The common information model defines types that are used in both the Push and the Pull Model.
This type defines a FileType that can be used to access a TrustList.
The CertificateManager uses this type to implement the Pull Model.
Servers use this type when implementing the Push Model.
An instance of a TrustListType shall restrict access to appropriate users or applications. This may be a CertificateManager administrative user that can change the contents of a TrustList, it may be an administrative user that is reading a TrustList to deploy to an Application host or it may be an Application that can only access the TrustList assigned to it.
The TrustList file is a UA Binary encoded stream containing an instance of TrustListDataType (see 7.8.2.8).
The Size Property inherited from FileType has no meaning for TrustList and returns the error code defined in OPC 10000-20.
When a Client opens the file for writing the Server will not actually update the TrustList until the CloseAndUpdate Method is called. Simply calling Close will discard the updates. The bit masks in TrustListDataType structure allow the Client to only update part of the TrustList.
Its representation in the AddressSpace is formally defined in Table 27.
Table 27 – TrustListType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:TrustListType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:FileType defined in OPC 10000-20. |
|||||
|
0:HasProperty |
Variable |
0:LastUpdateTime |
0:UtcTime |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:UpdateFrequency |
0:Duration |
0:PropertyType |
Optional |
|
0:HasProperty |
Variable |
0:ActivityTimeout |
0:Duration |
0:PropertyType |
Optional |
|
0:HasProperty |
Variable |
0:DefaultValidationOptions |
TrustListValidationOptions |
0:PropertyType |
Optional |
|
0:HasComponent |
Method |
0:OpenWithMasks |
Defined in 7.8.2.2. |
Mandatory |
|
|
0:HasComponent |
Method |
0:CloseAndUpdate |
Defined in 7.8.2.5. |
Mandatory |
|
|
0:HasComponent |
Method |
0:AddCertificate |
Defined in 7.8.2.6. |
Mandatory |
|
|
0:HasComponent |
Method |
0:RemoveCertificate |
Defined in 7.8.2.7. |
Mandatory |
|
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
The LastUpdateTime indicates when the TrustList was last updated. The LastUpdateTime shall reflect changes made using the TrustList Object Methods. A TrustList Object in a CertificateManager shall also reflect changes made in other ways.
The LastUpdateTime of a TrustList Object in a CertificateManager allows Clients using the PullManagement to know whether the TrustList has changed since the last time they accessed it. The LastUpdateTime of a TrustList Object in the ServerConfiguration allows administration Clients to verify the date of TrustLists. If a Server is not able to determine the LastUpdateTime after an event such as a restart, then the LastUpdateTime shall be DateTime.MinValue.
The UpdateFrequency Property specifies how often the TrustList shall be checked for changes. When the CertificateManager specifies this value, all Clients that read a copy of the TrustList should connect to the CertificateManager and check for updates to the TrustList within 2 times the UpdateFrequency. The choice of UpdateFrequency depends on how quickly system changes are required to be detected and the performance constraints of the system. UpdateFrequencies that are too long create security risks because of out of date CRLs. UpdateFrequencies that are too short negatively impact system performance. If the TrustList Object is contained within a ServerConfiguration Object then this Property is not present.
The ActivityTimeout Property specifies the maximum elapsed time between the calls to Methods on the TrustList Object after Open or OpenWithMasks is called. If this time elapses the TrustList is automatically closed by the Server and any changes are discarded. The default value is 60 000 milliseconds (1 minute).
The DefaultValidationOptions Property specifies the default options to use when validating Certificates with the TrustList. The TrustListValidationOptions DataType is defined in 7.8.2.10. This Property may be updated by Clients with access to the SecurityAdmin Role.
If auditing is supported, the CertificateManager shall generate the TrustListUpdated AuditEventType (see 7.8.2.13) when the TrustList is updated via the CloseAndUpdate (see 7.8.2.5), AddCertificate (see 7.8.2.6), RemoveCertificate (see 7.8.2.7) or ApplyChanges (see 7.10.9) Methods. The Event is only raised once after the asynchronous update process completes.
The Open Method is inherited from FileType which is defined in OPC 10000-5.
The Open Method shall not support modes other than Read (0x01) and the Write + EraseExisting (0x06). If other modes are requested the return code is Bad_NotSupported.
If a transaction is in progress (see 7.10.9) on another Session then the Server shall return Bad_TransactionPending if Open is called with the Write Mode bit set. If the Server supports transactions, then the Server creates a new transaction or continues an existing transaction if Open is called with the Write Mode bit set.
If the SecureChannel is not authenticated the Server shall return Bad_SecurityModeInsufficient.
Method Result Codes
|
Result Code |
Description |
|
Bad_NotSupported |
The mode is not supported. |
|
Bad_TransactionPending |
The TrustList cannot be opened because it is part of a transaction is in progress. |
|
Bad_SecurityModeInsufficient |
The SecureChannel is not authenticated. |
The OpenWithMasks Method allows a Client to read only a portion of the TrustList.
This Method can only be used to read the TrustList.
After calling this Method, the Client calls Read one or more times to get the TrustList. If the Server is able to detect out of band changes to theTrustList before the Client calls the Close Method, then the next Read returns Bad_InvalidState. If the Server cannot detect out of band changes it shall ensure the Client receives a consistent snapshot.
For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the CertificateAuthorityAdmin Role, the ApplicationSelfAdmin Privilege, or the ApplicationAdmin Privilege (see 7.2).
For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).
Signature
OpenWithMasks(
[in] UInt32 masks
[out] UInt32 fileHandle
);
|
Argument |
Description |
|
masks |
The parts of the TrustList that are include in the file to read. The masks are defined in 7.8.2.9. |
|
fileHandle |
The handle of the newly opened file. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_TransactionPending |
The TrustList cannot be opened because it is part of a transaction that is in progress. |
|
Bad_SecurityModeInsufficient |
The SecureChannel is not authenticated. |
Table 28 specifies the AddressSpace representation for the OpenWithMasks Method.
