The common information model defines types that are used in both the Push and the Pull Model.
This type defines a FileType that can be used to access a Trust List.
The CertificateManager uses this type to implement the Pull Model.
Servers use this type when implementing the Push Model.
An instance of a TrustListType shall restrict access to appropriate users or applications. This may be a CertificateManager administrative user that can change the contents of a Trust List, it may be an Administrative user that is reading a Trust List to deploy to an Application host or it may be an Application that can only access the Trust List assigned to it.
The Trust List file is a UA Binary encoded stream containing an instance of TrustListDataType (see 7.5.7).
The Open Method shall not support modes other than Read (0x01) and the Write + EraseExisting (0x06).
When a Client opens the file for writing the Server will not actually update the Trust List until the CloseAndUpdate Method is called. Simply calling Close will discard the updates. The bit masks in TrustListDataType structure allow the Client to only update part of the Trust List.
When the CloseAndUpdate Method is called the Server will validate all new Certificates and CRLs. If this validation fails the Trust List is not updated and the Server returns the appropriate Certificate error code (see OPC 10000-4).
Table 13 – TrustListType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
TrustListType |
|||||
|
Namespace |
CORE (see 3.3) |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
|
Subtype of the FileType defined in OPC 10000-5. |
||||||
|
HasProperty |
Variable |
LastUpdateTime |
UtcTime |
PropertyType |
Mandatory |
|
|
HasProperty |
Variable |
UpdateFrequency |
Duration |
PropertyType |
Optional |
|
|
HasComponent |
Method |
OpenWithMasks |
Defined in 7.5.3. |
Mandatory |
||
|
HasComponent |
Method |
CloseAndUpdate |
Defined in 7.5.4. |
Optional |
||
|
HasComponent |
Method |
AddCertificate |
Defined in 7.5.5. |
Optional |
||
|
HasComponent |
Method |
RemoveCertificate |
Defined in 7.5.6. |
Optional |
||
The LastUpdateTime indicates when the Trust List was last updated via Trust List Object Methods. This can be used to determine if a device has an up to date Trust List or to detect unexpected modifications. Out of band changes are not necessarily reported by this value.
The UpdateFrequency Property specifies how often the Trust List needs to be checked for changes. When the CertificateManager specifies this value, all Clients that read a copy of the Trust List should connect to the CertificateManager and check for updates to the Trust List within 2 times the UpdateFrequency. If the Trust List Object is contained within a ServerConfiguration Object then this value specifies how frequently the Server expects the Trust List to be updated.
If auditing is supported, the CertificateManager shall generate the TrustListUpdatedAuditEventType (see 7.5.18) if the CloseAndUpdate, AddCertificate or RemoveCertificate Methods are called.
The OpenWithMasks Method allows a Client to read only the portion of the Trust List.
This Method can only be used to read the Trust List.
Signature
OpenWithMasks(
[in] UInt32 masks
[out] UInt32 fileHandle
);
|
Argument |
Description |
|
masks |
The parts of the Trust List that are include in the file to read. The masks are defined in 7.5.8. |
|
fileHandle |
The handle of the newly opened file. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
Table 14 specifies the AddressSpace representation for the OpenWithMasks Method.
Table 14 – OpenWithMasks Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
OpenWithMasks |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
HasProperty |
Variable |
InputArguments |
Argument[] |
PropertyType |
Mandatory |
|
HasProperty |
Variable |
OutputArguments |
Argument[] |
PropertyType |
Mandatory |
The CloseAndUpdate Method closes the file and applies the changes to the Trust List. It can only be called if the file was opened for writing. If the Close Method is called any cached data is discarded and the Trust List is not changed.
The Server shall verify that every Certificate in the new Trust List is valid according to the mandatory rules defined in OPC 10000-4. If an invalid Certificate is found the Server shall return an error and shall not update the Trust List. If only part of the Trust List is being updated the Server creates a temporary Trust List that includes the existing Trust List plus any updates and validates the temporary Trust List.
If the file cannot be processed this Method still closes the file and discards the data before returning an error. This Method is required if the Server supports updates to the Trust List.
The structure uploaded includes a mask (see 7.5.8) which specifies which fields are updated. If a bit is not set then the associated field is not changed.
Signature
CloseAndUpdate(
[in] UInt32 fileHandle
[out] Boolean applyChangesRequired
);
|
Argument |
Description |
|
fileHandle |
The handle of the previously opened file. |
|
applyChangesRequired |
A flag indicating whether the ApplyChanges Method (see 7.7.5) shall be called before the new Trust List will be used by the Server. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_CertificateInvalid |
The Server could not validate all Certificates in the Trust List. The DiagnosticInfo shall specify which Certificate(s) are invalid and the specific error. |
Table 15 specifies the AddressSpace representation for the CloseAndUpdate Method.
