Questions regarding the use of the C++ SDK for Server or Client development or integration into customer products ...
Moderator: uasdkcpp
trandana
Full Member
Posts: 6 Joined: 10 Jul 2019, 17:27
Post
by trandana » 11 Jul 2019, 23:24
I'm unable to connect to the UA Server using User Certificate authentication.
Configuration.cpp:
Code: Select all
//Try and load the user certificate
UaPkiCertificate userCertificate = UaPkiCertificate::fromDERFile(getUserCertificate());
//Try and load the user private key
UaPkiRsaKeyPair userPrivateKey = UaPkiRsaKeyPair::fromPEMFile(getUserPrivateKey(), getUserPrivateKeyPassword().toUtf8());
if (userCertificate.isNull())
{
printf("\nUser cert was null\n");
}
if (!userPrivateKey.isValid())
{
printf("\nUser private key invalid\n");
}
The certificate loads okay, but userPrivateKey.isValid() is always false.
I can connect to UA Expert using the same certificate, private key and password.
What might cause this to fail?
Thanks!
trandana
Full Member
Posts: 6 Joined: 10 Jul 2019, 17:27
Post
by trandana » 12 Jul 2019, 16:57
I fixed this by switching to the User Certificate code in the client_app_sdk project:
Code: Select all
UaStatus Configuration::setupSecurity(SessionSecurityInfo& sessionSecurityInfo)
{
UaStatus uStatus;
// Create folders
uStatus = createPKIFolders();
if (uStatus.isBad())
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** Could not create PKI folders\n");
printf("*******************************************************\n");
return uStatus;
}
// Check if certifcates exist and create if necessary
uStatus = createCertificates();
if (uStatus.isBad())
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** Could not create certificates\n");
printf("*******************************************************\n");
return uStatus;
}
/*********************************************************************
Initialize the PKI provider for OpenSSL
**********************************************************************/
uStatus = sessionSecurityInfo.initializePkiProviderOpenSSL(m_issuersRevocationListLocation, m_certificateTrustListLocation, m_issuersRevocationListLocation, m_issuersCertificatesLocation);
/*********************************************************************/
if (uStatus.isBad())
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** Could not initialize PKI\n");
printf("*******************************************************\n");
return uStatus;
}
/*********************************************************************
Load certificate and private key for client from OpenSSL store
**********************************************************************/
uStatus = sessionSecurityInfo.loadClientCertificateOpenSSL(m_clientCertificateFilePath, m_clientPrivateKeyFilePath, m_applicationPassword);
/*********************************************************************/
if (uStatus.isBad())
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** Could not load Client certificate\n");
printf("** Connect will work only without security\n");
printf("*******************************************************\n");
return uStatus;
}
/*********************************************************************
Load user certificate and private key from OpenSSL store
**********************************************************************/
UaPkiCertificate userCert = UaPkiCertificate::fromDERFile(m_userCertificateFilePath);
if (userCert.isValid())
{
m_userCertificate = userCert.toDER();
}
else
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** Could not load user certificate\n");
printf("*******************************************************\n");
return OpcUa_Bad;
}
m_userCertificate = userCert.toDER();
UaPkiProviderOpenSSL pkiProvider(m_certificateRevocationListLocation, m_certificateTrustListLocation);
uStatus = pkiProvider.openCertificateStore();
if (uStatus.isGood())
{
OpcUa_Key privateKey;
OpcUa_Key_Initialize(&privateKey);
uStatus = pkiProvider.loadPrivateKey(m_userPrivateKeyFilePath, OpcUa_Crypto_Encoding_PEM, m_userPrivateKeyPassword, &privateKey);
if (uStatus.isGood())
{
printf("\nUser cert store opened, user cert and private key loaded\n");
if (privateKey.Type == OpcUa_Crypto_KeyType_Rsa_Private)
{
m_userPrivateKey = UaByteString(privateKey.Key);
}
else
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** loadPrivateKey failed - wrong key type\n");
printf("*******************************************************\n");
uStatus = OpcUa_Bad;
}
OpcUa_Key_Clear(&privateKey);
}
else
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** loadPrivateKey failed\n");
printf("*******************************************************\n");
}
}
else
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** openCertificateStore failed\n");
printf("*******************************************************\n");
}
return uStatus;
}