Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
OPC Client.connect failed to connect to server with encryption
December 11, 2017
13:41, EET
Avatar
HA198273465
Member
Members
Forum Posts: 8
Member Since:
November 29, 2017
sp_UserOfflineSmall Offline

Hello im using the Java SDK to write a Android App for OPC monitoring. It should have Security enable so i try to connect to the ProSysopcsimulationserver with client.setSecurityMode(SecurityMode.BASIC128RSA15_SIGN_ENCRYPT);

it Creates a certificate and i can trust it in the server. But when i call client.connect() the connection is terminated with :

E/connect: com.prosysopc.ua.client.ConnectException: Failed to create secure channel to server: : opc.tcp://******:53530/OPCUA/SimulationServer [http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15,SignAndEncrypt] ServiceResult=Bad_UnexpectedError (0x80010000) “An unexpected error occurred.”

do anybody know what the error message could be caused by?

Greetings

December 11, 2017
14:27, EET
Avatar
Heikki Tahvanainen
Moderator
Members

Moderators
Forum Posts: 402
Member Since:
April 17, 2013
sp_UserOfflineSmall Offline

Hi,

Are you able to create the connection succesfully when using SecurityMode.NONE?

Initially it sounds like the error is not related to application instance certificates but instead there’s something else going wrong.

December 11, 2017
15:09, EET
Avatar
HA198273465
Member
Members
Forum Posts: 8
Member Since:
November 29, 2017
sp_UserOfflineSmall Offline

Hello and thanks for the fast reply,

yes without security im able to connect to the server, browse, read and set variables.

December 11, 2017
23:04, EET
Avatar
HA198273465
Member
Members
Forum Posts: 8
Member Since:
November 29, 2017
sp_UserOfflineSmall Offline

Hallo after a few more tests i found this in the server log. Maybe someone knows what this means:

Certificate ‘******…* was added to trusted certificates

Decrypt inputBlockSize=256, outputBlockSize=245, dataToDecrypt.length =256

addChunk: failed

setError[when done]

Thanks for help

December 13, 2017
13:46, EET
Avatar
Heikki Tahvanainen
Moderator
Members

Moderators
Forum Posts: 402
Member Since:
April 17, 2013
sp_UserOfflineSmall Offline

Hello,

As a first thing, thank you for reporting this. This is not a known issue. The Prosys OPC UA Java SDK should work on all Android versions 4 or later.

It seems that the server application experiences an error situation when it tries to handle OpenSecureChannel request from the client. The client probably send the request in somehow incorrect format.

To investigate further, could you mention the following things:
1) What is the android version that you’re using?

2) How are you creating the Application Instance certificates and then connecting to the server? This should be a fairly short piece of code so you can post the snippet here on the forum, or alternatively send email to us. One important detail is that on Android, the CryptoProvider must be explicitly set. Please see this forum post for more details: https://forum.prosysopc.com/forum/opc-ua-java-sdk/classcastexception-with-android-rsaprivatecrtkey/

3) Have you tested our ready made Android client application on this platform? The Prosys OPC UA Client for Android is available for download from Google Play (https://play.google.com/store/apps/details?id=com.prosysopc.ua.android2). Alternatively we can also provide you with a separate installation package.

December 13, 2017
16:36, EET
Avatar
Heikki Tahvanainen
Moderator
Members

Moderators
Forum Posts: 402
Member Since:
April 17, 2013
sp_UserOfflineSmall Offline

And as an additional point: could you use the SampleConsoleServer as the test server?

Seems that the Debug Log of Simulation Server does not show the full logging output including the exception stack trace. The lines “INFO addChunk: failed” and “INFO setError[when done]” should be followed by a stack trace showing the original exception. The SDK package is supplied with an example command line application SampleConsoleServer. In SampleConsoleServer, you can configure and show the logging output more freely.

To show these logging messages, you need to modify the log.properties file and set the Stack logging messsages to INFO level:
log4j.logger.org.opcfoundation.ua=INFO

Otherwise you can just run the SampleConsoleServer application without any other modifications.

Seeing the actual Exception message might provide a lot of help.

December 15, 2017
13:40, EET
Avatar
HA198273465
Member
Members
Forum Posts: 8
Member Since:
November 29, 2017
sp_UserOfflineSmall Offline

1) im using SDK 22 cause its the newest one working wit the device we have to use.

2) i had a look at the client example and im using following code to create a certificate and connect:

ApplicationIdentity identity= new ApplicationIdentity();

UaClient client = new UaClient(serverUrl);
final PkiFileBasedCertificateValidator validator = new PkiFileBasedCertificateValidator();
client.setCertificateValidator(validator);
validator.setValidationListener(validationListener);
ApplicationDescription applicationDescription = new ApplicationDescription();
applicationDescription.setApplicationName(new LocalizedText(APP_NAME, Locale.ENGLISH));
applicationDescription.setApplicationUri(“urn:localhost:UA:” + APP_NAME);
applicationDescription.setProductUri(“urn:prosysopc.com:UA:” + APP_NAME);
applicationDescription.setApplicationType(ApplicationType.Client);

File privat_path = new File((Environment.getExternalStorageDirectory() + File.separator + validator.getBaseDir() + File.separator + “private”));

Log.e(this.getLocalClassName(), privat_path.getPath().toString());

try {
identity = ApplicationIdentity
.loadOrCreateCertificate(applicationDescription, “Sample Organisation”,
/* protected Key Password */”opcua”,
/* Key File Path */privat_path,
/* Enable renewing the certificate */true);

}
catch (com.prosysopc.ua.SecureIdentityException ua)
{
Log.e(this.getLocalClassName(),ua.toString());
}
catch (IOException ua)
{
Log.e(this.getLocalClassName(),ua.toString());
}
catch (Exception e){
Log.e(this.getLocalClassName(),e.toString());

}

client.setApplicationIdentity(identity);

client.setLocale(Locale.ENGLISH);

client.setTimeout(30000);
client.setStatusCheckTimeout(10000);
client.setSecurityMode(SecurityMode.BASIC128RSA15_SIGN_ENCRYPT);
// client.setSecurityMode(SecurityMode.NONE);
// client.setUserIdentity(new UserIdentity(APP_NAME, APP_NAME+”12345″));
client.getEndpointConfiguration().setMaxByteStringLength(
Integer.MAX_VALUE);
client.getEndpointConfiguration().setMaxArrayLength(Integer.MAX_VALUE);

client.connect();

3) I tried to connect with the sample client and it works.

If i connect my app to the sampleconsoleserver i get the following execption:

12/15/2017 10:58:40.612 ERROR Bad padding
javax.crypto.BadPaddingException: Decryption error
at sun.security.rsa.RSAPadding.unpadV15(RSAPadding.java:380)
at sun.security.rsa.RSAPadding.unpad(RSAPadding.java:291)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:363)
at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:401)
at javax.crypto.Cipher.doFinal(Cipher.java:2377)
at org.opcfoundation.ua.transport.tcp.impl.ChunkAsymmDecryptVerifier.rsa_Decrypt(Unknown Source)
at org.opcfoundation.ua.transport.tcp.impl.ChunkAsymmDecryptVerifier.decrypt(Unknown Source)
at org.opcfoundation.ua.transport.tcp.impl.ChunkAsymmDecryptVerifier.run(Unknown Source)
at org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder$2.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
activateAlarm: severity=500

Thanks for help

December 15, 2017
15:12, EET
Avatar
Heikki Tahvanainen
Moderator
Members

Moderators
Forum Posts: 402
Member Since:
April 17, 2013
sp_UserOfflineSmall Offline

Hi,

Thank you for the answer including the code snippet. However, the answer doesn’t show if you set the CryptoProvider. Wrong CryptoProvider could be one possible reason for this error situation.

When developing for Android, you need to use SpongyCastle instead of the default BouncyCastle. Typically the SDK takes care of this, but the current version has a known issue where the selection isn’t made and will be fixed in a future release. Please add the following line before making any OPC UA connections:

CryptoUtil.setCryptoProvider(new ScJceCryptoProvider());

Note that you have to include the SpongyCastle libraries delivered with the SDK in your project.

Please see this forum post for more details: https://forum.prosysopc.com/forum/opc-ua-java-sdk/classcastexception-with-android-rsaprivatecrtkey/

December 16, 2017
17:07, EET
Avatar
HA198273465
Member
Members
Forum Posts: 8
Member Since:
November 29, 2017
sp_UserOfflineSmall Offline

hello can you tell me which files i have to include to the project

December 17, 2017
13:21, EET
Avatar
HA198273465
Member
Members
Forum Posts: 8
Member Since:
November 29, 2017
sp_UserOfflineSmall Offline

Hello i have only an evaluation stack and everytime i got a error message with:

cannot resolve method “setCryptoProvider”

ive tried now with

client.setSecurityMode(SecurityMode.BASIC256_SIGN_ENCRYPT);

and i got all the session created messages in the server log but my app crashes with :

FATAL EXCEPTION: AsyncTask #2
Process: de.opc_uc_marcus_test, PID: 3348
java.lang.RuntimeException: An error occured while executing doInBackground()
at android.os.AsyncTask$3.done(AsyncTask.java:304)
at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:355)
at java.util.concurrent.FutureTask.setException(FutureTask.java:222)
at java.util.concurrent.FutureTask.run(FutureTask.java:242)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
Caused by: java.lang.NoClassDefFoundError: Failed resolution of: Lsun/security/util/DerValue;
at com.prosysopc.ua.PkiFileBasedCertificateValidator.getSubjectAlternativeNames(Unknown Source)
at com.prosysopc.ua.PkiFileBasedCertificateValidator.getApplicationUriOfCertificate(Unknown Source)
at com.prosysopc.ua.PkiFileBasedCertificateValidator.validateCertificate(Unknown Source)
at com.prosysopc.ua.PkiFileBasedCertificateValidator.validateCertificate(Unknown Source)
at com.prosysopc.ua.UaApplication.validateApplicationCertificate(Unknown Source)
at com.prosysopc.ua.client.UaClient.connect(Unknown Source)
at de.opc_uc_marcus_test.MainActivity$MyTask.doInBackground(MainActivity.java:317)
at de.opc_uc_marcus_test.MainActivity$MyTask.doInBackground(MainActivity.java:290)
at android.os.AsyncTask$2.call(AsyncTask.java:292)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231) 
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) 
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) 
at java.lang.Thread.run(Thread.java:818) 
Caused by: java.lang.ClassNotFoundException: Didn’t find class “sun.security.util.DerValue” on path: DexPathList[[zip file “/data/app/de.opc_uc_marcus_test-2/base.apk”],nativeLibraryDirectories=[/vendor/lib64, /system/lib64]]
at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)
at java.lang.ClassLoader.loadClass(ClassLoader.java:511)
at java.lang.ClassLoader.loadClass(ClassLoader.java:469)
at com.prosysopc.ua.PkiFileBasedCertificateValidator.getSubjectAlternativeNames(Unknown Source) 
at com.prosysopc.ua.PkiFileBasedCertificateValidator.getApplicationUriOfCertificate(Unknown Source) 
at com.prosysopc.ua.PkiFileBasedCertificateValidator.validateCertificate(Unknown Source) 
at com.prosysopc.ua.PkiFileBasedCertificateValidator.validateCertificate(Unknown Source) 
at com.prosysopc.ua.UaApplication.validateApplicationCertificate(Unknown Source) 
at com.prosysopc.ua.client.UaClient.connect(Unknown Source) 
at de.opc_uc_marcus_test.MainActivity$MyTask.doInBackground(MainActivity.java:317) 
at de.opc_uc_marcus_test.MainActivity$MyTask.doInBackground(MainActivity.java:290) 
at android.os.AsyncTask$2.call(AsyncTask.java:292) 
at java.util.concurrent.FutureTask.run(FutureTask.java:237) 
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231) 
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) 
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) 
at java.lang.Thread.run(Thread.java:818) 
Suppressed: java.lang.ClassNotFoundException: sun.security.util.DerValue
at java.lang.Class.classForName(Native Method)
at java.lang.BootClassLoader.findClass(ClassLoader.java:781)
at java.lang.BootClassLoader.loadClass(ClassLoader.java:841)
at java.lang.ClassLoader.loadClass(ClassLoader.java:504)
… 15 more
Caused by: java.lang.NoClassDefFoundError: Class not found using the boot class loader; no stack available

is it the same problem???

December 18, 2017
12:11, EET
Avatar
Heikki Tahvanainen
Moderator
Members

Moderators
Forum Posts: 402
Member Since:
April 17, 2013
sp_UserOfflineSmall Offline

Hi,

The Spongy Castle libraries are the “sc*.jar” libraries in the lib-folder. Meaning sc-core, scpkix, scprov. You need to add these to the Build Path of the project.

Then, in your application code, you need to set the Spongy Castle in use with:

CryptoUtil.setCryptoProvider(new ScJceCryptoProvider());

The CryptoUtil class (org.opcfoundation.ua.utils.CryptoUtil) is part of the OPC Foundation Java Stack. Prosys OPC UA Java SDK is based on the OPC Foundation Java Stack.

December 22, 2017
12:36, EET
Avatar
HA198273465
Member
Members
Forum Posts: 8
Member Since:
November 29, 2017
sp_UserOfflineSmall Offline

ok now I’ve included all the files an i got :
FATAL EXCEPTION: AsyncTask #2
Process: de.opc_uc_marcus_test, PID: 3458
java.lang.RuntimeException: An error occured while executing doInBackground()
at android.os.AsyncTask$3.done(AsyncTask.java:304)
at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:355)
at java.util.concurrent.FutureTask.setException(FutureTask.java:222)
at java.util.concurrent.FutureTask.run(FutureTask.java:242)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
Caused by: java.lang.NoSuchMethodError: No virtual method addApplicationInstanceCertificate(Lorg/opcfoundation/ua/transport/security/KeyPair;)V in class Lorg/opcfoundation/ua/application/Client; or its super classes (declaration of ‘org.opcfoundation.ua.application.Client’ appears in /data/app/de.opc_uc_marcus_test-1/base.apk)
at com.prosysopc.ua.client.UaClient.p(Unknown Source)
at com.prosysopc.ua.client.UaClient.connect(Unknown Source)
at de.opc_uc_marcus_test.MainActivity$MyTask.doInBackground(MainActivity.java:327)
at de.opc_uc_marcus_test.MainActivity$MyTask.doInBackground(MainActivity.java:293)
at android.os.AsyncTask$2.call(AsyncTask.java:292)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231) 
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) 
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) 
at java.lang.Thread.run(Thread.java:818) 

I’ve read something in the ops ua stack readme, that i have to include some extra files if i want to use ScJCE..

If any of the …JceCryptoProvider is used, you will have to install the JCE Unlimited Strength
Jurisdiction Policy Files, from Oracle (for Java 6, 7 or 8, respectively), to enable support for
256 bit security policies:

JRE6: http://www.oracle.com/technetw…..29243.html
JRE7: http://www.oracle.com/technetw…..32124.html
JRE8: http://www.oracle.com/technetw…..33166.html

does i have to do this too, or is it included in Prosys stack?

December 22, 2017
13:31, EET
Avatar
Heikki Tahvanainen
Moderator
Members

Moderators
Forum Posts: 402
Member Since:
April 17, 2013
sp_UserOfflineSmall Offline

Hi,

This is not related to JCE policy files. Actually you don’t need to use them when utilizing Spongy Castle.

The error message itself is very clear “NoSuchMethodError” even though the reason for this issue is not clear right away. One potential error source could be that an obfuscator such as ProGuard somehow changes the Client class (org/opcfoundation/ua/application/Client).

The Android Studio may use ProGuard by default. Please start by disabling ProGuard or similar tools and rebuild the project. After this, you can see if the error was caused by by the build process.

December 22, 2017
14:08, EET
Avatar
Heikki Tahvanainen
Moderator
Members

Moderators
Forum Posts: 402
Member Since:
April 17, 2013
sp_UserOfflineSmall Offline

And by the way, my earlier instruction about using ScJceCryptoProvider was not the recommended way. Actually you should use

CryptoUtil.setCryptoProvider(new ScCryptoProvider());

The current model related to the different CryptoProviders is somewhat complex because there’s the ‘native’ JCE options as well as the non-JCE options. But this is not causing the current NoSuchMethodError issue.

January 4, 2018
16:03, EET
Avatar
HA198273465
Member
Members
Forum Posts: 8
Member Since:
November 29, 2017
sp_UserOfflineSmall Offline

Many Many thanks for help. Ive got a connection now but i have to accept it everytime, even when i press always.
in the logs there is the part:

*** The Server Certificate :
01-04 13:46:42.493 7073-7093/de.opc_uc_marcus_test E/App: Subject : OID.0.9.2342.19200300.100.1.25=#161B53746566616E732D4D6163426F6F6B2D50726F2D332E6C6F63616C, O=Prosys OPC, CN=SimulationServer
01-04 13:46:42.493 7073-7093/de.opc_uc_marcus_test E/App: Issued by : OID.0.9.2342.19200300.100.1.25=#161B53746566616E732D4D6163426F6F6B2D50726F2D332E6C6F63616C, O=Prosys OPC, CN=SimulationServer
01-04 13:46:42.494 7073-7093/de.opc_uc_marcus_test E/App: Valid from: Thu Jan 04 12:14:21 GMT+00:00 2018
01-04 13:46:42.494 7073-7093/de.opc_uc_marcus_test E/App: to: Sun Jan 02 13:14:21 GMT+00:00 2028
01-04 13:46:42.494 7073-7093/de.opc_uc_marcus_test E/App: * The Certificate URI DOES NOT MATCH the ApplicationDescription URI!
01-04 13:46:42.494 7073-7093/de.opc_uc_marcus_test E/App: ApplicationURI in ApplicationDescription = urn:StefanMBP.local:OPCUA:SimulationServer
01-04 13:46:42.494 7073-7093/de.opc_uc_marcus_test E/App: * The Certificate is self-signed.
01-04 13:46:42.496 7073-7093/de.opc_uc_marcus_test E/App: Note: If the certificate is not OK,
01-04 13:46:42.497 7073-7093/de.opc_uc_marcus_test E/App: you will be prompted again, even if you answer ‘Always’ here.
01-04 13:46:42.497 7073-7093/de.opc_uc_marcus_test E/App: Do you want to accept this certificate?
(A=Always, Y=Yes, this time, N=No)
(D=Show Details of the Certificate)

How can i pass this ApplicationURI error ? And where do i have to put the Name of the Simulationserver in?

i use the standard method to generate a certificate like this:

identity = ApplicationIdentity
.loadOrCreateCertificate(applicationDescription, applicationDescription.getApplicationUri(),
/* protected Key Password */”opcua”,
/* Key File Path */privat_path,
/* Enable renewing the certificate */true);

ApplicationDescription applicationDescription = new ApplicationDescription();
applicationDescription.setApplicationName(new LocalizedText(APP_NAME, Locale.ENGLISH));
applicationDescription.setApplicationUri(“urn:StefanMBP.local:OPCUA:SimulationServer”);
applicationDescription.setProductUri(“urn:prosysopc.com:UA:” + APP_NAME);
applicationDescription.setApplicationType(ApplicationType.Client);

January 4, 2018
16:35, EET
Avatar
Heikki Tahvanainen
Moderator
Members

Moderators
Forum Posts: 402
Member Since:
April 17, 2013
sp_UserOfflineSmall Offline

Hi,

If I understand correctly, you are now connecting from your Android application (made with Prosys OPC UA Java SDK) to a test server that you also made using the SDK. And you see this error message in the client application. Please correct me if I understood this part incorrectly.

The problem is that the self-signed certificate of the server does not contain the same ApplicationURI in the application instance certificate (field Subject Alternative Name) and in the ApplicationDescription. I will shortly outline the issues below, but you are actually better off if you take a look at the example application SampleConsoleServer. The initialize method will show you an example on how to create the ApplicationDescription and ApplicationIdentity.

Things to correct:
1) Please start by first defining the ApplicationDescription and only after this using it in the ApplicationIdentity.loadOrCreateCertificate method.
2) You can use ‘localhost’ (all lower case) in the ApplicationName and ApplicationURI. This will be converted to the actual host name of the computer.
3) If I understood correctly, this is not a client application so the ApplicationType should be ApplicationType.Server.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 518

Currently Online:
14 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 135

pramanj: 86

Francesco Zambon: 81

ibrahim: 75

rocket science: 75

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

fred: 41

Member Stats:

Guest Posters: 0

Members: 707

Moderators: 16

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1466

Posts: 6253

Newest Members:

christi10l, ahamad1, Flores Frederick, ellenmoss, harriettscherer, shanonhumphreys, KupimotoblokfuB, tamhollander5, paulinafcf, bridgette18l

Moderators: Jouni Aro: 1009, Otso Palonen: 32, Tuomas Hiltunen: 5, Pyry: 1, Petri: 0, Bjarne Boström: 982, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 26, Teppo Uimonen: 21, Markus Johansson: 42, Niklas Nurminen: 0, Matti Siponen: 319, Lusetti: 0, Ari-Pekka Soikkeli: 5

Administrators: admin: 1