Log In
Register
Forum
Topic RSS
8:46, EET
January 30, 2013
Offline
Hello.
We have built an OPC server using the latest OPC UA Java SDK version an OPC server and faced some errors if a specific OPC client connects.
Below you will find the detailed diagnostic information of the OPC SDK. The error outputs are continually repeated approx. every 12 seconds.
We used following version of the OPC SDK:
bcprov-jdk16-146.jar
log4j-1.2.15.jar
Opc.Ua.Stack-1.01.320.2.jar
Prosys-OPC-UA-Java-SDK-Client-Server-Binary-1.3.4-4616.jar
Our server runs under JRE Version 1.6.0_27
OPC Server and OPC client are running on different machines.
OPC Client which causes the errors on OPC server side: Atvise 2.2
http://www.atvise.com/
Note: If we use the OPC client “UA Demo-Client UaExpert”, no errors occurs and everything is working fine.
What could be the reason and what can we do to fix this problem?
Is the OPC client Atvise not compatible with the OPC Java SDK?
Is the reason a bug of the OPC Java SDK or a bug of the OPC client?
Sends the OPC client something which the OPC server cannot handle?
Is there something what we can check in our code?
System.out
* Prosys OPC UA Java SDK vnull
* (c) Prosys PMS Ltd.
* Running in EVALUATION mode
* Connections will close after 120 minutes
01/29/2013 14:17:17.217 INFO[WrapperListener_start_runner] com.prosysopc.ua.ApplicationIdentity – Creating a new application certificate & private key
01/29/2013 14:17:17.733 INFO [WrapperListener_start_runner] com.prosysopc.ua.ApplicationIdentity – Created a new Certificate: C=DE, O=Miditec Datensysteme GmbH, CN=MtzOpcServer; ApplicationURI=urn:A8-SERVER02:UA:MtzOpcServer KeySize=1024
01/29/2013 14:18:21.498 INFO [OPC Manager Worker Thread] com.prosysopc.ua.server.UaServer – Server endpoint bound to opc.tcp://192.168.8.2:52520/miditec/opc
01/29/2013 14:18:21.498 INFO [OPC Manager Worker Thread] com.prosysopc.ua.server.UaServer – Discovery endpoint bound to opc.tcp://192.168.8.2:52520
01/29/2013 14:18:21.498 INFO [OPC Manager Worker Thread] com.prosysopc.ua.server.UaServer – Server endpoint bound to opc.tcp://localhost:52520/miditec/opc
01/29/2013 14:18:21.498 INFO [OPC Manager Worker Thread] com.prosysopc.ua.server.UaServer – Discovery endpoint bound to opc.tcp://localhost:52520
01/29/2013 14:18:21.498 INFO [OPC Manager Worker Thread] com.prosysopc.ua.server.UaServer – Server endpoint bound to opc.tcp://A8-SERVER02:52520/miditec/opc
01/29/2013 14:18:21.498 INFO [OPC Manager Worker Thread] com.prosysopc.ua.server.UaServer – Discovery endpoint bound to opc.tcp://A8-SERVER02:52520
01/29/2013 14:18:21.983 INFO [Blocking-Work-Executor-1] com.prosysopc.ua.server.SessionManager – Session created: null
01/29/2013 14:18:23.061 INFO [Blocking-Work-Executor-2] com.prosysopc.ua.server.SessionManager – Session NOT activated: null – Error in asymmetric decrypt
01/29/2013 14:18:23.061 INFO [Blocking-Work-Executor-1] com.prosysopc.ua.server.SessionManager – Session closed: null
01/29/2013 14:18:26.186 INFO [Blocking-Work-Executor-3] com.prosysopc.ua.server.SessionManager – Session created: null
01/29/2013 14:18:26.201 ERROR [Blocking-Work-Executor-4] org.opcfoundation.ua.application.ServiceHandlerComposition – While handling ActivateSessionRequest (id=8850991)
UserTokenSignature=SignatureData (id=11816628)
Signature=null
Algorithm=null
LocaleIds=class java.lang.String[1]
[0]=en
ClientSoftwareCertificates=class org.opcfoundation.ua.core.SignedSoftwareCertificate[0]
ClientSignature=SignatureData (id=26947503)
Signature=null
Algorithm=null
UserIdentityToken=ExtensionObject (id=22527820)
encodeType=EncodeType (id=30430942)
ordinal=0
name=Binary
object=byte[] (id=26607396)
typeId=NodeId (id=10601858)
value=UnsignedInteger (id=11408275)
value=324
type=IdType (id=8855141)
ordinal=0
name=Numeric
namespaceIndex=0
hash=-1557737243
RequestHeader=RequestHeader (id=6233160)
AuditEntryId=null
AuthenticationToken=NodeId (id=3795544)
value=UnsignedInteger (id=4746461)
value=2
type=IdType (id=8855141)
namespaceIndex=0
RequestHandle=UnsignedInteger (id=4746461)
Timestamp=DateTime (id=14891765)
value=130039391067672544
AdditionalHeader=null
ReturnDiagnostics=UnsignedInteger (id=1266014)
value=0
TimeoutHint=UnsignedInteger (id=3392486)
value=5000
ServiceFault: Bad_InternalError (0x80020000) “An internal error occurred as a result of a programming or configuration error.”