Table 15 – CloseAndUpdate Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
CloseAndUpdate |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
HasProperty |
Variable |
InputArguments |
Argument[] |
PropertyType |
Mandatory |
|
HasProperty |
Variable |
OutputArguments |
Argument[] |
PropertyType |
Mandatory |
The AddCertificate Method allows a Client to add a single Certificate to the Trust List. The Server shall verify that the Certificate is valid according to the rules defined in OPC 10000-4. If an invalid Certificate is found the Server shall return an error and shall not update the Trust List.
If the Certificate is issued by a CA then the Client shall provide the entire chain in the certificate argument (see OPC 10000-6). After validating the Certificate, the Server shall add the CA Certificates to the Issuers list in the Trust List. The leaf Certificate is added to the list specified by the isTrustedCertificate argument.
This method cannot be called if the file object is open.
AddCertificate(
[in] ByteString certificate
[in] Boolean isTrustedCertificate
);
|
Argument |
Description |
|
Certificate |
The DER encoded Certificate to add. |
|
isTrustedCertificate |
If TRUE the Certificate is added to the Trusted Certificates List. If FALSE the Certificate is added to the Issuer Certificates List. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_CertificateInvalid |
The certificate to add is invalid. |
|
Bad_InvalidState |
The object is opened. |
Table 16 specifies the AddressSpace representation for the AddCertificate Method.
Table 16 – AddCertificate Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
AddCertificate |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
HasProperty |
Variable |
InputArguments |
Argument[] |
PropertyType |
Mandatory |
The RemoveCertificate Method allows a Client to remove a single Certificate from the Trust List. It returns Bad_InvalidArgument if the thumbprint does not match a Certificate in the Trust List.
If the Certificate is a CA Certificate with associated CRLs then all CRLs are removed as well.
This method cannot be called if the file object is open.
RemoveCertificate(
[in] String thumbprint
[in] Boolean isTrustedCertificate
);
|
Argument |
Description |
|
Thumbprint |
The SHA1 hash of the Certificate to remove. |
|
isTrustedCertificate |
If TRUE the Certificate is removed from the Trusted Certificates List. If FALSE the Certificate is removed from the Issuer Certificates List. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_InvalidArgument |
The certificate to remove was not found. |
|
Bad_InvalidState |
The object is opened. |
Table 17 specifies the AddressSpace representation for the RemoveCertificate Method.
Table 17 – RemoveCertificate Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
RemoveCertificate |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
HasProperty |
Variable |
InputArguments |
Argument[] |
PropertyType |
Mandatory |
This type defines a DataType which stores the Trust List of a Server. Its values are defined in Table 18.
Table 18 – TrustListDataType Structure
|
Name |
Type |
Description |
|
TrustListDataType |
structure |
|
|
specifiedLists |
UInt32 |
A bit mask which indicates which lists contain information. The TrustListMasks enumeration in 7.5.8 defines the allowed values. |
|
trustedCertificates |
ByteString[] |
The list of Application and CA Certificates which are trusted. |
|
trustedCrls |
ByteString[] |
The CRLs for the Certificates in the trustedCertificates list. |
|
issuerCertificates |
ByteString[] |
The list of CA Certificates which are necessary to validate Certificates. |
|
issuerCrls |
ByteString[] |
The CRLs for the CA Certificates in the issuerCertificates list. |
Its representation in the AddressSpace is defined in Table 18a.
Table 18a – TrustListDataType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
TrustListDataType |
|||||
|
Namespace |
CORE (see 3.3) |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the Structure DataType defined in OPC 10000-5. |
||||||
This is a DataType that defines the values used for the SpecifiedLists field in the TrustListDataType. Its values are defined in Table 19.
Table 19 – TrustListMasks Enumeration
|
Name |
Description |
|
None_0 |
No fields are provided. |
|
TrustedCertificates_1 |
The TrustedCertificates are provided. |
|
TrustedCrls_2 |
The TrustedCrls are provided. |
|
IssuerCertificates_4 |
The IssuerCertificates are provided. |
|
IssuerCrls_8 |
The IssuerCrls are provided. |
|
All_15 |
All fields are provided. |
Its representation in the AddressSpace is defined in Table 19a.
Table 19a – TrustListMasks Definition
|
Attribute |
Value |
|||||
|
BrowseName |
TrustListMasks |
|||||
|
Namespace |
CORE (see 3.3) |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the Enumeration DataType defined in OPC 10000-5. |
||||||
|
HasProperty |
Variable |
EnumValues |
EnumValueType [] |
PropertyType |
|
|
This SystemOffNormalAlarmType is raised by the Server when the UpdateFrequency elapses and the Trust List has not been updated. This alarm automatically returns to normal when the Trust List is updated.