Table 28 – OpenWithMasks Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:OpenWithMasks |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:OutputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
The Read Method is inherited from FileType which is defined in OPC 10000-5.
If the Server is able to detect out of band changes to the TrustList before the Client calls the Close Method, then this Method returns Bad_InvalidState.
Additional Method Result Codes
|
Result Code |
Description |
|
Bad_InvalidState |
The state of the TrustList has changed. |
The CloseAndUpdate Method closes the TrustList and applies the changes to the TrustList. It can only be called if the TrustList was opened for writing. If the Close Method is called any cached data is discarded and the TrustList is not changed.
If only part of the TrustList is being updated the Server creates a new TrustList that includes the existing TrustList plus any updates and validates the new TrustList.
The Server shall verify that every Certificate in the new TrustList is valid using the validation process defined in OPC 10000-4. If an invalid Certificate is found the Server shall return an error and shall not replace the existing TrustList.
If the Server does not support transactions, it applies the changes immediately and sets applyChangesRequired to FALSE. If the Server supports transactions, then the Server creates a new transaction or continues an existing transaction and sets applyChangesRequired to TRUE.
If a transaction exists on the current Session, the Server does not update the TrustList until ApplyChanges (see 7.10.9) is called. Any Clients that read the TrustList before ApplyChanges is called will receive the existing TrustList before the transaction started.
If any errors occur, the new TrustList shall be discarded.
When the TrustList changes the Server shall re-evaluate the Certificate associated with any open Sessions and SecureChannels. Sessions or SecureChannels with an untrusted or revoked Certificate shall be closed. This process may not complete before the Method returns and could take a significant amount of time on systems with limited resources.
The structure uploaded includes a mask (see 7.8.2.9) which specifies which fields are updated. If a bit is not set then the associated field is not changed.
For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the CertificateAuthorityAdmin Role, the ApplicationSelfAdmin Privilege, or the ApplicationAdmin Privilege (see 7.2).
For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).
Signature
CloseAndUpdate(
[in] UInt32 fileHandle
[out] Boolean applyChangesRequired
);
|
Argument |
Description |
|
fileHandle |
The handle of the previously opened file. |
|
applyChangesRequired |
If TRUE the ApplyChanges Method (see 7.10.9) shall be called before the new TrustList will be used by the Server. If FALSE the TrustList is now in use. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_CertificateInvalid |
The Server could not validate one or more Certificates in the TrustList. This may be returned after the first failed validation check. |
|
Bad_RequestTooLarge |
The changes would result in a TrustList that exceeds the MaxTrustListSize for the Server. |
|
Bad_TransactionPending |
Table 29 specifies the AddressSpace representation for the CloseAndUpdate Method.
Table 29 – CloseAndUpdate Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:CloseAndUpdate |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:OutputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
The AddCertificate Method allows a Client to add a single Certificate to the TrustList. The Server shall verify that the Certificate using the validation process defined in OPC 10000-4. If an invalid Certificate is found the Server shall return an error and shall not update the TrustList.
This Method will return a validation error if the Certificate is issued by a CA and the Certificate for the issuer is not in the TrustList.
This Method cannot provide CRLs so issuer Certificates cannot be added with this Method. Instead, CA Certificates and their CRLs shall be managed with the Write Method on the containing TrustList Object.
This Method cannot be called if the containing TrustList Object is open.
This Method returns Bad_TransactionPending if a transaction is in progress (see 7.10.9).
This Method returns Bad_NotWritable if the TrustList Object is read only.
For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the CertificateAuthorityAdmin Role (see 7.2).
For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).
Signature
AddCertificate(
[in] ByteString certificate
[in] Boolean isTrustedCertificate
);
|
Argument |
Description |
|
certificate |
The DER encoded Certificate to add. |
|
isTrustedCertificate |
If TRUE the Certificate is added to the trustedCertificates list. If FALSE Bad_CertificateInvalid is returned. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_CertificateInvalid |
The certificate to add is invalid. |
|
Bad_InvalidState |
The Open Method was called with write access and the CloseAndUpdate Method has not been called. |
|
Bad_RequestTooLarge |
The changes would result in a TrustList that exceeds the MaxTrustListSize for the Server. |
|
Bad_TransactionPending |
Transaction has started and ApplyChanges or CancelChanges has not been called. |
|
Bad_SecurityModeInsufficient |
The SecureChannel is not authenticated. |
|
Bad_NotWritable |
The TrustList Object is open for read only |
Table 30 specifies the AddressSpace representation for the AddCertificate Method.
Table 30 – AddCertificate Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:AddCertificate |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
The RemoveCertificate Method allows a Client to remove a single Certificate from the TrustList. It returns Bad_InvalidArgument if the thumbprint does not match a Certificate in the TrustList.
If the Certificate is a CA Certificate that has CRLs then all CRLs for that CA are removed as well.
This Method returns Bad_CertificateChainIncomplete if the Certificate is a CA Certificate needed to validate another Certificate in the TrustList.
This Method returns Bad_TransactionPending if a transaction is in progress (see 7.10.9).
This Method returns Bad_NotWritable if the TrustList Object is read only. For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Session that has access to the CertificateAuthorityAdmin Role (see 7.2).
For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Session that has access to the SecurityAdmin Role (see 7.2).
