FinishRequest is used to retrieve a KeyCredential.

If a Certificate was provided in the request then the KeyCredential secret is encrypted using an asymmetric encryption algorithm specified by the SecurityPolicyUri provided in the request.

The credentialSecret is a UA Binary encoded form of one of the EncryptedSecret DataTypes defined in OPC 10000-4. If the securityPolicyUri requires an RSA Certificate then the RsaEncryptedSecret DataType is used. If the securityPolicyUri requires an ECC Certificate then the EccEncryptedSecret DataType is used.

The Signing Certificate is owned by the source of the KeyCredential. The KeyCredentialService determines the most appropriate Certificate to use.

If the return code is Bad_RequestNotComplete then the request has not been processed and the Client should call again. It is expected that a Client will periodically call this Method until the KeyCredentialService has completed the request.

This Method shall be called from an encrypted SecureChannel and from a Client that has access to the KeyCredentialAdmin Role, the ApplicationAdmin Privilege, or the ApplicationSelfAdmin Privilege (see 8.2). In addition, this Method shall only be called SecureChannel using that same Certificate that Client used to call StartRequest.

Signature

FinishRequest (

[in] NodeId requestId

[in] Boolean cancelRequest

[out] String credentialId

[out] ByteString credentialSecret

[out] String certificateThumbprint

[out] String securityPolicyUri

[out] NodeId[] grantedRoles

);

Argument

Description

requestId

The identifier returned from a previous call to StartRequest.

cancelRequest

If TRUE the request is cancelled and no KeyCredentials are returned.

If FALSE the normal processing proceeds.

credentialId

The unique identifier for the KeyCredential.

credentialSecret

The secret associated with the KeyCredential.

certificateThumbprint

The thumbprint of the Certificate used to encrypt the secret for RSA SecurityPolicies. Set to NULL for ECC SecurityPolicies.

securityPolicyUri

The SecurityPolicy used to create the credentialSecret.

grantedRoles

A list of Roles which have been granted to KeyCredential.

If empty then the information is not relevant or not available.

Method Result Codes (defined in Call Service)

Result Code

Description

Bad_InvalidArgument

The requestId is does not reference to a valid request for the Application.

Bad_RequestNotComplete

The request has not been processed by the Server yet.

Bad_UserAccessDenied

The current user does not have the rights required.

Bad_RequestNotAllowed

The KeyCredential manager rejected the request.

The text associated with the error should indicate the exact reason.

Table 84 specifies the AddressSpace representation for the FinishRequest Method.

Table 84 – FinishRequest Method AddressSpace Definition

Attribute

Value

BrowseName

2:FinishRequest

References

NodeClass

BrowseName

DataType

TypeDefinition

ModellingRule

0:HasProperty

Variable

0:InputArguments

0:Argument[]

0:PropertyType

Mandatory

0:HasProperty

Variable

0:OutputArguments

0:Argument[]

0:PropertyType

Mandatory