Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
com.prosysopc.ua.SecureIdentityException
June 13, 2016
10:27, EEST
Avatar
pramanj
Member
Members
Forum Posts: 86
Member Since:
October 21, 2014
sp_UserOfflineSmall Offline

I upgradede my JRE from 1.7 to 1.8 , since that I am getting unknown certification authority error. Then based on some previous discussions similar topic by cho21e in this forum, i deleted the certificates and keys in the PKI folder. On deleting the certificate files under “private” folder and recompiling, it gives following error


com.prosysopc.ua.SecureIdentityException: Cannot create certificate for application ……..
at com.prosysopc.ua.ApplicationIdentity.createKeyPair(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateKeyPair(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source) ………

It was not giving such problems earlier! Is it due to java version from 1.7 to 1.8 (the latest)?
Should I download the 1.8 version of the PROSYS OPC SDK? I have requested for the down load. Kindly approve it if that is the cause of the error!

what to do?
regards
pramanjCry

June 13, 2016
10:52, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 1032
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Can you post the full stack trace? It is bit hard to say what is the problem without it.

There is no specific versions of the SDK for a specific Java version. As long as your runtime is Java 6 or later, it will work. Newer JREs are backwards compatible, i.e. Java 8 will run Java7,6,… code.

– Bjarne

June 13, 2016
12:30, EEST
Avatar
pramanj
Member
Members
Forum Posts: 86
Member Since:
October 21, 2014
sp_UserOfflineSmall Offline

The trace is given below:

com.prosysopc.ua.SecureIdentityException: Cannot create certificate for application ARSCADA@Admin-PC
at com.prosysopc.ua.ApplicationIdentity.createKeyPair(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateKeyPair(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at gatewayhook.SampleConsoleClient.initialize(SampleConsoleClient.java:1184)
at gatewayhook.GatewayHook.startup(GatewayHook.java:525)
at gatewayhook.GatewayHook.main(GatewayHook.java:66)
Caused by: java.security.cert.CertificateException: Subject class type invalid.
at sun.security.x509.X509CertInfo.setSubject(X509CertInfo.java:888)
at sun.security.x509.X509CertInfo.set(X509CertInfo.java:415)
at org.opcfoundation.ua.transport.security.SunJceCertificateProvider.generateCertificate(Unknown Source)
at org.opcfoundation.ua.utils.CertificateUtils.generateCertificate(Unknown Source)
at org.opcfoundation.ua.utils.CertificateUtils.generateCertificate(Unknown Source)
at org.opcfoundation.ua.utils.CertificateUtils.createApplicationInstanceCertificate(Unknown Source)
… 7 more

line 1184 is call to loadOrCreateCertificate as follows:

final ApplicationIdentity identity = ApplicationIdentity.loadOrCreateCertificate(appDescription,
//”Sample Organisation”, /* Private Key Password */”opcua”,
“PRAMANJ Technologies”, /* Private Key Password */”opcua”,
/* Key File Path */privatePath,
/* CA certificate & private key */issuerCertificate,
/* Key Sizes for instance certificates to create */keySizes,
/* Enable renewing the certificate */true)

June 13, 2016
13:03, EEST
Avatar
pramanj
Member
Members
Forum Posts: 86
Member Since:
October 21, 2014
sp_UserOfflineSmall Offline

Dear Sir,
Another thing I did was to remove some of the libraries like bc*.jar, http*.jar, commons*.jar only OPC.ua.stack and Prosys-ua stack jar and log4j and sl4j jars were included. Could that be a problem? Shall I try to inlcude all the missing jars and compile?
regards
PRAMANJ

June 13, 2016
13:08, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 1032
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Is there any reason you cannot use the bouncy castle jars? Adding them to your classpath should solve this.
Based on the “org.opcfoundation.ua.transport.security.SunJceCertificateProvider.generateCertificate” the java stack (which the SDK uses) selected the SunJceCertificateProvider. It does this if there is nothing else available from the classpath. And that uses the the jre private api for the creating the certificate since it is otherwise not possible, those private apis can change for different jre versions. It also might have problems in some areas (e.g. private key passwords).

See the ‘USAGE OF SECURITY LIBRARIES’ section from the README.txt for more information.

Seems some issues relating to SunJceCertificateProvider was solved for stack version 1.02.337.6, therefore you could try SDK version 2.2.2 (2.2.0 had 1.02.337.4; 2.2.2 has 1.02.337.8).

June 13, 2016
13:14, EEST
Avatar
pramanj
Member
Members
Forum Posts: 86
Member Since:
October 21, 2014
sp_UserOfflineSmall Offline

Yes sir, I added all the bounrt castle and http and all the other libraries listed above and its working now!
I will switch over to the 2.2.2 version of your sdk and evaluate.

Thanks ! It was my mistake!

Sorry to bother you.

Best Reagrds
PRAMANJ

June 13, 2016
13:18, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 1032
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Please see the ‘DEPLOYMENT’ section of the README.txt for which jars are needed. Please use the bc*.jar (or sc*.jar if Android) if you can since testing is done using mostly using the Bouncy Castle library and it is therefore recommended in normal applications (this also reads in the readme, ‘USAGE OF SECURITY LIBRARIES’).

June 13, 2016
13:29, EEST
Avatar
pramanj
Member
Members
Forum Posts: 86
Member Since:
October 21, 2014
sp_UserOfflineSmall Offline

Ok sir, thanks I will read the readme file carefully to see which libraries are required.
Hope switching to libraries from your 2.2.2 sdk for all (Opc stack , Prosys stack and bc , sc jars) in my current application will not cuase problems. I will study the Migration notes as well.

Best Reagrds
PRAMANJ

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
13 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 730

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1529

Posts: 6471

Newest Members:

PromotionToold, HypromeImpupe, toneylapham544, rondawolinski7, Marypof5711, roycedelargie91, kourtneyquisenbe, ellis87832073466, zkxwilliemae, gabriellabachus

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0

Administrators: admin: 1