Diagnostic Info: org.bouncycastle.crypto.DataLengthException: input too large for RSA cipher.
at org.bouncycastle.crypto.engines.RSACoreEngine.convertInput(Unknown Source)
at org.bouncycastle.crypto.engines.RSABlindedEngine.processBlock(Unknown Source)
at org.bouncycastle.crypto.encodings.OAEPEncoding.decodeBlock(Unknown Source)
at org.bouncycastle.crypto.encodings.OAEPEncoding.processBlock(Unknown Source)
at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.prosysopc.ua.SecureIdentity.a(Unknown Source)
at com.prosysopc.ua.SecureIdentity.decrypt(Unknown Source)
at com.prosysopc.ua.UserIdentity.decryptPassword(Unknown Source)
at com.prosysopc.ua.server.SessionManager$ServerUserIdentity.(Unknown Source)
at com.prosysopc.ua.server.SessionManager.activateSession(Unknown Source)
at com.prosysopc.ua.server.SessionServiceHandler.onActivateSession(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition$1.serve(Unknown Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition.serve(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpServer$UATcpServerConnection$UATcpServerSecureChannel.onSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpServer$UATcpServerConnection.onSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpConnection$3.onMessageComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.fireComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.setMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder$1.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition$1.serve(Unknown Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition.serve(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpServer$UATcpServerConnection$UATcpServerSecureChannel.onSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpServer$UATcpServerConnection.onSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpConnection$3.onMessageComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.fireComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.setMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder$1.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.bouncycastle.crypto.DataLengthException: input too large for RSA cipher.
at org.bouncycastle.crypto.engines.RSACoreEngine.convertInput(Unknown Source)
at org.bouncycastle.crypto.engines.RSABlindedEngine.processBlock(Unknown Source)
at org.bouncycastle.crypto.encodings.OAEPEncoding.decodeBlock(Unknown Source)
at org.bouncycastle.crypto.encodings.OAEPEncoding.processBlock(Unknown Source)
at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.prosysopc.ua.SecureIdentity.a(Unknown Source)
at com.prosysopc.ua.SecureIdentity.decrypt(Unknown Source)
at com.prosysopc.ua.UserIdentity.decryptPassword(Unknown Source)
at com.prosysopc.ua.server.SessionManager$ServerUserIdentity.(Unknown Source)
at com.prosysopc.ua.server.SessionManager.activateSession(Unknown Source)
at com.prosysopc.ua.server.SessionServiceHandler.onActivateSession(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
… 11 more
This error output is continually repeated approx. every 12 seconds.
System.err
javax.crypto.BadPaddingException: data hash wrong
at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.prosysopc.ua.SecureIdentity.a(Unknown Source)
at com.prosysopc.ua.SecureIdentity.decrypt(Unknown Source)
at com.prosysopc.ua.UserIdentity.decryptPassword(Unknown Source)
at com.prosysopc.ua.server.SessionManager$ServerUserIdentity.(Unknown Source)
at com.prosysopc.ua.server.SessionManager.activateSession(Unknown Source)
at com.prosysopc.ua.server.SessionServiceHandler.onActivateSession(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition$1.serve(Unknown Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition.serve(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpServer$UATcpServerConnection$UATcpServerSecureChannel.onSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpServer$UATcpServerConnection.onSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpConnection$3.onMessageComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.fireComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.setMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder$1.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
This error output is continually repeated approx. every 12 seconds.
Thanks in advance for any help.
Oliver
10:39, EET
December 21, 2011
Offline
It seems that there is an incompatibilty with the encryption/decryption of the UserIdentityToken.
Do you have more information of the user token policy that is used? Can you connect with an Anonymous user token?
15:01, EET
January 30, 2013
Offline
Jouni Aro said
It seems that there is an incompatibilty with the encryption/decryption of the UserIdentityToken.
Do you have more information of the user token policy that is used? Can you connect with an Anonymous user token?
For the OPC server we set following UserTokenPolicy
.setSecurityModes(SecurityMode.ALL);
.addUserTokenPolicy(UserTokenPolicy.SECURE_USERNAME_PASSWORD_BASIC256);
.addUserTokenPolicy(UserTokenPolicy.SECURE_USERNAME_PASSWORD);
In the ativse OPC client we set user name and password and tried as security mode “none” and “Basic256”.
But in all cases we get the above mentioned error messages.
Oliver
17:21, EET
December 21, 2011
Offline
Can you try with Basic128Rsa15?
7:27, EET
January 30, 2013
Offline
Jouni Aro said
Can you try with Basic128Rsa15?
Yes, in the atvise OPC client we tried already all possible security modes “none”, “Basis256” and “Basic128Rsa15”.
But the error message in the OPC stack is always the same.
In the call stack above you can see, that the password can somehow not decrypted.
..
at com.prosysopc.ua.UserIdentity.decryptPassword(Unknown Source)
..
Oliver
8:43, EET
December 21, 2011
Offline
miditec said
In the call stack above you can see, that the password can somehow not decrypted.
Yes, I just wanted to make sure that it does not depend on the security mode. I think you should contact atvise and request that they investigate the issue as well. This is an interoperability problem and we have not had such issues in other interoperability tests, so I would suspect the client is not encrypting the password properly.
13:40, EET
January 30, 2013
Offline
Jouni Aro said
miditec said
In the call stack above you can see, that the password can somehow not decrypted.Yes, I just wanted to make sure that it does not depend on the security mode. I think you should contact atvise and request that they investigate the issue as well. This is an interoperability problem and we have not had such issues in other interoperability tests, so I would suspect the client is not encrypting the password properly.
I just want to inform you that the problem is solved.
The invalid requests to the OPC server where made by another 3rd party application, which has nothing to do with OPC.
So it was not a problem caused by the ativse OPC client.
Unfortunately the 3rd party application tries connection to the OPC listener port.
Thanks.
Oliver
Most Users Ever Online: 1919
Currently Online:
14 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 738
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1529
Posts: 6471
Newest Members:
mickey21654, donnyredmond08, keesha4235, cheribruce, candacekolb4, Garmcrypto7Zof, calebhardison, susannahdingle7, inilarythikibia, rickykennionModerators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0
Administrators: admin: 1