Signature
RemoveCertificate(
[in] String thumbprint
[in] Boolean isTrustedCertificate
);
|
Argument |
Description |
|
Thumbprint |
The CertificateDigest of the Certificate to remove. |
|
isTrustedCertificate |
If TRUE the Certificate is removed from the Trusted Certificates List. If FALSE the Certificate is removed from the Issuer Certificates List. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_InvalidArgument |
The certificate to remove was not found. |
|
Bad_InvalidState |
The Open Method was called with write access and the CloseAndUpdate Method has not been called. |
|
Bad_CertificateChainIncomplete |
The Certificate is needed to validate another Certificate in the TrustList. |
|
Bad_TransactionPending |
Transaction has started and ApplyChanges or CancelChanges has not been called. |
|
Bad_SecurityModeInsufficient |
The SecureChannel is not authenticated. |
|
Bad_NotWritable |
The TrustList Object is open for read only. |
Table 31 specifies the AddressSpace representation for the RemoveCertificate Method.
Table 31 – RemoveCertificate Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:RemoveCertificate |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
This type defines a DataType which stores the TrustList of a Server. Its values are defined in Table 32.
Table 32 – TrustListDataType Structure
|
Name |
Type |
Description |
|
TrustListDataType |
Structure |
Subtype of the Structure DataType defined in OPC 10000-5 |
|
specifiedLists |
UInt32 |
A bit mask which indicates which lists contain information. The TrustListMasks enumeration in 7.8.2.9 defines the allowed values. |
|
trustedCertificates |
ByteString[] |
The list of Application and CA Certificates which are trusted. |
|
trustedCrls |
ByteString[] |
The CRLs for the Certificates in the trustedCertificates list. |
|
issuerCertificates |
ByteString[] |
The list of CA Certificates which are necessary to validate Certificates. |
|
issuerCrls |
ByteString[] |
The CRLs for the CA Certificates in the issuerCertificates list. |
Its representation in the AddressSpace is defined in Table 33.
Table 33 – TrustListDataType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:TrustListDataType |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the 0:Structure DataType defined in OPC 10000-5. |
||||||
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This is a DataType that defines the values used for the SpecifiedLists field in the TrustListDataType. Its values are defined in Table 34.
Table 34 – TrustListMasks Enumeration
|
Name |
Value |
Description |
|
None |
0 |
No fields are provided. |
|
TrustedCertificates |
1 |
The TrustedCertificates are provided. |
|
TrustedCrls |
2 |
The TrustedCrls are provided. |
|
IssuerCertificates |
4 |
The IssuerCertificates are provided. |
|
IssuerCrls |
8 |
The IssuerCrls are provided. |
|
All |
15 |
All fields are provided. |
Its representation in the AddressSpace is defined in Table 35.
Table 35 – TrustListMasks Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:TrustListMasks |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the Enumeration DataType defined in OPC 10000-5. |
||||||
|
0:HasProperty |
Variable |
0:EnumValues |
0:EnumValueType [] |
0:PropertyType |
|
|
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This DataType defines flags for TrustListValidationOptions is formally defined in Table 36.
Table 36 – TrustListValidationOptions Values
|
Value |
Bit No. |
Description |
|
SuppressCertificateExpired |
0 |
Ignore errors related to the validity time of the Certificate. |
|
SuppressHostNameInvalid |
1 |
Ignore mismatches between the host name or ApplicationUri. |
|
SuppressRevocationStatusUnknown |
2 |
Ignore errors if the revocation list cannot be found for the issuer of the Certificate. |
|
SuppressIssuerCertificateExpired |
3 |
Ignore errors if an issuer has an expired Certificate. |
|
SuppressIssuerRevocationStatusUnknown |
4 |
Ignore errors if the revocation list cannot be found for any issuer of issuer Certificates. |
|
CheckRevocationStatusOnline |
5 |
Check the revocation status online. |
|
CheckRevocationStatusOffline |
6 |
Check the revocation status offline. |
If CheckRevocationStatusOnline is set, the Certificate validation process defined in OPC 10000-4 will look for the authorityInformationAccess extension to find an OCSP (RFC 6960) endpoint which can be used to determine if the Certificate has been revoked.
If the OCSP endpoint is not reachable then the Certificate validation process looks for offline CRLs if the CheckRevocationStatusOffline bit is set. Otherwise, validation fails.
The revocation status flags only have meaning for issuer Certificates and are used when validating Certificates issued by that issuer.
The default value for this DataType only has the CheckRevocationStatusOffline bit set.
The TrustListValidationOptions representation in the AddressSpace is defined in Table 37.
Table 37 – TrustListValidationOptions Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:TrustListValidationOptions |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the 0:UInt32 DataType defined in OPC 10000-5 |
||||||
|
0:HasProperty |
Variable |
0:OptionSetValues |
0:LocalizedText [] |
0:PropertyType |
|
|
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This SystemOffNormalAlarmType is raised by the Server when the UpdateFrequency elapses and the TrustList has not been updated. This alarm automatically returns to normal when the TrustList is updated.
Its representation in the AddressSpace is defined in Table 38.
Table 38 – TrustListOutOfDateAlarmType definition
|
Attribute |
Value |
||||
|
BrowseName |
0:TrustListOutOfDateAlarmType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
Subtype of the SystemOffNormalAlarmType defined in OPC 10000-9. |
|||||
|
0:HasProperty |
Variable |
0:TrustListId |
0:NodeId |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:LastUpdateTime |
0:UtcTime |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:UpdateFrequency |
0:Duration |
0:PropertyType |
Mandatory |
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
TrustListId Property specifies the NodeId of the out-of-date TrustList Object.
LastUpdateTime Property specifies when the TrustList was last updated.
UpdateFrequency Property specifies how frequently the TrustList is updated.
This event is raised when a Method that changes the TrustList is called
It is raised when CloseAndUpdate, AddCertificate or RemoveCertificate Method on a TrustListType Object is called.
Its representation in the AddressSpace is formally defined in Table 39.