Table 20 – TrustListOutOfDateAlarmType definition
|
Attribute |
Value |
||||
|
BrowseName |
TrustListOutOfDateAlarmType |
||||
|
Namespace |
CORE (see 3.3) |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
Subtype of the SystemOffNormalAlarmType defined in OPC 10000-9. |
|||||
|
HasProperty |
Variable |
TrustListId |
NodeId |
PropertyType |
Mandatory |
|
HasProperty |
Variable |
LastUpdateTime |
UtcTime |
PropertyType |
Mandatory |
|
HasProperty |
Variable |
UpdateFrequency |
Duration |
PropertyType |
Mandatory |
TrustListId Property specifies the NodeId of the out of date Trust List Object.
LastUpdateTime Property specifies when the Trust List was last updated.
UpdateFrequency Property specifies how frequently the Trust List needs to be updated.
This type is used for Objects which represent Certificate Groups in the AddressSpace. A Certificate Group is a context that contains a Trust List and one or more Certificates that can be assigned to an Application. This type exists to allow an Application which has multiple Trust Lists and/or Application Certificates to express them in its AddressSpace. This type is defined in Table 21.
Table 21 – CertificateGroupType Definition
|
Attribute |
Value |
||||
|
BrowseName |
CertificateGroupType |
||||
|
Namespace |
CORE (see 3.3) |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
|
|||||
|
HasComponent |
Object |
TrustList |
- |
TrustListType |
Mandatory |
|
HasProperty |
Variable |
CertificateTypes |
NodeId[] |
PropertyType |
Mandatory |
|
HasComponent |
Object |
CertificateExpired |
|
CertificateExpirationAlarmType |
Optional |
|
HasComponent |
Object |
TrustListOutOfDate |
|
TrustListOutOfDateAlarmType |
Optional |
|
HasComponent |
Method |
GetRejectedList |
|
See 7.5.10.1. |
Optional |
The TrustList Object is the Trust List associated with the Certificate Group.
The CertificateTypes Property specifies the NodeIds of the CertificateTypes which may be assigned to Applications which belong to the Certificate Group. For example, a Certificate Group with the NodeId of RsaMinApplicationCertificateType (see 7.5.15) and the NodeId RsaSha256ApplicationCertificate (see 7.5.16) specified allows an Application to have one Application Instance Certificates for each type. Abstract base types may be used in this value and indicate that any subtype is allowed. If this list is empty then the Certificate Group does not allow Certificates to be assigned to Applications (i.e. the Certificate Group exists to allow the associated Trust List to be read or updated). All CertificateTypes for a given Certificate Group shall be subtypes of a single common type which shall be either ApplicationCertificateType or HttpsCertificateType.
The CertificateExpired Object is an Alarm which is raised when the Certificate associated with the CertificateGroup is about to expire. The CertificateExpirationAlarmType is defined in OPC 10000-9.
The TrustListOutOfDate Object is an Alarm which is raised when the Trust List has not been updated within the period specified by the UpdateFrequency (see 7.5.2). The TrustListOutOfDateAlarmType is defined in 7.5.9.
The GetRejectedList Method returns the list of Certificates that have been rejected by the Server when using the TrustList associated with the CertificateGroup. It can be used to track activity or allow administrators to move a rejected Certificate into the TrustList.
No rules are defined for how the Server updates this list or how long a Certificate is kept in the list. It is recommended that every valid but untrusted Certificate be added to the rejected list as long as storage is available. Servers should omit older entries from the list returned if the maximum message size is not large enough to allow the entire list to be returned.
This Method requires an encrypted channel and that the Client provides credentials with administrative rights on the Server.
Signature
GetRejectedList(
[out] ByteString[] certificates
);
|
Argument |
Description |
|
certificates |
The DER encoded form of the Certificates rejected by the Server. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_SecurityModeInsufficient |
The SecureChannel is not encrypted. |
Table 21a specifies the AddressSpace representation for the GetRejectedList Method.
Table 21a – GetRejectedList Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
GetRejectedList |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
HasProperty |
Variable |
OutputArguments |
Argument[] |
PropertyType |
Mandatory |
This type is an abstract base type for types that describe the purpose of a Certificate. This type is defined in Table 22.
