Allow dynamic update of client/server application certificate and key
Description
Implement a mechanism to allow dynamic update of client/server application certificate and key in configuration. All secure channels associated with previous certificate should be closed (see part 12 v1.05 §7.10.6):
[...] Server shall force existing SecureChannels affected by the changes to renegotiate and use the new Server Certificate [...]
Servers may close SecureChannels without discarding any Sessions or Subscriptions.
Implementation
Implement an event to close all current secure channels using previous certificate data. Add a thread safe API to allow application certificate and key update in configuration with concurrent accesses. And add a mandatory callback mechanism to close all current secure channels already using previous certificate, on server side the session is kept and might be associated to a new secure channel using the new certificate. Ensure OPC UA method call response is sent prior to closing the SC using it.