Table 39 – TrustListUpdateRequestedAuditEventType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:TrustListUpdateRequestedAuditEventType |
|||||
|
IsAbstract |
True |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
|
Subtype of the 0:AuditUpdateMethodEventType defined in OPC 10000-5. |
||||||
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This EventType inherits all Properties of the AuditUpdateMethodEventType. Their semantic is defined in OPC 10000-5.
This event is raised when a TrustList is successfully changed.
This is the result of a CloseAndUpdate Method on a TrustListType Object or the result of a ApplyChanges Method on the ServerConfigurationType Object being called.
It shall also be raised when the AddCertificate or RemoveCertificate Method causes an update to the TrustList.
Its representation in the AddressSpace is formally defined inTable 40.
Table 40 – TrustListUpdatedAuditEventType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:TrustListUpdatedAuditEventType |
|||||
|
IsAbstract |
True |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
|
Subtype of the 0:AuditUpdateMethodEventType defined in OPC 10000-5. |
||||||
|
0:HasProperty |
Variable |
0:TrustListId |
0:NodeId |
0:PropertyType |
Mandatory |
|
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This EventType inherits all Properties of the AuditUpdateMethodEventType. Their semantic is defined in OPC 10000-5.
The TrustListId Property is the NodeId of the TrustList Object that was changed.
This ObjectType is used for Objects which represent CertificateGroups in the AddressSpace. A CertificateGroup is a context that contains a TrustList and one or more CertificateTypes that can be assigned to an application. This ObjectType allows an application which has multiple TrustLists and/or ApplicationInstance Certificates to express them in its AddressSpace.
A CertificateManager can have many CertificateGroups which manage CertificateTypes and TrustLists for the applications in the system.
A Server has one or more CertificateGroups which specify the CertificateTypes and TrustLists managed by the Server. Typically, there is a mapping between a CertificateGroup in a Server and a CertificateGroup in the CertificateManager. The mechanisms for creating that mapping are outside the scope of this specification.
This type is defined in Table 41.
Table 41 – CertificateGroupType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:CertificateGroupType |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
|
Subtype of the BaseObjectType defined in OPC 10000-5. |
||||||
|
|
||||||
|
0:HasComponent |
Object |
0:TrustList |
|
0:TrustListType |
Mandatory |
|
|
0:HasProperty |
Variable |
0:CertificateTypes |
0:NodeId[] |
0:PropertyType |
Mandatory |
|
|
0:HasProperty |
Variable |
0:Purpose |
0:NodeId |
0:PropertyType |
Optional |
|
|
0:HasComponent |
Object |
0:CertificateExpired |
|
0:CertificateExpirationAlarmType |
Optional |
|
|
0:HasCondition |
ObjectType |
0:CertificateExpirationAlarmType |
|
|
|
|
|
0:HasComponent |
Object |
0:TrustListOutOfDate |
|
0:TrustListOutOfDateAlarmType |
Optional |
|
|
0:HasComponent |
Method |
0:GetRejectedList |
Defined in 7.8.3.2. |
Optional |
||
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
The TrustList Object is the TrustList associated with the CertificateGroup.
The CertificateTypes Property specifies the NodeIds of the CertificateTypes which may be assigned to applications which belong to the CertificateGroup. For example, a CertificateGroup with the NodeId of RsaMinApplicationCertificateType (see 7.8.4.8) and the NodeId RsaSha256ApplicationCertificate (see 7.8.4.9) specified allows an OPC UA Application to have one ApplicationInstance Certificates for each type. If this list is empty then the CertificateGroup does not allow Certificates to be assigned to Applications (i.e. a UserToken CertificateGroup only exists to allow the associated TrustList to be read or updated). All CertificateTypes for a given CertificateGroup shall be subtypes of a single common type (see Purpose in 7.8.3.4).
The Purpose Property specifies the allowed CertificateTypes. It shall be a direct subtype of CertificateType. See 7.8.3.4 for more details.
The CertificateExpired Object is an Alarm which is raised when a Certificate associated with the CertificateGroup is about to expire. If multiple Certificates are about to expire an Alarm for each Certificate is raised. The CertificateExpirationAlarmType is defined in OPC 10000-9.
The TrustListOutOfDate Object is an Alarm which is raised when the TrustList has not been updated within the period specified by the UpdateFrequency (see 7.8.2.1). The TrustListOutOfDateAlarmType is defined in 7.8.2.11.
The GetRejectedList Method returns the list of Certificates that have been rejected by the Server when using the TrustList associated with the CertificateGroup. It can be used to track activity or allow administrators to move a rejected Certificate into the TrustList. This Method shall only be present on CertificateGroups which are part of the ServerConfiguration Object defined in 7.10.4.
GetRejectedList Method returns the list of Certificates that have been rejected by the Server.
No rules are defined for how the Server updates this list or how long a Certificate is kept in the list. It is recommended that every valid but untrusted Certificate be added to the rejected list as long as storage is available. Servers can delete entries from the list returned if the maximum message size is not large enough to allow the entire list to be returned.
Servers only add Certificates to this list that have no unsuppressed validation errors but are not trusted.
For PullManagement, this Method is not present on the CertificateGroup.
For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).
Signature
GetRejectedList(
[out] ByteString[] certificates
);
|
Argument |
Description |
|
certificates |
The DER encoded form of the Certificates rejected by the Server. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_SecurityModeInsufficient |
The SecureChannel is not authenticated. |
Table 42 specifies the AddressSpace representation for the GetRejectedList Method.
Table 42 – GetRejectedList Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:GetRejectedList |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
0:HasProperty |
Variable |
0:OutputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
This type is used for Folders which organize CertificateGroups in the AddressSpace. This type is defined in Table 43.
