[英]eclipse milo opcua client connection to prosys server problems
I am trying to connect to Prosys opcua simulation server using milo (0.4.2)我正在尝试使用 milo (0.4.2) 连接到 Prosys opcua 模拟服务器
/home/user/.prosysopc/prosys-opc-ua-simulation-server/USERS_PKI/CA/certs /home/user/.prosysopc/prosys-opc-ua-simulation-server/USERS_PKI/CA/certs
/home/user/.prosysopc/prosys-opc-ua-simulation-server/PKI/CA/certs /home/user/.prosysopc/prosys-opc-ua-simulation-server/PKI/CA/certs
I checked that in prosys ui both certificates appeared & look trusted我检查了 prosys ui 中的两个证书都出现并且看起来受信任
finally when I am making connection with auth mode as certificate and transport security as Sign (using all generated on step 1 keys & cerificates) then I run into rather funny exception inside of milo like最后,当我将身份验证模式作为证书和传输安全性作为签名(使用所有在步骤 1 中生成的密钥和证书)进行连接时,然后我在 milo 内部遇到了相当有趣的异常,例如
Exception in thread "main" java.util.concurrent.ExecutionException: UaException: status=Bad_SecurityChecksFailed, message=unknown securityAlgorithmUri: null
at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)
at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)
at de.api.snippets.derReader.main(derReader.java:68)
Caused by: UaException: status=Bad_SecurityChecksFailed, message=unknown securityAlgorithmUri: null
at org.eclipse.milo.opcua.stack.core.security.SecurityAlgorithm.fromUri(SecurityAlgorithm.java:143)
at org.eclipse.milo.opcua.sdk.client.session.SessionFsmFactory.lambda$createSession$49(SessionFsmFactory.java:852)
at org.eclipse.milo.opcua.sdk.client.session.SessionFsmFactory$$Lambda$2643/0000000000000000.apply(Unknown Source)
at java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1072)
And I actually see that these fields come from prosys empty我实际上看到这些字段来自 prosys 空
Basically here I am stuck, as you can see from picture that I requested endpoint with security mode and receive in response I dunno what.基本上我在这里卡住了,正如您从图片中看到的那样,我请求具有安全模式的端点并收到响应,我不知道是什么。 I tried all available SecurityPolicy that milo provides but in all cases I ran into the same situation.我尝试了 milo 提供的所有可用 SecurityPolicy,但在所有情况下我都遇到了相同的情况。
So first question is what must be specified in this securityAlgorithmUri and is anyway to point for prosys to fill it right ?所以第一个问题是必须在这个 securityAlgorithmUri 中指定什么,无论如何要指向 prosys 来填充它吗?
Best I can tell this is a bug in the Prosys stack or server.我能说的最好的是这是 Prosys 堆栈或服务器中的错误。
It doesn't seem to occur when using the standard UA TCP transport, so give that a try instead of HTTPS.使用标准 UA TCP 传输时似乎不会发生这种情况,因此请尝试使用它而不是 HTTPS。
As a reminder: the issue with prosys really was due to usage of opc over https protocol to connect to server.提醒一下:prosys 的问题确实是由于使用 opc over https 协议连接到服务器。
So after I switched to opc over tcp I managed to discover endpoints that made use of certificate to authenticate user and message level security sign&encrypt.因此,在我通过 tcp 切换到 opc 之后,我设法发现了使用证书来验证用户和消息级别安全签名和加密的端点。
btw: if somebody will be in search of script to generate user certificate using opensssl here is a sample conf file:顺便说一句:如果有人要搜索脚本来使用 opensssl 生成用户证书,这里是一个示例 conf 文件:
openssl req -x509 -config openssl_cert.conf -extensions 'my server exts' -nodes \
-days 365 -newkey rsa:2048 -keyout user.key -out user.crt
and file content:和文件内容:
[ req ]
prompt = no
distinguished_name = my dn
[ my dn ]
# The bare minimum is probably a commonName
commonName = user
countryName = DE
localityName = DE
organizationName = comp
organizationalUnitName = comp Dept.
stateOrProvinceName = DE
emailAddress = user@example.com
name = user
surname = user
givenName = user
initials = uu
dnQualifier = some
[ my server exts ]
extendedKeyUsage = clientAuth, codeSigning
keyUsage = digitalSignature, keyAgreement, keyEncipherment, nonRepudiation, dataEncipherment, keyCertSign
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.