update to newest OPC UA Nuget Package

- users Database
- Trust own CA
- replace CertificateGroup by CertificateGroupService to mitigate internal copying

GDSwithREST.Domain/GDSwithREST.Domain.csproj

@@ -8,7 +8,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="7.0.0" />
-    <PackageReference Include="OPCFoundation.NetStandard.Opc.Ua.Gds.Server.Common" Version="1.4.372.76" />
+    <PackageReference Include="OPCFoundation.NetStandard.Opc.Ua.Gds.Server.Common" Version="1.4.372.106" />
   </ItemGroup>
 
 </Project>

GDSwithREST.Domain/Services/CertificateGroupService.cs

@@ -6,24 +6,35 @@ namespace GDSwithREST.Domain.Services
 {
     public class CertificateGroupService : CertificateGroup, ICertificateGroupService
     {
-        public List<CertificateGroup> CertificateGroups { get; } = new List<CertificateGroup>();
+        public List<CertificateGroupService> CertificateGroups { get; } = new List<CertificateGroupService>();
 
-        public override CertificateGroup Create(
+        public override CertificateGroupService Create(
             string storePath,
             CertificateGroupConfiguration certificateGroupConfiguration)
         {
-            var cg = new CertificateGroup().Create(storePath, certificateGroupConfiguration);
+            var cg = new CertificateGroupService(storePath, certificateGroupConfiguration);
             CertificateGroups.Add(cg);
             return cg;
         }
 
-        public async Task<X509Certificate2Collection> GetTrustList(CertificateGroup certificateGroup)
+        public CertificateGroupService() : base() { }
+
+        protected CertificateGroupService(
+            string authoritiesStorePath,
+            CertificateGroupConfiguration certificateGroupConfiguration
+            )
+            : base(authoritiesStorePath,
+            certificateGroupConfiguration)
+        { }
+
+        public async Task<X509Certificate2Collection> GetTrustList()
         {
-            using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(certificateGroup.Configuration.TrustedListPath))
+            using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(Configuration.TrustedListPath))
             {
-                return await store.Enumerate();
+                {
+                    return await store.Enumerate();
+                }
             }
-
         }
     }
 }

GDSwithREST.Domain/Services/GdsService.cs

@@ -1,7 +1,10 @@
-using Opc.Ua;
+using GDSwithREST.Domain.ApiModels;
+using Opc.Ua;
 using Opc.Ua.Configuration;
 using Opc.Ua.Gds.Server;
 using Opc.Ua.Gds.Server.Database;
+using Opc.Ua.Gds.Server.Database.Linq;
+using static Org.BouncyCastle.Math.EC.ECCurve;
 
 namespace GDSwithREST.Domain.Services
 {
@@ -32,7 +35,7 @@ public async Task StartServer(CancellationToken stoppingToken)
                 _applicationInstance = new ApplicationInstance
                 {
                     ApplicationName = "Global Discovery Server",
-                    ApplicationType = ApplicationType.Server,
+                    ApplicationType = Opc.Ua.ApplicationType.Server,
                     ConfigSectionName = "Opc.Ua.GlobalDiscoveryServer"
                 };
                 // load the application configuration.
@@ -42,16 +45,29 @@ public async Task StartServer(CancellationToken stoppingToken)
 
                 _applications.Initialize();
                 _certificateRequests.Initialize();
+
+                // get the DatabaseStorePath configuration parameter.
+                GlobalDiscoveryServerConfiguration gdsConfiguration = _applicationInstance.ApplicationConfiguration.ParseExtension<GlobalDiscoveryServerConfiguration>();
+                string usersDatabaseStorePath = Utils.ReplaceSpecialFolderNames(gdsConfiguration.UsersDatabaseStorePath);
+                var usersDatabase = JsonUsersDatabase.Load(usersDatabaseStorePath);
                 //await _certificateGroup.Init();
                 var gdsServer = new GlobalDiscoverySampleServer(
                         _applications,
                         _certificateRequests,
-                        _certificateGroups
+                        _certificateGroups,
+                        usersDatabase
                        );
 
                 //start GDS
                 await _applicationInstance.Start(gdsServer);
 
+                //trust GDS CA
+                var defaultCertificateGroup = _certificateGroups.CertificateGroups.SingleOrDefault(cg => cg.Id.Identifier is (uint)CertificateGroupType.DefaultApplicationGroup);
+                if (defaultCertificateGroup is null)
+                    throw new Exception("Failed to initialze GDS CA Certifcate");
+
+                await _applicationInstance.AddOwnCertificateToTrustedStoreAsync(defaultCertificateGroup.Certificate, stoppingToken);
+
                 var endpoints = _applicationInstance.Server.GetEndpoints().Select(e => e.EndpointUrl).Distinct();
 
                 foreach (var endpoint in endpoints)

GDSwithREST.Domain/Services/ICertificateGroupService.cs

@@ -5,7 +5,7 @@ namespace GDSwithREST.Domain.Services
 {
     public interface ICertificateGroupService : ICertificateGroup
     {
-        public List<CertificateGroup> CertificateGroups { get; }
-        public Task<X509Certificate2Collection> GetTrustList(CertificateGroup certificateGroup);
+        public List<CertificateGroupService> CertificateGroups { get; }
+        public Task<X509Certificate2Collection> GetTrustList();
     }
 }

GDSwithREST/Controllers/ApplicationsController.cs

@@ -158,7 +158,7 @@ private static async Task RevokeApplicationCertificate(byte[]? certificate, ICer
                     }
                     if (certificateGroup != null)
                     {
-                       await certificateGroupService.RevokeCertificateAsync(x509).ConfigureAwait(false);
+                       await certificateGroup.RevokeCertificateAsync(x509).ConfigureAwait(false);
                     }
                 }
             }

GDSwithREST/Controllers/CertificateGroupsController.cs

@@ -78,7 +78,7 @@ public async Task<ActionResult<X509CertificateApiModel[]>> GetCertificateGroupTr
             {
                 return NotFound();
             }
-            var trustedCertificatesCollection = await _certificateGroupService.GetTrustList(certificateGroup);
+            var trustedCertificatesCollection = await certificateGroup.GetTrustList();
             var trustList =
                 from cert in trustedCertificatesCollection
                 select new X509CertificateApiModel(cert);

GDSwithREST/GdsConfig/Opc.Ua.GlobalDiscoveryServer.Config.xml

@@ -160,6 +160,7 @@
         </CertificateGroups>
         <KnownHostNames/>
         <ShutdownDelay>5</ShutdownDelay>
+		<UsersDatabaseStorePath>%LocalApplicationData%/OPC Foundation/GDS/gdsusersdb.json</UsersDatabaseStorePath>
       </GlobalDiscoveryServerConfiguration>
     </ua:XmlElement>
   </Extensions>

docker-compose.yml

@@ -2,7 +2,7 @@ version: '3.4'
 name: "gdswithrest"
 services:
   api:
-    image: "ghcr.io/romanett/gdswithrest:2023-11-28"
+    image: "ghcr.io/romanett/gdswithrest:2023-12-22"
     ports:
         - "8080:8080"
         - "8081:8081"