cleanup

components/opc-ua/src/Microsoft.Azure.IIoT.OpcUa.Protocol/src/Runtime/Extensions/OpcConfigEx.cs

@@ -48,9 +48,9 @@ public static ApplicationConfiguration ToApplicationConfiguration(
             applicationConfiguration.CertificateValidator
                 .Update(applicationConfiguration.SecurityConfiguration).ConfigureAwait(false);
 
-            // use existing certificate, if it is there
+            // use existing certificate, if present
             var certificate = applicationConfiguration.SecurityConfiguration
-                .ApplicationCertificate.Find(true).Result;
+                .ApplicationCertificate.Certificate;
 
             // create a self signed certificate if there is none
             if (certificate == null && createSelfSignedCertIfNone) {
@@ -77,7 +77,6 @@ public static ApplicationConfiguration ToApplicationConfiguration(
 
                 applicationConfiguration.SecurityConfiguration
                     .ApplicationCertificate.Certificate = certificate;
-
                 try {
                     // copy the certificate *public key only* into the trusted certificates list
                     using (ICertificateStore trustedStore = applicationConfiguration
@@ -88,16 +87,12 @@ public static ApplicationConfiguration ToApplicationConfiguration(
                     }
                 }
                 catch { }
-
                 // update security information
                 applicationConfiguration.CertificateValidator.UpdateCertificate(
                     applicationConfiguration.SecurityConfiguration).ConfigureAwait(false);
             }
 
             applicationConfiguration.ApplicationUri = Utils.GetApplicationUriFromCertificate(certificate);
-            applicationConfiguration.CertificateValidator
-                .Update(applicationConfiguration).ConfigureAwait(false);
-
             return applicationConfiguration;
         }
     }

components/opc-ua/src/Microsoft.Azure.IIoT.OpcUa.Protocol/src/Runtime/Extensions/SecurityConfigEx.cs

@@ -50,7 +50,8 @@ public static SecurityConfiguration ToSecurityConfiguration(this ISecurityConfig
                 AutoAcceptUntrustedCertificates = securityConfig.AutoAcceptUntrustedCertificates,
                 RejectSHA1SignedCertificates = securityConfig.RejectSha1SignedCertificates,
                 MinimumCertificateKeySize = securityConfig.MinimumCertificateKeySize,
-                ApplicationCertificate = securityConfig.ApplicationCertificate.ToCertificateIdentifier()
+                ApplicationCertificate = securityConfig.ApplicationCertificate.ToCertificateIdentifier(),
+                AddAppCertToTrustedStore = true
             };
 
             return securityConfiguration;

components/opc-ua/src/Microsoft.Azure.IIoT.OpcUa.Protocol/src/Services/ServerConsoleHost.cs

@@ -104,11 +104,10 @@ private async Task StartServerInternalAsync(IEnumerable<int> ports) {
             _logger.Information("Server created...");
 
             config = ApplicationInstance.FixupAppConfig(config);
-
-
             _logger.Information("Validate configuration...");
             await config.Validate(ApplicationType.Server);
 
+            config.SecurityConfiguration.AutoAcceptUntrustedCertificates = AutoAccept;
             config.CertificateValidator = new CertificateValidator();
             config.CertificateValidator.CertificateValidation += (v, e) => {
                 if (e.Error.StatusCode == StatusCodes.BadCertificateUntrusted) {
@@ -120,10 +119,8 @@ private async Task StartServerInternalAsync(IEnumerable<int> ports) {
 
             _logger.Information("Initialize certificate validation...");
             await config.CertificateValidator.Update(config.SecurityConfiguration);
+            var cert = config.SecurityConfiguration.ApplicationCertificate.Certificate;
 
-            // Use existing certificate, if it is there.
-            var cert = await config.SecurityConfiguration.ApplicationCertificate
-                .Find(true);
             if (cert == null) {
                 _logger.Information("Creating new certificate in {path}...",
                     config.SecurityConfiguration.ApplicationCertificate.StorePath);
@@ -139,31 +136,28 @@ private async Task StartServerInternalAsync(IEnumerable<int> ports) {
                     CertificateFactory.defaultLifeTime,
                     CertificateFactory.defaultHashSize);
 #pragma warning restore IDE0067 // Dispose objects before losing scope
-            }
-
-            if (cert != null) {
                 config.SecurityConfiguration.ApplicationCertificate.Certificate = cert;
-                config.ApplicationUri = Utils.GetApplicationUriFromCertificate(cert);
                 await config.CertificateValidator.UpdateCertificate(config.SecurityConfiguration);
             }
+            config.ApplicationUri = Utils.GetApplicationUriFromCertificate(cert);
 
             var application = new ApplicationInstance(config);
 
             // check the application certificate.
             var haveAppCertificate =
                 await application.CheckApplicationInstanceCertificate(false, 0);
             if (!haveAppCertificate) {
-                _logger.Error("Failed validating certificate!");
+                _logger.Error("Failed validating own certificate!");
                 throw new Exception("Application instance certificate invalid!");
             }
 
-            // Set certificate
+            // Set Certificate
             try {
                 // just take the public key
-                Certificate = new X509Certificate2(cert.RawData);
+                Certificate = new X509Certificate2(config.SecurityConfiguration.ApplicationCertificate.Certificate.RawData);
             }
             catch {
-                Certificate = cert;
+                Certificate = config.SecurityConfiguration.ApplicationCertificate.Certificate;
             }
 
             _logger.Information("Starting server ...");

components/opc-ua/src/Microsoft.Azure.IIoT.OpcUa.Testing/src/Fixtures/BaseServerFixture.cs

@@ -62,15 +62,15 @@ protected BaseServerFixture(IEnumerable<INodeManagerFactory> nodes) {
             _client = new Lazy<ClientServices>(() => {
                 return new ClientServices(Logger, _config);
             }, false);
-            _serverHost = new ServerConsoleHost(
-                new ServerFactory(Logger, nodes) {
-                    LogStatus = false
-                }, Logger) {
-                AutoAccept = true
-            };
             var port = Interlocked.Increment(ref _nextPort);
             for (var i = 0; i < 200; i++) { // Retry 200 times
                 try {
+                    _serverHost = new ServerConsoleHost(
+                        new ServerFactory(Logger, nodes) {
+                            LogStatus = false
+                        }, Logger) {
+                        AutoAccept = true
+                    };
                     Logger.Information("Starting server host on {port}...",
                         port);
                     _serverHost.StartAsync(new int[] { port }).Wait();

components/opc-ua/src/Microsoft.Azure.IIoT.OpcUa.Testing/src/Servers/ServerFactory.cs

@@ -141,7 +141,8 @@ public static ApplicationConfiguration CreateServerConfiguration(
                             StoreType = "Directory",
                             StorePath = "pki/rejected",
                         },
-                        AutoAcceptUntrustedCertificates = false
+                        AutoAcceptUntrustedCertificates = true,
+                        AddAppCertToTrustedStore = true
                     },
                     TransportConfigurations = new TransportConfigurationCollection(),
                     TransportQuotas = TransportQuotaConfigEx.DefaultTransportQuotas(),