Table 22 – CertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
CertificateType |
||||
|
Namespace |
CORE (see 3.3) |
||||
|
IsAbstract |
True |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the BaseObjectType defined in OPC 10000-5. |
|||||
|
HasSubtype |
ObjectType |
ApplicationCertificateType |
Defined in 7.5.12. |
||
|
HasSubtype |
ObjectType |
HttpsCertificateType |
Defined in 7.5.13. |
||
|
HasSubtype |
ObjectType |
UserCredentialCertificateType |
Defined in 7.5.14. |
||
This type is an abstract base type for types that describe the purpose of an ApplicationInstanceCertificate. This type is defined in Table 23.
Table 23 – ApplicationCertificateType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
ApplicationCertificateType |
|||||
|
Namespace |
CORE (see 3.3) |
|||||
|
IsAbstract |
True |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
|
Subtype of the CertificateType defined in 7.5.11. |
||||||
|
HasSubtype |
ObjectType |
RsaMinApplicationCertificateType |
Defined in 7.5.15. |
|||
|
HasSubtype |
ObjectType |
RsaSha256ApplicationCertificateType |
Defined in 7.5.16. |
|||
This type is used to describe Certificates that are intended for use as HTTPS Certificates. This type is defined in Table 24.
Table 24 – HttpsCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
HttpsCertificateType |
||||
|
Namespace |
CORE (see 3.3) |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the CertificateType defined in 7.5.11. |
|||||
This type is used to describe Certificates that are intended for use as user credentials. This type is defined in Table 25.
Table 25 – UserCredentialCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
UserCredentialCertificateType |
||||
|
Namespace |
CORE (see 3.3) |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the CertificateType defined in 7.5.11. |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an RSA key size of 1024 or 2048 bits. All Applications which support the Basic128Rsa15 and Basic256 profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 26.
Table 26 – RsaMinApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
RsaMinApplicationCertificateType |
||||
|
Namespace |
CORE (see 3.3) |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the ApplicationCertificateType defined in 7.5.12 |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an RSA key size of 2048, 3072 or 4096 bits. All Applications which support the Basic256Sha256 profile (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 27.
Table 27 – RsaSha256ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
RsaSha256ApplicationCertificateType |
||||
|
Namespace |
CORE (see 3.3) |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the ApplicationCertificateType defined in 7.5.12 |
|||||
This type is used for Folders which organize Certificate Groups in the AddressSpace. This type is defined in Table 21.
Table 28 – CertificateGroupFolderType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
CertificateGroupFolderType |
|||||
|
Namespace |
CORE (see 3.3) |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
|
Subtype of the FolderType defined in OPC 10000-5. |
||||||
|
|
||||||
|
HasComponent |
Object |
DefaultApplicationGroup |
|
CertificateGroupType |
Mandatory |
|
|
HasComponent |
Object |
DefaultHttpsGroup |
|
CertificateGroupType |
Optional |
|
|
HasComponent |
Object |
DefaultUserTokenGroup |
|
CertificateGroupType |
Optional |
|
|
Organizes |
Object |
<AdditionalGroup> |
|
CertificateGroupType |
OptionalPlaceholder |
|
The DefaultApplicationGroup Object represents the default Certificate Group for Applications. It is used to access the default Application Trust List and to define the CertificateTypes allowed for the ApplicationInstanceCertificate. This Object shall specify the ApplicationCertificateType NodeId (see 7.5.12) as a single entry in the CertificateTypes list or it shall specify one or more subtypes of ApplicationCertificateType.
The DefaultHttpsGroup Object represents the default Certificate Group for HTTPS communication. It is used to access the default HTTPS Trust List and to define the CertificateTypes allowed for the HTTPS Certificate. This Object shall specify the HttpsCertificateType NodeId (see 7.5.13) as a single entry in the CertificateTypes list or it shall specify one or more subtypes of HttpsCertificateType.
This DefaultUserTokenGroup Object represents the default Certificate Group for validating user credentials. It is used to access the default user credential Trust List and to define the CertificateTypes allowed for user credentials Certificate. This Object shall leave CertificateTypes list empty.
This event is raised when a Trust List is changed.
This is the result of a CloseAndUpdate Method on a TrustListType Object being called.
It shall also be raised when the AddCertificate or RemoveCertificate Method causes an update to the Trust List.
Its representation in the AddressSpace is formally defined in Table 29.
Table 29 – TrustListUpdatedAuditEventType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
TrustListUpdatedAuditEventType |
|||||
|
Namespace |
CORE (see 3.3) |
|||||
|
IsAbstract |
True |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
|
Subtype of the AuditUpdateMethodEventType defined in OPC 10000-5. |
||||||
This EventType inherits all Properties of the AuditUpdateMethodEventType. Their semantic is defined in OPC 10000-5.