Login  •  Register


Can't Connect using User Certificate

Questions regarding the use of the C++ SDK for Server or Client development or integration into customer products ...

Can't Connect using User Certificate

Postby trandana » 11 Jul 2019, 23:24

I'm unable to connect to the UA Server using User Certificate authentication.

Configuration.cpp:
Code: Select all
   //Try and load the user certificate
   UaPkiCertificate userCertificate = UaPkiCertificate::fromDERFile(getUserCertificate());
        //Try and load the user private key
   UaPkiRsaKeyPair userPrivateKey = UaPkiRsaKeyPair::fromPEMFile(getUserPrivateKey(), getUserPrivateKeyPassword().toUtf8());

   if (userCertificate.isNull())
   {
      printf("\nUser cert was null\n");
   }
   if (!userPrivateKey.isValid())
   {
      printf("\nUser private key invalid\n");
   }



The certificate loads okay, but userPrivateKey.isValid() is always false.
I can connect to UA Expert using the same certificate, private key and password.
What might cause this to fail?

Thanks!
trandana
Newbie
Newbie
 
Posts: 4
Joined: 10 Jul 2019, 17:27

Re: Can't Connect using User Certificate

Postby trandana » 12 Jul 2019, 16:57

I fixed this by switching to the User Certificate code in the client_app_sdk project:

Code: Select all
UaStatus Configuration::setupSecurity(SessionSecurityInfo& sessionSecurityInfo)
{
   UaStatus uStatus;

   // Create folders
   uStatus = createPKIFolders();
   if (uStatus.isBad())
   {
      printf("*******************************************************\n");
      printf("** setupSecurity failed!\n");
      printf("** Could not create PKI folders\n");
      printf("*******************************************************\n");
      return uStatus;
   }

   // Check if certifcates exist and create if necessary
   uStatus = createCertificates();
   if (uStatus.isBad())
   {
      printf("*******************************************************\n");
      printf("** setupSecurity failed!\n");
      printf("** Could not create certificates\n");
      printf("*******************************************************\n");
      return uStatus;
   }

   /*********************************************************************
    Initialize the PKI provider for OpenSSL
   **********************************************************************/
   uStatus = sessionSecurityInfo.initializePkiProviderOpenSSL(m_issuersRevocationListLocation, m_certificateTrustListLocation, m_issuersRevocationListLocation, m_issuersCertificatesLocation);
   /*********************************************************************/
   if (uStatus.isBad())
   {
      printf("*******************************************************\n");
      printf("** setupSecurity failed!\n");
      printf("** Could not initialize PKI\n");
      printf("*******************************************************\n");
      return uStatus;
   }

   /*********************************************************************
    Load certificate and private key for client from OpenSSL store
   **********************************************************************/
   uStatus = sessionSecurityInfo.loadClientCertificateOpenSSL(m_clientCertificateFilePath, m_clientPrivateKeyFilePath, m_applicationPassword);
   /*********************************************************************/
   if (uStatus.isBad())
   {
      printf("*******************************************************\n");
      printf("** setupSecurity failed!\n");
      printf("** Could not load Client certificate\n");
      printf("** Connect will work only without security\n");
      printf("*******************************************************\n");
      return uStatus;
   }

   /*********************************************************************
    Load user certificate and private key from OpenSSL store
   **********************************************************************/
   UaPkiCertificate userCert = UaPkiCertificate::fromDERFile(m_userCertificateFilePath);
   if (userCert.isValid())
   {
      m_userCertificate = userCert.toDER();
   }
   else
   {
      printf("*******************************************************\n");
      printf("** setupSecurity failed!\n");
      printf("** Could not load user certificate\n");
      printf("*******************************************************\n");
      return OpcUa_Bad;
   }
   m_userCertificate = userCert.toDER();
   UaPkiProviderOpenSSL pkiProvider(m_certificateRevocationListLocation, m_certificateTrustListLocation);
   uStatus = pkiProvider.openCertificateStore();

   if (uStatus.isGood())
   {
      OpcUa_Key privateKey;
      OpcUa_Key_Initialize(&privateKey);
      uStatus = pkiProvider.loadPrivateKey(m_userPrivateKeyFilePath,   OpcUa_Crypto_Encoding_PEM,   m_userPrivateKeyPassword, &privateKey);

      if (uStatus.isGood())
      {
         printf("\nUser cert store opened, user cert and private key loaded\n");

         if (privateKey.Type == OpcUa_Crypto_KeyType_Rsa_Private)
         {
            m_userPrivateKey = UaByteString(privateKey.Key);
         }
         else
         {
            printf("*******************************************************\n");
            printf("** setupSecurity failed!\n");
            printf("** loadPrivateKey failed - wrong key type\n");
            printf("*******************************************************\n");
            uStatus = OpcUa_Bad;
         }
         OpcUa_Key_Clear(&privateKey);
      }
      else
      {
         printf("*******************************************************\n");
         printf("** setupSecurity failed!\n");
         printf("** loadPrivateKey failed\n");
         printf("*******************************************************\n");
      }
   }
   else
   {
      printf("*******************************************************\n");
      printf("** setupSecurity failed!\n");
      printf("** openCertificateStore failed\n");
      printf("*******************************************************\n");
   }

   return uStatus;
}
trandana
Newbie
Newbie
 
Posts: 4
Joined: 10 Jul 2019, 17:27


Return to C++ based OPC UA SDK

Who is online

Users browsing this forum: No registered users and 0 guests

cron