FinishRequest is used to retrieve a KeyCredential.
If a Certificate was provided in the request then the KeyCredential secret is encrypted using an asymmetric encryption algorithm specified by the SecurityPolicyUri provided in the request.
The credentialId is the identifier, such as a user name, which often needs to be presented when using the credentialSecret.
The credentialSecret is a UA Binary encoded form of one of the EncryptedSecret DataTypes defined in OPC 10000-4. If the securityPolicyUri requires an RSA Certificate then the RsaEncryptedSecret DataType is used. If the securityPolicyUri requires an ECC Certificate then the EccEncryptedSecret DataType is used.
The Signing Certificate is owned by the source of the KeyCredential. The KeyCredentialService determines the most appropriate Certificate to use.
If the return code is Bad_RequestNotComplete then the request has not been processed and the Client should call again. It is expected that a Client will periodically call this Method until the KeyCredentialService has completed the request.
This Method shall be called from an encrypted SecureChannel and from a Client that has access to the KeyCredentialAdmin Role, the ApplicationAdmin Privilege, or the ApplicationSelfAdmin Privilege (see 8.2). In addition, this Method shall only be called SecureChannel using that same Certificate that Client used to call StartRequest.
Signature
FinishRequest (
[in] NodeId requestId
[in] Boolean cancelRequest
[out] String credentialId
[out] ByteString credentialSecret
[out] String certificateThumbprint
[out] String securityPolicyUri
[out] NodeId[] grantedRoles
);
Argument |
Description |
requestId |
The identifier returned from a previous call to StartRequest. |
cancelRequest |
If TRUE the request is cancelled and no KeyCredentials are returned. If FALSE the normal processing proceeds. |
credentialId |
The unique identifier for the KeyCredential. |
credentialSecret |
The secret associated with the KeyCredential. |
certificateThumbprint |
The thumbprint of the Certificate used to encrypt the secret for RSA SecurityPolicies. Set to NULL for ECC SecurityPolicies. |
securityPolicyUri |
The SecurityPolicy used to create the credentialSecret. |
|
|
grantedRoles |
A list of Roles which have been granted to KeyCredential. If empty then the information is not relevant or not available. |
Method Result Codes (defined in Call Service)
Result Code |
Description |
Bad_InvalidArgument |
The requestId is does not reference to a valid request for the Application. |
Bad_RequestNotComplete |
The request has not been processed by the Server yet. |
Bad_UserAccessDenied |
The current user does not have the rights required. |
Bad_RequestNotAllowed |
The KeyCredential manager rejected the request. The text associated with the error should indicate the exact reason. |
Bad_SecurityModeInsufficient |
The SecureChannel is not encrypted. |
Table 87 specifies the AddressSpace representation for the FinishRequest Method.
Table 87 – FinishRequest Method AddressSpace Definition
Attribute |
Value |
||||
BrowseName |
2:FinishRequest |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
0:HasProperty |
Variable |
0:OutputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |