Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
OPC Client causes server errors / javax.crypto.BadPaddingException: data hash wrong
January 30, 2013
8:46, EEST
Avatar
miditec
Member
Members
Forum Posts: 4
Member Since:
January 30, 2013
sp_UserOfflineSmall Offline

Hello.

We have built an OPC server using the latest OPC UA Java SDK version an OPC server and faced some errors if a specific OPC client connects.
Below you will find the detailed diagnostic information of the OPC SDK. The error outputs are continually repeated approx. every 12 seconds.

We used following version of the OPC SDK:
bcprov-jdk16-146.jar
log4j-1.2.15.jar
Opc.Ua.Stack-1.01.320.2.jar
Prosys-OPC-UA-Java-SDK-Client-Server-Binary-1.3.4-4616.jar

Our server runs under JRE Version 1.6.0_27

OPC Server and OPC client are running on different machines.

OPC Client which causes the errors on OPC server side: Atvise 2.2
http://www.atvise.com/

Note: If we use the OPC client “UA Demo-Client UaExpert”, no errors occurs and everything is working fine.

What could be the reason and what can we do to fix this problem?
Is the OPC client Atvise not compatible with the OPC Java SDK?
Is the reason a bug of the OPC Java SDK or a bug of the OPC client?
Sends the OPC client something which the OPC server cannot handle?
Is there something what we can check in our code?

System.out

* Prosys OPC UA Java SDK vnull
* (c) Prosys PMS Ltd.

* Running in EVALUATION mode
* Connections will close after 120 minutes

01/29/2013 14:17:17.217 INFO[WrapperListener_start_runner] com.prosysopc.ua.ApplicationIdentity – Creating a new application certificate & private key
01/29/2013 14:17:17.733 INFO [WrapperListener_start_runner] com.prosysopc.ua.ApplicationIdentity – Created a new Certificate: C=DE, O=Miditec Datensysteme GmbH, CN=MtzOpcServer; ApplicationURI=urn:A8-SERVER02:UA:MtzOpcServer KeySize=1024
01/29/2013 14:18:21.498 INFO [OPC Manager Worker Thread] com.prosysopc.ua.server.UaServer – Server endpoint bound to opc.tcp://192.168.8.2:52520/miditec/opc
01/29/2013 14:18:21.498 INFO [OPC Manager Worker Thread] com.prosysopc.ua.server.UaServer – Discovery endpoint bound to opc.tcp://192.168.8.2:52520
01/29/2013 14:18:21.498 INFO [OPC Manager Worker Thread] com.prosysopc.ua.server.UaServer – Server endpoint bound to opc.tcp://localhost:52520/miditec/opc
01/29/2013 14:18:21.498 INFO [OPC Manager Worker Thread] com.prosysopc.ua.server.UaServer – Discovery endpoint bound to opc.tcp://localhost:52520
01/29/2013 14:18:21.498 INFO [OPC Manager Worker Thread] com.prosysopc.ua.server.UaServer – Server endpoint bound to opc.tcp://A8-SERVER02:52520/miditec/opc
01/29/2013 14:18:21.498 INFO [OPC Manager Worker Thread] com.prosysopc.ua.server.UaServer – Discovery endpoint bound to opc.tcp://A8-SERVER02:52520
01/29/2013 14:18:21.983 INFO [Blocking-Work-Executor-1] com.prosysopc.ua.server.SessionManager – Session created: null
01/29/2013 14:18:23.061 INFO [Blocking-Work-Executor-2] com.prosysopc.ua.server.SessionManager – Session NOT activated: null – Error in asymmetric decrypt
01/29/2013 14:18:23.061 INFO [Blocking-Work-Executor-1] com.prosysopc.ua.server.SessionManager – Session closed: null
01/29/2013 14:18:26.186 INFO [Blocking-Work-Executor-3] com.prosysopc.ua.server.SessionManager – Session created: null
01/29/2013 14:18:26.201 ERROR [Blocking-Work-Executor-4] org.opcfoundation.ua.application.ServiceHandlerComposition – While handling ActivateSessionRequest (id=8850991)
UserTokenSignature=SignatureData (id=11816628)
Signature=null
Algorithm=null
LocaleIds=class java.lang.String[1]
[0]=en
ClientSoftwareCertificates=class org.opcfoundation.ua.core.SignedSoftwareCertificate[0]
ClientSignature=SignatureData (id=26947503)
Signature=null
Algorithm=null
UserIdentityToken=ExtensionObject (id=22527820)
encodeType=EncodeType (id=30430942)
ordinal=0
name=Binary
object=byte[] (id=26607396)
typeId=NodeId (id=10601858)
value=UnsignedInteger (id=11408275)
value=324
type=IdType (id=8855141)
ordinal=0
name=Numeric
namespaceIndex=0
hash=-1557737243
RequestHeader=RequestHeader (id=6233160)
AuditEntryId=null
AuthenticationToken=NodeId (id=3795544)
value=UnsignedInteger (id=4746461)
value=2
type=IdType (id=8855141)
namespaceIndex=0
RequestHandle=UnsignedInteger (id=4746461)
Timestamp=DateTime (id=14891765)
value=130039391067672544
AdditionalHeader=null
ReturnDiagnostics=UnsignedInteger (id=1266014)
value=0
TimeoutHint=UnsignedInteger (id=3392486)
value=5000

ServiceFault: Bad_InternalError (0x80020000) “An internal error occurred as a result of a programming or configuration error.”
Diagnostic Info: org.bouncycastle.crypto.DataLengthException: input too large for RSA cipher.
at org.bouncycastle.crypto.engines.RSACoreEngine.convertInput(Unknown Source)
at org.bouncycastle.crypto.engines.RSABlindedEngine.processBlock(Unknown Source)
at org.bouncycastle.crypto.encodings.OAEPEncoding.decodeBlock(Unknown Source)
at org.bouncycastle.crypto.encodings.OAEPEncoding.processBlock(Unknown Source)
at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.prosysopc.ua.SecureIdentity.a(Unknown Source)
at com.prosysopc.ua.SecureIdentity.decrypt(Unknown Source)
at com.prosysopc.ua.UserIdentity.decryptPassword(Unknown Source)
at com.prosysopc.ua.server.SessionManager$ServerUserIdentity.(Unknown Source)
at com.prosysopc.ua.server.SessionManager.activateSession(Unknown Source)
at com.prosysopc.ua.server.SessionServiceHandler.onActivateSession(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition$1.serve(Unknown Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition.serve(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpServer$UATcpServerConnection$UATcpServerSecureChannel.onSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpServer$UATcpServerConnection.onSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpConnection$3.onMessageComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.fireComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.setMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder$1.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

at org.opcfoundation.ua.application.ServiceHandlerComposition$1.serve(Unknown Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition.serve(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpServer$UATcpServerConnection$UATcpServerSecureChannel.onSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpServer$UATcpServerConnection.onSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpConnection$3.onMessageComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.fireComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.setMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder$1.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.bouncycastle.crypto.DataLengthException: input too large for RSA cipher.
at org.bouncycastle.crypto.engines.RSACoreEngine.convertInput(Unknown Source)
at org.bouncycastle.crypto.engines.RSABlindedEngine.processBlock(Unknown Source)
at org.bouncycastle.crypto.encodings.OAEPEncoding.decodeBlock(Unknown Source)
at org.bouncycastle.crypto.encodings.OAEPEncoding.processBlock(Unknown Source)
at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.prosysopc.ua.SecureIdentity.a(Unknown Source)
at com.prosysopc.ua.SecureIdentity.decrypt(Unknown Source)
at com.prosysopc.ua.UserIdentity.decryptPassword(Unknown Source)
at com.prosysopc.ua.server.SessionManager$ServerUserIdentity.(Unknown Source)
at com.prosysopc.ua.server.SessionManager.activateSession(Unknown Source)
at com.prosysopc.ua.server.SessionServiceHandler.onActivateSession(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
… 11 more

This error output is continually repeated approx. every 12 seconds.

System.err
javax.crypto.BadPaddingException: data hash wrong
at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.prosysopc.ua.SecureIdentity.a(Unknown Source)
at com.prosysopc.ua.SecureIdentity.decrypt(Unknown Source)
at com.prosysopc.ua.UserIdentity.decryptPassword(Unknown Source)
at com.prosysopc.ua.server.SessionManager$ServerUserIdentity.(Unknown Source)
at com.prosysopc.ua.server.SessionManager.activateSession(Unknown Source)
at com.prosysopc.ua.server.SessionServiceHandler.onActivateSession(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition$1.serve(Unknown Source)
at org.opcfoundation.ua.application.ServiceHandlerComposition.serve(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpServer$UATcpServerConnection$UATcpServerSecureChannel.onSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpServer$UATcpServerConnection.onSecureMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.UATcpConnection$3.onMessageComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.fireComplete(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.setMessage(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder$1.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

This error output is continually repeated approx. every 12 seconds.

Thanks in advance for any help.

Oliver

January 30, 2013
10:39, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 853
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

It seems that there is an incompatibilty with the encryption/decryption of the UserIdentityToken.

Do you have more information of the user token policy that is used? Can you connect with an Anonymous user token?

January 30, 2013
15:01, EEST
Avatar
miditec
Member
Members
Forum Posts: 4
Member Since:
January 30, 2013
sp_UserOfflineSmall Offline

Jouni Aro said

It seems that there is an incompatibilty with the encryption/decryption of the UserIdentityToken.

Do you have more information of the user token policy that is used? Can you connect with an Anonymous user token?

For the OPC server we set following UserTokenPolicy
.setSecurityModes(SecurityMode.ALL);
.addUserTokenPolicy(UserTokenPolicy.SECURE_USERNAME_PASSWORD_BASIC256);
.addUserTokenPolicy(UserTokenPolicy.SECURE_USERNAME_PASSWORD);

In the ativse OPC client we set user name and password and tried as security mode “none” and “Basic256”.
But in all cases we get the above mentioned error messages.

Oliver

January 30, 2013
17:21, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 853
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Can you try with Basic128Rsa15?

January 31, 2013
7:27, EEST
Avatar
miditec
Member
Members
Forum Posts: 4
Member Since:
January 30, 2013
sp_UserOfflineSmall Offline

Jouni Aro said

Can you try with Basic128Rsa15?

Yes, in the atvise OPC client we tried already all possible security modes “none”, “Basis256” and “Basic128Rsa15”.
But the error message in the OPC stack is always the same.

In the call stack above you can see, that the password can somehow not decrypted.
..
at com.prosysopc.ua.UserIdentity.decryptPassword(Unknown Source)
..

Oliver

January 31, 2013
8:43, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 853
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

miditec said
In the call stack above you can see, that the password can somehow not decrypted.

Yes, I just wanted to make sure that it does not depend on the security mode. I think you should contact atvise and request that they investigate the issue as well. This is an interoperability problem and we have not had such issues in other interoperability tests, so I would suspect the client is not encrypting the password properly.

January 31, 2013
13:40, EEST
Avatar
miditec
Member
Members
Forum Posts: 4
Member Since:
January 30, 2013
sp_UserOfflineSmall Offline

Jouni Aro said

miditec said
In the call stack above you can see, that the password can somehow not decrypted.

Yes, I just wanted to make sure that it does not depend on the security mode. I think you should contact atvise and request that they investigate the issue as well. This is an interoperability problem and we have not had such issues in other interoperability tests, so I would suspect the client is not encrypting the password properly.

I just want to inform you that the problem is solved.
The invalid requests to the OPC server where made by another 3rd party application, which has nothing to do with OPC.
So it was not a problem caused by the ativse OPC client.

Unfortunately the 3rd party application tries connection to the OPC listener port.

Thanks.

Oliver

January 31, 2013
14:36, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 853
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

OK, thanks for the information! A bit odd and unexpected, I would say…

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 267

Currently Online:
11 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 103

pramanj: 86

ibrahim: 70

kapsl: 57

gjevremovic: 49

TimK: 41

Fransua33: 39

fred: 38

Rainer Versteeg: 32

Thomas Reuther: 31

Member Stats:

Guest Posters: 0

Members: 1118

Moderators: 14

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1034

Posts: 4352

Newest Members:

aldayr, Python techie, emanuel45q, Patrick, sammycontrols, hellema, linoy, subranna, ray, richN9177

Moderators: Jouni Aro: 853, Otso Palonen: 32, Tuomas Hiltunen: 5, janimakela: 0, Pyry: 1, Terho: 0, Petri: 0, Bjarne Boström: 559, Heikki Tahvanainen: 402, Jukka Asikainen: 1, Teppo Uimonen: 21, Markus Johansson: 24, Matti Siponen: 64, Lusetti: 0

Administrators: admin: 1