Table 43 – CertificateGroupFolderType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:CertificateGroupFolderType |
||||
|
IsAbstract |
False |
||||
|
References |
Node Class |
BrowseName |
Data Type |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:FolderType defined in OPC 10000-5. |
|||||
|
|
|||||
|
0:HasComponent |
Object |
0:DefaultApplicationGroup |
|
0:CertificateGroupType |
Mandatory |
|
0:HasComponent |
Object |
0:DefaultHttpsGroup |
|
0:CertificateGroupType |
Optional |
|
0:HasComponent |
Object |
0:DefaultUserTokenGroup |
|
0:CertificateGroupType |
Optional |
|
0:Organizes |
Object |
0:<AdditionalGroup> |
|
0:CertificateGroupType |
OptionalPlaceholder |
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
The DefaultApplicationGroup Object represents the default CertificateGroup for Applications. It is used to access the default Application TrustList and to define the CertificateTypes allowed for the Certificates used by the application when communicating with peers:
- For OPC UA Applications and CertificateManagers these CertificateTypes specify what is allowed for ApplicationInstance Certificates. They shall specify one or more subtypes of ApplicationCertificateType (see 7.8.4.2).
- For NonUaApplications, these CertificateTypes specify what is allowed for the NonUaApplications Certificates. They shall specify one or more subtypes of CertificateType (see 7.8.4.1 and Table 99).
The DefaultHttpsGroup Object represents the default CertificateGroup for HTTPS communication. It is used to access the default HTTPS TrustList and to define the CertificateTypes allowed for the HTTPS Certificate. This Object shall specify the HttpsCertificateType NodeId (see 7.8.4.3) as a single entry in the CertificateTypes list or it shall specify one or more subtypes of HttpsCertificateType.
This DefaultUserTokenGroup Object represents the default CertificateGroup for validating user credentials. It is used to access the default user credential TrustList and to define the CertificateTypes allowed for user credentials Certificate. This Object shall leave CertificateTypes list empty.
Any additional CertificateGroups shall have a BrowseName where the Name is unique within the CertificateGroupFolder.
This type is used to serialize a single CertificateGroup configuration. It is defined in Table 44.
This type is used as part of the ApplicationConfigurationDataType defined in 7.10.19 which allows multiple of CertificateGroups in a Server to be updated at once.
The Name of the record is the name portion of the BrowseName of the associated CertificateGroup Object in the AddressSpace.
It may not be possible to delete CertificateGroups such as DefaultApplicationGroup.
Note that when a new CertificateGroup is added, Clients need to browse the CertificateGroups folder to discover the NodeId assigned by the Server that is needed for Certificate management Methods.
Each element in the CertificateTypes list shall be unique and not abstract. The set of permitted CertificateTypes is defined by the ApplicationConfigurationFileType Object (see 7.10.20).
When the CertificateTypes list is updated, if an element already exists it is not changed, if an element does not exist a new CertificateType is added. If existing CertificateTypes are not in the list they are deleted if no Certificate is assigned. The update is rejected if a Certificate is assigned to a deleted CertificateType. The DeleteCertificate Method is used to remove Certificates.
The Purpose imposes restrictions on the allowed CertificateTypes. The update to the CertificateGroup is rejected if the Purpose is changed and the CertificateTypes are not consistent.
The set of permitted Purposes is defined by the ApplicationConfigurationFileType Object (see 7.10.20).
This type is defined in Table 44.
Table 44 – CertificateGroupDataType Structure
|
Name |
Type |
Description |
|
CertificateGroupDataType |
Structure |
Subtype of BaseConfigurationRecordDataType. |
|
Purpose |
0:NodeId |
This value specifies the purpose of the CertificateGroup. It shall be a direct subtype of CertificateType. All CertificateTypes shall be the CertificateType or a subtype of the CertificateType indicated by the Purpose. For example, if the Purpose is ApplicationCertificate Type then the CertificateGroup is used to specify Certificates used as ApplicationInstance Certificate. A NULL value is not valid. |
|
CertificateTypes |
0:NodeId[] |
The list of CertificateTypes supported by the CertificateGroup. At least one element shall be provided. |
|
IsCertificateAssigned |
0:Boolean[] |
A list of flags indicating whether the CertificateType has a Certificate assigned. The length of this list shall be the same as the CertificateTypes list. This value is ignored during an update. |
|
ValidationOptions |
TrustListValidationOptions |
The validation options that are used when validating Certificates associated with the TrustList. |
Its representation in the AddressSpace is defined in Table 45.
Table 45 – CertificateGroupDataType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:CertificateGroupDataType |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the 0:BaseConfigurationRecordDataType defined in 7.8.5.5. |
||||||
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This type is an abstract base type for types that describe the purpose of a Certificate. This type is defined in Table 46.
Table 46 – CertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:CertificateType |
||||
|
IsAbstract |
True |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:BaseObjectType defined in OPC 10000-5. |
|||||
|
0:HasSubtype |
ObjectType |
0:ApplicationCertificateType |
Defined in 7.8.4.2. |
||
|
0:HasSubtype |
ObjectType |
0:HttpsCertificateType |
Defined in 7.8.4.3. |
||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is an abstract base type for types that describe the purpose of an ApplicationInstanceCertificate. This type is defined in Table 47.
Table 47 – ApplicationCertificateType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:ApplicationCertificateType |
|||||
|
IsAbstract |
True |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
|
Subtype of the CertificateType defined in 7.8.4. |
||||||
|
0:HasSubtype |
ObjectType |
0:RsaMinApplicationCertificateType |
Defined in 7.8.4.8. |
|||
|
0:HasSubtype |
ObjectType |
0:RsaSha256ApplicationCertificateType |
Defined in 7.8.4.9. |
|||
|
0:HasSubtype |
ObjectType |
0:EccApplicationCertificateType |
Defined in 7.8.4.10. |
|||
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This type is used to describe Certificates that are intended for use as HTTPS Certificates. This type is defined in Table 48.
