Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Connecting with certificate results in "bad connection"
January 24, 2022
15:46, EET
Avatar
eidelmany
Member
Members
Forum Posts: 3
Member Since:
January 24, 2022
sp_UserOfflineSmall Offline

I’m trying to connect my Android application to a OPC server. I’m using a PKI file which I have verified that I can connect using that file through dataFEED OPC UA Client by Softing. I’m able to connect using anonymous and username/password but certificate is giving me issues.

Getting the following error:
com.prosysopc.ua.client.ConnectException: Failed to create secure channel to server: : opc.tcp://10.249.xx.xx:4840 [http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256,Sign] ServiceResult=Bad_ConnectionClosed (0x80AE0000) “The network connection has been closed.”

Caused by: com.prosysopc.ua.stack.common.ServiceResultException: Bad_ConnectionClosed (code=0x80AE0000, description=”Connection closed (graceful)”)
Caused by: java.io.EOFException

0x80AE0000 = “BasConnectionClosed” which is just a generic error that doesn’t tell me what the problem is.

Any ideas on what could be causing this?

ApplicationDescription description = new ApplicationDescription();
description.setApplicationName(new LocalizedText(appName + “@localhost”));
description.setApplicationType(ApplicationType.Client);

File pfx = new File(“” + “dataFEEDOpcUaClient.pfx”);

ApplicationIdentity identity = ApplicationIdentity.loadOrCreateCertificate(description, “dataFEEDOpcUaClient”, “”, pfx, true);
identity.setApplicationDescription(description);
identity.setOrganisation(appName);
connect(address, identity, 60000, mode, objectNodeName, rtu, null, null)
.subscribe(emitter::onComplete, emitter::onError);

private Completable connect(String serverAddress, ApplicationIdentity identity, long timeout, SecurityMode mode, String objectNodeName, String rtu, String userName, String password) {
connected = true;
return Completable.create(emitter -> {
if (!clients.containsKey(objectNodeName) || clients.get(objectNodeName) == null) {
clients.put(objectNodeName, new RTUClient(updateInterval, objectNodeName, listener, nodeDao));
}
RTUClient client = clients.get(objectNodeName);
if (!client.getClient().isConnected()) {
client.getClient().setAddress(serverAddress);
client.getClient().setApplicationIdentity(identity);
client.getClient().setTimeout(timeout);
client.getClient().addServerStatusListener(new RTUServerStatusListener());
client.getClient().setSecurityMode(mode);
if (userName != null && password != null) {
client.getClient().setUserIdentity(new UserIdentity(userName, password));
}
try {
client.getClient().connect();
collectVariableNodes(objectNodeName, rtu, client).subscribe(emitter::onComplete);
} catch (Exception e) {
emitter.tryOnError(e);
}
}
}).subscribeOn(Schedulers.io())
.doOnComplete(() -> System.out.printf(LogMessages.CONNECTION_SUCCESS, TAG, rtu, objectNodeName))
.doOnError(error -> System.out.printf(LogMessages.CONNECTION_ERROR, TAG, rtu, objectNodeName, error.getLocalizedMessage()));
}

January 25, 2022
16:18, EET
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 1032
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Hi,

I cannot know what your “RTUClient” class does. Does it just hold the UaClient in a field or does it something special?

Please try first run the SampleConsoleClient pretty much “as is” and check differences to your code.

I believe there was some issues with private key passwords on Android, if you have one, please try without, if that is an option for you.

Also, normally we have used .der format for public keys and .pem for private keys, you could try converting. Though, in general you should not use the keys of another client, but create own keys per client (it looks a lot like you try to use the “dataFEED OPC UA Client by Softing” keys).

February 4, 2022
15:08, EET
Avatar
eidelmany
Member
Members
Forum Posts: 3
Member Since:
January 24, 2022
sp_UserOfflineSmall Offline

“RTUClient” is just a helper class doing some over the overhead.

I have tried running SampleConsoleClient and at first I was getting the same error. I was able to make some adjustments and after adding the .der file to the OPC server so that the connection can be trusted I’m getting this error:

com.prosysopc.ua.SessionActivationException: Failed to initialize User Identity Token: Bad_IdentityTokenRejected (code=0x80210000, description=”Anonymous UserTokenType is not supported”) ServiceResult=Bad_IdentityTokenRejected (0x80210000) “The user identity token is valid but the server has rejected it.”
Caused by: com.prosysopc.ua.stack.common.ServiceResultException: Bad_IdentityTokenRejected (code=0x80210000, description=”Anonymous UserTokenType is not supported”)
The server supports the following user tokens:
Certificate

February 4, 2022
15:23, EET
Avatar
Matti Siponen
Moderator
Members

Moderators
Forum Posts: 349
Member Since:
February 11, 2020
sp_UserOfflineSmall Offline

Hello,

Since the description for the ServiceResultException is “Anonymous UserTokenType is not supported”, it would imply that the Server doesn’t support connecting with anonymously. Were you attempting to connect with Anonymous UserTokenType?

To use a certificate as a UserIdentity, you will need to construct a UserIdentity instance using either new UserIdentity(Cert certificate, PrivKey privateKey) or new UserIdentity(File certificateFile, File privateKeyFile, String privateKeyPassword) and then have your UaClient to use it with UaClient.setUserIdentity(UserIdentity userIdentity). Note, that it is up to the Server whether or not it accepts the certificate.

March 26, 2022
13:59, EET
Avatar
eidelmany
Member
Members
Forum Posts: 3
Member Since:
January 24, 2022
sp_UserOfflineSmall Offline

You’re correct, the problem was with the way I was using UserIdentity. I was able to get SampleConsoleClient .java to connect using a certificate. I then tried to migrate it into my Android application but I’m now getting the same error as before:

com.prosysopc.ua.client.ConnectException: Failed to create secure channel to server: : opc.tcp://10.249.xx.xx:4840 [http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256,Sign] ServiceResult=Bad_ConnectionClosed (0x80AE0000) “The network connection has been closed.

I’m not sure why, the code base is exactly the same its just being compiled on Android. Other types of authentication (anonymous and username/password) still work.

I have attached my two SampleConsoleClient (renamed to be CertConnection) in this GitHub repo. The ‘Script’ directory is the SampleConsoleClient that I modified and it works fine. The other directory is the SampleConsoleClient that worked that I slightly modified to work in Android but I get the above error message.

https://github.com/yaron-e/opcUA

Thank you for helping!

March 29, 2022
11:04, EEST
Avatar
Matti Siponen
Moderator
Members

Moderators
Forum Posts: 349
Member Since:
February 11, 2020
sp_UserOfflineSmall Offline

Hello,

We don’t debug code posted at this forum for errors.

If the code is working elsewhere but not on Android, it could be that BouncyCastle libraries are used on Android instead of the correct SpongyCastle libraries. In addition to the libraries in the “lib” folder of the SDK distribution, libraries in the “lib-android” folder of the SDK distribution must be used when working on Android. Let the libraries from “lib-android” folder overwrite the libraries from “lib” folder in your project.

If using the correct libraries doesn’t solve the issue, can you provide a full stack trace that lead to com.prosysopc.ua.client.ConnectException?

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
9 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 728

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1529

Posts: 6471

Newest Members:

ellis87832073466, zkxwilliemae, gabriellabachus, Deakin, KTP25Zof, Wojciech Kubala, efrennowell431, wilfredostuart, caitlynfajardo, jeromechubb7

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0

Administrators: admin: 1