />
+        public PropertyState<bool> SupportsFilteredRetain
+        {
+            get
+            {
+                return m_supportsFilteredRetain;
+            }
+
+            set
+            {
+                if (!Object.ReferenceEquals(m_supportsFilteredRetain, value))
+                {
+                    ChangeMasks |= NodeStateChangeMasks.Children;
+                }
+
+                m_supportsFilteredRetain = value;
+            }
+        }
+
+        #endregion
+
         #region Public Methods
         /// <summary>
         /// Gets or sets a value indicating whether the condition will automatically report an event when a method call completes.
@@ -762,6 +785,7 @@ protected bool IsBranch()
         /// 
         /// </summary>
         protected Dictionary<string, ConditionState> m_branches = null;
+        private PropertyState<bool> m_supportsFilteredRetain = null;
 
         #endregion
     }

Stack/Opc.Ua.Core/Stack/State/FiniteStateMachineState.cs

@@ -645,7 +645,7 @@ protected virtual void ReportAuditProgramTransitionEvent(ISystemContext context,
         /// <param name="context">The context.</param>
         /// <param name="causeId">The cause id.</param>
         /// <returns></returns>
-        public void CauseProcessingCompleted(ISystemContext context, uint causeId)
+        public virtual void CauseProcessingCompleted(ISystemContext context, uint causeId)
         {
             // get the transition.
             uint transitionId = GetTransitionForCause(context, causeId);
@@ -679,7 +679,7 @@ public void CauseProcessingCompleted(ISystemContext context, uint causeId)
         /// <summary>
         /// Causes the specified transition to occur.
         /// </summary>
-        public ServiceResult DoTransition(
+        public virtual ServiceResult DoTransition(
             ISystemContext context,
             uint transitionId,
             uint causeId,

Stack/Opc.Ua.Core/Stack/Tcp/TcpListenerChannel.cs

@@ -161,6 +161,21 @@ public void IdleCleanup()
         /// or received a keep alive.
         /// </summary>
         public int ElapsedSinceLastActiveTime => (HiResClock.TickCount - LastActiveTickCount);
+
+        /// <summary>
+        /// Has the channel been used in a session
+        /// </summary>
+        public bool UsedBySession
+        {
+            get
+            {
+                return m_usedBySession;
+            }
+            protected set
+            {
+                m_usedBySession = value;
+            }
+        }
         #endregion
 
         #region Socket Event Handlers
@@ -562,6 +577,7 @@ protected uint GetNewTokenId()
         private ReportAuditCloseSecureChannelEventHandler m_reportAuditCloseSecureChannelEvent;
         private ReportAuditCertificateEventHandler m_reportAuditCertificateEvent;
         private long m_lastTokenId;
+        private bool m_usedBySession;
         #endregion
     }