Table 48 – HttpsCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:HttpsCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:CertificateType defined in 7.8.4. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates that are intended to identify users. This type is defined in Table 48.
Table 49 – UserCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:UserCertificateType |
||||
|
IsAbstract |
True |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:CertificateType defined in 7.8.4. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates that are intended for use as TLS Certificates. This type is defined in Table 48.
Table 50 – TlsCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:TlsCertificateType |
||||
|
IsAbstract |
True |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:CertificateType defined in 7.8.4. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe a Certificates that is a TLS server Certificate. This type is defined in Table 51.
Table 51 – TlsServerCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:TlsServerCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:TlsCertificateType defined in 7.8.4. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe a Certificates that is a TLS client Certificate. This type is defined in Table 52.
Table 52 – TlsClientCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:TlsClientCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:TlsCertificateType defined in 7.8.4. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an RSA key size of 1024 or 2048 bits. All Applications which support the Basic128Rsa15 and Basic256 profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 53.
Table 53 – RsaMinApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:RsaMinApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:ApplicationCertificateType defined in 7.8.4.2 |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an RSA key size of 2048, 3072 or 4096 bits. All Applications which support the Basic256Sha256 profile (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 54.
Table 54 – RsaSha256ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:RsaSha256ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:ApplicationCertificateType defined in 7.8.4.2 |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC Public Key. Applications which support the ECC profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 55.
Table 55 – EccApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccApplicationCertificateType |
||||
|
IsAbstract |
True |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:ApplicationCertificateType defined in 7.8.4.2. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC nistP256 Public Key. Applications which support the ECC NIST P256 curve profiles (see OPC 10000-7) shall have a Certificate of this type or a Certificate of the EccNistP384ApplicationCertificateType defined in 7.8.4.12. This type is defined in Table 56.
Table 56 – EccNistP256ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccNistP256ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:EccApplicationCertificateType defined in 7.8.4.10. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC nistP384 Public Key. Applications which support the ECC NIST P384 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 57.
Table 57 – EccNistP384ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccNistP384ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:EccApplicationCertificateType defined in 7.8.4.10. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC brainpoolP256r1 Public Key. Applications which support the ECC brainpoolP256r1 curve profiles (see OPC 10000-7) shall have a Certificate of this type or a Certificate of the EccBrainpoolP384r1ApplicationCertificateType defined in 7.8.4.14. This type is defined in Table 58.
Table 58 – EccBrainpoolP256r1ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccBrainpoolP256r1ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:EccApplicationCertificateType defined in 7.8.4.10. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC brainpoolP384r1 Public Key. Applications which support the ECC brainpoolP384r1 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 59.
Table 59 – EccBrainpoolP384r1ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccBrainpoolP384r1ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:EccApplicationCertificateType defined in 7.8.4.10. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC curve25519 Public Key. Applications which support the ECC curve25519 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 60.
Table 60 – EccCurve25519ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccCurve25519ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:EccApplicationCertificateType defined in 7.8.4.10. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC curve448 Public Key. Applications which support the ECC curve448 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 61.
Table 61 – EccCurve448ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccCurve448ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:EccApplicationCertificateType defined in 7.8.4.10. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type defines a FileType that can be used to access the configuration associated with an Object.
The file is a stream containing an instance of UABinaryFileDataType serialized using one of the DataEncodings defined in OPC 10000-6. The DataEncoding used depends on the DataEncoding used for the messages sent to the Server. The body of the UABinaryFileDataType shall be an instance of the DataType specified by the SupportedDataType Property.
An instance of a ConfigurationFileType shall restrict access to appropriate users or applications. This should be ConfigureAdmin, SecurityAdmin or an equivalent administrative Role.
The Open Method shall not support modes other than Read (0x01) and Read + Write (0x03).
When a Client opens the file for reading and writing, the Client shall follow the following steps.
- Read the existing configuration with the FileType Read Method.
- Set the position to the beginning of the file with the FileType SetPosition Method.
- Write the changes with the FileType Write Method.
- Apply the changes with the CloseAndUpdate Method.
Servers shall automatically Close ConfigurationFiles if there are no calls to Methods on the ConfigurationFile Object within the time specified by the ActivityTimeout Property.
The Size Property inherited from FileType has no meaning for ConfigurationFile and returns the error code defined in OPC 10000-20.
When the CloseAndUpdate Method is called the Server will validate the configuration and then schedules the update. The Server returns initial results in the CloseAndUpdate response and may return additional errors after applying the changes in the response to ConfirmUpdate.
If CloseAndUpdate succeeds it returns a UpdateId that is used to confirm that the Client can connect after the update by calling the ConfirmUpdate Method. If it is not necessary to call ConfirmUpdate, the Server returns a empty value for the UpdateId.
Table 62 – ConfigurationFileType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:ConfigurationFileType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:FileType defined in OPC 10000-20. |
|||||
|
0:HasProperty |
Variable |
0:LastUpdateTime |
0:UtcTime |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:CurrentVersion |
0:VersionTime |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:ActivityTimeout |
0:Duration |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:SupportedDataType |
0:NodeId |
0:PropertyType |
Mandatory |
|
0:HasComponent |
Method |
0:CloseAndUpdate |
Defined in 7.8.5.2. |
Mandatory |
|
|
0:HasComponent |
Method |
0:ConfirmUpdate |
Defined in 7.8.5.3. |
Mandatory |
|
|
|
|||||
|
Conformance Units |
|||||
|
Base Configuration Management |
|||||
The LastUpdateTime Property indicates when the configuration was last updated. The LastUpdateTime shall reflect changes made using the ConfigurationFile Object Methods. A ConfigurationFile Object should also reflect changes made in other ways.
