logo

Notification

Icon
Error

Options
Go to last post Go to first unread
Offline dima_t  
#1 Posted : Monday, October 05, 2015 2:49:29 PM(UTC)
dima_t

Rank: Member

Joined: 9/23/2015(UTC)
Posts: 29

There is a topic here which goes for quite a while.

Here is the link to the exact problem https://forum.matrikonopc.com/posts/m236-Server-PKI-structure#post236

I'm trying to get client working on a windows 7 64 bit machine.

Here is how certificate load procedure for endpoint looks in the example by default.

case Enums::UserTokenType_Certificate:
{
_pathToUserCertificateFile = L"HoneywellOpcUaClientToolkit.der";
std::shared_ptr<ICertificatesManager> manager(ICertificatesManager::Create());
std::shared_ptr<ICertificateConfiguration> certConfig(ICertificateConfiguration::Create());
certConfig->SubjectOrFileName() = _pathToUserCertificateFile.c_str();
certConfig->CertificateStore().StoreType() = Enums::CertificateStoreType_OpenSSL;
certConfig->CertificateStore().StorePath() = L"./PKI";
Result tmpStatus(DOMAIN_GENERAL, IResult::Bad);
manager->LoadCertificate(*certConfig, identityToken.X509IdentityToken().CertificateData(), tmpStatus);
result = tmpStatus.Succeeded();
identityToken.X509IdentityToken().PolicyId() = selectedPolicy.PolicyId();

break;
}


And that fails because there is no HoneywellOpcUaClientToolkit.der being generated, the file simply doesn't exist.
This line also confuses me certConfig->CertificateStore().StorePath() = L"./PKI"; will ./ work in Windows?

Modifying the original example code to this

case Enums::UserTokenType_Certificate:
{
_pathToUserCertificateFile = L"HoneywellOPCUAClient";
std::shared_ptr<ICertificatesManager> manager(ICertificatesManager::Create());
std::shared_ptr<ICertificateConfiguration> certConfig(ICertificateConfiguration::Create());
certConfig->SubjectOrFileName() = _pathToUserCertificateFile.c_str();
certConfig->CertificateStore().StoreType() = Enums::CertificateStoreType_OpenSSL;
certConfig->CertificateStore().StorePath() = StringUtils::ComposeFullFileName((wstring)Platform::GetApplicationPath(), L"PKI").c_str();
Result tmpStatus(DOMAIN_GENERAL, IResult::Bad);
manager->LoadCertificate(*certConfig, identityToken.X509IdentityToken().CertificateData(), tmpStatus);

result = tmpStatus.Succeeded();
identityToken.X509IdentityToken().PolicyId() = selectedPolicy.PolicyId();
wcout << result << endl;

break;
}


Fixes the certificate loading issue, but it generates the error code described in the link above. UAExpert connects successfully. If I borrow UAExpert certificate and key and try them in console example client I get the same 0x80570000 (OpcUa_BadApplicationSignatureInvalid) error, exactly the same thing happens if I use HoneywellOPCUAClient.der self-generated client certificate.

How to fix this issue? Another interesting thing is that the API reference says that interface returned by identityToken.X509IdentityToken() is not supported but obviously it is supported because it has hasCertificateData() method.

Edited by user Monday, October 05, 2015 2:52:37 PM(UTC)  | Reason: Not specified

Offline dima_t  
#2 Posted : Thursday, October 15, 2015 9:12:37 AM(UTC)
dima_t

Rank: Member

Joined: 9/23/2015(UTC)
Posts: 29

10 Days without answer, it is very very disappointing.

Edited by user Thursday, October 15, 2015 9:33:03 AM(UTC)  | Reason: Not specified

Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.