The CurrentVersion Property is the value of the Version for the currently active configuration.
The ActivityTimeout Property specifies the maximum elapsed time between the calls to Methods on the ConfigurationFile Object after Open is called. If this time elapses the ConfigurationFile is automatically closed by the Server and any changes are discarded. The default value is 60 000 milliseconds (1 minute).
The SupportedDataType Property specifies the NodeId of the DataType that is put into the body of the UABinaryFileDataType during reading and writing. Any DataType shall be a subtype of BaseConfigurationDataType which is defined in 7.8.5.4.
The CloseAndUpdate Method validates the configuration and returns any validation errors.
The ConfirmUpdate Method is used to confirm that the Client can reconnect after the changes were applied.
The CloseAndUpdate Method closes the ConfigurationFile and applies the changes to the configuration. It can only be called if the ConfigurationFile was opened for writing. If the Close Method is called any cached data is discarded and the configuration is not changed.
The Client may partially update the configuration by specifying one or more targets. Each target refers to a component of the configuration that will be inserted, updated or deleted. The Server shall attempt to apply all changes. If any errors occur then all changes are rolled back.
Updating the configuration will often require the endpoints to be closed and all active Sessions be interrupted. When the new configuration is applied it is possible that a configuration error made the Server unreachable. The restartDelayTime argument is used to delay the restart process to give the Client a chance to receive results from the CloseAndUpdate call. The revertAfterTime argument is used to automatically restore the previous configuration if the Client is not able to reconnect and call the ConfirmUpdate Method.
If auditing is supported, the Server shall generate the ConfigurationUpdatedAuditEventType (see 7.8.5.8) when the configuration is updated. This may occur before CloseAndUpdate completes or when the update is scheduled to occur based on the restartDelayTime.
Signature
CloseAndUpdate(
[in] 0:UInt32 fileHandle
[in] 0:VersionTime versionToUpdate
[in] 0:ConfigurationUpdateTargetType[] targets
[in] 0:Duration revertAfterTime
[in] 0:Duration restartDelayTime
[out] 0:StatusCode[] updateResults
[out] 0:VersionTime newVersion
[out] 0:Guid updateId
);
|
Argument |
Description |
|
fileHandle |
The handle of the previously opened file. |
|
versionToUpdate |
Specifies the version of the configuration that the Client believes it is updating. If the CurrentVersion is not the same a Bad_InvalidState error is returned. |
|
targets |
The list of targets to update. There must be at least one target. Contents of the file which are not referenced by a target are ignored. |
|
revertAfterTime |
How long the Server should wait before reverting the configuration changes if ConfirmUpdate is not called after CloseAndUpdate returns a response. The revertAfterTime countdown starts after the restartDelayTime time elapses. After getting a response, the Client must wait at least restartDelayTime before attempting to reconnect but no longer than restartDelayTime + revertAfterTime. |
|
restartDelayTime |
How long the Server should wait before applying the configuration changes if applying the configuration changes will interrupt active Sessions. Clients set this value based on how long it takes for them to receive the response to the Method. |
|
updateResults |
The result for each target update operation. The length and order of the array shall match the targets array. If any element is not Good then then no changes are applied and the Method return code is Uncertain. |
|
newVersion |
The new ConfigurationVersion. If it is NULL, then no changes were applied. |
|
updateId |
An id to passed into ConfirmUpdate to tell the Server that the update was successful. If this value is a NULL Guid then ConfirmUpdate does not need to be called. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Uncertain |
Errors occurred processing individual targets. |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_InvalidState |
The versionToUpdate does not match the CurrentVersion. |
|
Bad_ChangesPending |
|
|
Bad_SecurityModeInsufficient |
The SecureChannel is not authenticated. |
Operation Result Codes (Returned in UpdateResults)
|
Result Code |
Description |
|
Bad_NoEntryExists |
An existing record was not found. |
|
Bad_EntryExists |
Another record with the same name was found. |
|
Good_EntryInserted |
A new record was created successfully, |
|
Good_EntryReplaced |
An existing record was updated successfully, |
|
Bad_NoDeleteRights |
A record exists but it cannot be deleted. |
|
Bad_NotSupported |
A field in the record cannot be changed to the value specified. |
|
Bad_InvalidArgument |
The target definition is not valid. |
|
Bad_ResourceUnavailable |
The maximum number of supported elements would be exceeded. |
|
Bad_InvalidState |
The current state of the record does not allow the operation. For example, a CertificateGroup has Certificates assigned. |
Table 29 specifies the AddressSpace representation for the CloseAndUpdate Method.
Table 63 – CloseAndUpdate Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:CloseAndUpdate |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:OutputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
The ConfirmUpdate Method allows a Client to confirm that it can connect after the configuration has been applied. The Client shall disconnect from the Server and reconnect before calling ConfirmUpdate. The RevertAfterTime parameter passed to the CloseAndUpdate Method specifies how long the Server shall wait for confirmation.
If the Server could not apply all changes then the return code is Bad_TransactionFailed and no changes were applied.
If the Method is called too soon the Server returns Bad_InvalidState.
The permissions needed to call this method shall be specified by the subtype and should require one of the administrator Roles.
Signature
ConfirmUpdate(
[in] 0:Guid updateId
);
|
Argument |
Description |
|
updateId |
The id returned by CloseAndUpdate. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_TransactionFailed |
An error occurred applying the changes and they have been rolled backed and the ConfigurationVersion does not change. |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_InvalidArgument |
The updateId is not valid or is no longer valid. Any transaction associated with the updateId has been rolled back. |
|
Bad_InvalidState |
The Server has not had a chance to apply the changes and the Client needs to wait and call the Method again. |
|
Bad_SecurityModeInsufficient |
The SecureChannel is not authenticated. |
Table 28 specifies the AddressSpace representation for the ConfirmUpdate Method.
Table 64 – ConfirmUpdate Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:ConfirmUpdate |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
This DataType is the base DataType used to serialize configurations. It is defined in Table 65.
Table 65 – BaseConfigurationDataType Structure
|
Name |
Type |
Description |
|
BaseConfigurationDataType |
Structure |
|
|
ConfigurationVersion |
0:VersionTime |
This field is ignored when updating the configuration. |
|
ConfigurationProperties |
0:KeyValuePair[] |
Additional configuration properties |
Its representation in the AddressSpace is defined in Table 66.
Table 66 – BaseConfigurationDataType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:BaseConfigurationDataType |
|||||
|
IsAbstract |
True |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the 0:Structure DataType defined in OPC 10000-5. |
||||||
|
|
||||||
|
Conformance Units |
||||||
|
Base Configuration Management |
||||||
This DataType is the base DataType for a named record contained within a configuration. It is defined in Table 67.
Table 67 – BaseConfigurationRecordDataType Structure
|
Name |
Type |
Description |
|
BaseConfigurationRecordDataType |
Structure |
|
|
Name |
0:String |
The name of the record used when updating or deleting a single record. If the record corresponds to an Object in the AddressSpace then this shall be the Name portion of the BrowseName. If the record does not have a matching Object, then Name is only unique within an instance of a configuration file. For these cases, the Server may generate new names each time the ConfigurationVersion changes. The names may be persisted by the Server with the ConfigurationVersion or may be generated with an algorithm that produces the same value given a fixed set of records. Which behaviour to use is defined by the subtype. |
|
RecordProperties |
0:KeyValuePair[] |
Additional record properties |
Its representation in the AddressSpace is defined in Table 66.
Table 68 – BaseConfigurationRecordDataType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:BaseConfigurationRecordDataType |
|||||
|
IsAbstract |
True |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the 0:Structure DataType defined in OPC 10000-5. |
||||||
|
|
||||||
|
Conformance Units |
||||||
|
Base Configuration Management |
||||||
This is a DataType that defines a target for an update operation It allows the Client to specify the type of update operation (insert, replace or delete).
The Path field defines the path to the target record of the update operation within the configuration. Only fields which are subtypes of BaseConfigurationRecordDataType are valid targets of the path.
The UpdateType specifies that operation to be performed.
Examples of paths:
- CertificateGroups.[1]
- ApplicationIdentity
- UserTokenSettings.[2]
The ConfigurationUpdateTargetType is defined in Table 69.
Table 69 – ConfigurationUpdateTargetType Structure
|
Name |
Type |
Description |
|
ConfigurationUpdateTargetType |
Structure |
|
|
Path |
0:String |
A path to the target record for the update operation. The path uses the DataType FieldPath syntax defined in OPC 10000-6.
|
|
UpdateType |
0:ConfigurationUpdateType |
The type of update. |
Its representation in the AddressSpace is defined in Table 70.
Table 70 – ConfigurationUpdateTargetType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:ConfigurationUpdateTargetType |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the 0:Structure DataType defined in OPC 10000-5. |
||||||
|
|
||||||
|
Conformance Units |
||||||
|
Base Configuration Management |
||||||
This is a DataType that defines the values used for the UpdateType field in the ConfigurationUpdateTargetType. Its values are defined in Table 71.
The update operation is applied to a target within the configuration identified by a path (see 7.8.5.6). The Replace and Delete operations use the Name field in the Structure to match a target with an existing record. For Insert operations no existing record with the same Name may exist. For Delete operations the contents of the record are ignored.
Table 71 – ConfigurationUpdateType Enumeration
|
Name |
Value |
Description |
|
Insert |
1 |
The target is added. An error occurs if a name conflict occurs. |
|
Replace |
2 |
The existing record is updated. An error occurs if a name cannot be matched to an existing record. |
|
InsertOrReplace |
3 |
The existing record is updated. New records are created if the name does not match an existing record. |
|
Delete |
4 |
Any existing record is deleted. An error occurs if the name cannot be matched to an existing record. |
Its representation in the AddressSpace is defined in Table 72.
Table 72 – ConfigurationUpdateType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:ConfigurationUpdateType |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the Enumeration DataType defined in OPC 10000-5. |
||||||
|
0:HasProperty |
Variable |
0:EnumValues |
0:EnumValueType [] |
0:PropertyType |
|
|
|
|
||||||
|
Conformance Units |
||||||
|
Base Configuration Management |
||||||
This event is raised when a configuration been updated.
The SourceNode Property for Events of this type shall be assigned to the NodeId for the Node that owns the configuration (usually the parent of the ConfigurationFile Object). The SourceName for Events of this type shall be the BrowseName of the configuration owner.
Its representation in the AddressSpace is formally defined in Table 73.
Table 73 – ConfigurationUpdatedAuditEventType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:ConfigurationUpdatedAuditEventType |
|||||
|
IsAbstract |
True |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
|
Subtype of the 0:AuditEventType defined in OPC 10000-5. |
||||||
|
0:HasProperty |
Variable |
0:OldVersion |
0:VersionTime |
0:PropertyType |
Mandatory |
|
|
0:HasProperty |
Variable |
0:NewVersion |
0:VersionTime |
0:PropertyType |
Mandatory |
|
|
|
|
|
|
|
|
|
|
|
||||||
|
Conformance Units |
||||||
|
Base Configuration Management |
||||||
This EventType inherits all Properties of the AuditEventType. Their semantic is defined in OPC 10000-5.
The DataType Property specifies the DataType of the configuration that was updated.