Verification of UserTokenSignature failed
Posted: 23 Oct 2019, 15:21
Hi,
I am trying to connect a client to my Unified Automation server with the following caracteristcs :
[*] Tocken type : EnumUserTokenType_Certificate
[*] Security Mode : EnumMessageSecurityMode_SignAndEncrypt
[*] Security policy : SecurityPolicyUri_Basic256Sha256
[*] Policy Id : X509
[*] User Security Policy : SecurityPolicyUri_Basic256Sha256
My Unified Automation server is working well with UA Expert client therefore, when I try to connect my own client, I get the following error : BadIdentityTokenRejected.
I am sure my couple certificate / private key is valid because it is working with UA Expert, the error in my Unified Automation Server shows up before the certificate's validation, when the server is trying to read the certificate data. I get the following logs during session's activation:
13:44:58.915Z|4|41266700* ==> UaServer::ActivateSession [Request=9]
13:44:58.915Z|4|41266700* CALL OpcUa_Endpoint_GetMessageSecureChannelId
13:44:58.915Z|4|41266700* DONE OpcUa_Endpoint_GetMessageSecureChannelId [Result=0x0]
13:44:58.915Z|4|41266700* CALL OpcUa_Endpoint_GetMessageSecureChannelSecurityPolicy
13:44:58.915Z|4|41266700* [uastack] OpcUa_SecureListener_ChannelManager_GetChannelBySecureChannelID: Searched SecureChannel 0x7f4630014630 with id 232499350 refs 2!
13:44:58.915Z|4|41266700* [uastack] OpcUa_SecureListener_ChannelManager_ReleaseChannel: Searched SecureChannel 0x7f4630014630 with id 232499350 refs 1!
13:44:58.915Z|4|41266700* DONE OpcUa_Endpoint_GetMessageSecureChannelSecurityPolicy [Result=0x0]
13:44:58.915Z|4|41266700* CALL OpcUa_CryptoProvider_Create
13:44:58.915Z|4|41266700* DONE OpcUa_CryptoProvider_Create [Result=0x0]
13:44:58.915Z|6|41266700* --> UaSession::startingServiceProcessing [ID=231812731]
13:44:58.915Z|6|41266700* <-- UaSession::startingServiceProcessing - activeServiceCount = 1
13:44:58.915Z|6|41266700* ActivateSession passed X509IdentityToken
13:44:58.915Z|4|41266700* CALL OpcUa_CryptoProvider_Create for User
13:44:58.915Z|4|41266700* DONE OpcUa_CryptoProvider_Create for User [Result=0x0]
13:44:58.915Z|4|41266700* CALL cryptoProvider.GetPublicKeyFromCert
13:44:58.915Z|4|41266700* DONE cryptoProvider.GetPublicKeyFromCert [Result=0x0]
13:44:58.915Z|4|41266700* CALL cryptoProvider.GetPublicKeyFromCert
13:44:58.915Z|4|41266700* DONE cryptoProvider.GetPublicKeyFromCert [Result=0x0]
13:44:58.915Z|4|41266700* CALL cryptoProvider.AsymmetricVerify
13:44:58.916Z|4|41266700* DONE cryptoProvider.AsymmetricVerify [Result=0x0]
13:44:58.916Z|4|41266700* Verification of UserTokenSignature failed
13:44:58.916Z|3|41266700* Session/ActivateSession - SessionId: {f6fd3386-fa5e-4e66-b02d-592a811dc840}
13:44:58.916Z|3|41266700* Session/ActivateSession - ClientUserId:
13:44:58.916Z|3|41266700* Session/ActivateSession - UserTokenCertificate: Certificate Data: 3082057D30820365A0030201020208012B7E3F4F...
I am really struggling to understand this error, in fact I don't know what kind of bug can trigger it.
Thank you very much for your time, please let me know if you need any further details about this issue.
Nicolas
I am trying to connect a client to my Unified Automation server with the following caracteristcs :
[*] Tocken type : EnumUserTokenType_Certificate
[*] Security Mode : EnumMessageSecurityMode_SignAndEncrypt
[*] Security policy : SecurityPolicyUri_Basic256Sha256
[*] Policy Id : X509
[*] User Security Policy : SecurityPolicyUri_Basic256Sha256
My Unified Automation server is working well with UA Expert client therefore, when I try to connect my own client, I get the following error : BadIdentityTokenRejected.
I am sure my couple certificate / private key is valid because it is working with UA Expert, the error in my Unified Automation Server shows up before the certificate's validation, when the server is trying to read the certificate data. I get the following logs during session's activation:
13:44:58.915Z|4|41266700* ==> UaServer::ActivateSession [Request=9]
13:44:58.915Z|4|41266700* CALL OpcUa_Endpoint_GetMessageSecureChannelId
13:44:58.915Z|4|41266700* DONE OpcUa_Endpoint_GetMessageSecureChannelId [Result=0x0]
13:44:58.915Z|4|41266700* CALL OpcUa_Endpoint_GetMessageSecureChannelSecurityPolicy
13:44:58.915Z|4|41266700* [uastack] OpcUa_SecureListener_ChannelManager_GetChannelBySecureChannelID: Searched SecureChannel 0x7f4630014630 with id 232499350 refs 2!
13:44:58.915Z|4|41266700* [uastack] OpcUa_SecureListener_ChannelManager_ReleaseChannel: Searched SecureChannel 0x7f4630014630 with id 232499350 refs 1!
13:44:58.915Z|4|41266700* DONE OpcUa_Endpoint_GetMessageSecureChannelSecurityPolicy [Result=0x0]
13:44:58.915Z|4|41266700* CALL OpcUa_CryptoProvider_Create
13:44:58.915Z|4|41266700* DONE OpcUa_CryptoProvider_Create [Result=0x0]
13:44:58.915Z|6|41266700* --> UaSession::startingServiceProcessing [ID=231812731]
13:44:58.915Z|6|41266700* <-- UaSession::startingServiceProcessing - activeServiceCount = 1
13:44:58.915Z|6|41266700* ActivateSession passed X509IdentityToken
13:44:58.915Z|4|41266700* CALL OpcUa_CryptoProvider_Create for User
13:44:58.915Z|4|41266700* DONE OpcUa_CryptoProvider_Create for User [Result=0x0]
13:44:58.915Z|4|41266700* CALL cryptoProvider.GetPublicKeyFromCert
13:44:58.915Z|4|41266700* DONE cryptoProvider.GetPublicKeyFromCert [Result=0x0]
13:44:58.915Z|4|41266700* CALL cryptoProvider.GetPublicKeyFromCert
13:44:58.915Z|4|41266700* DONE cryptoProvider.GetPublicKeyFromCert [Result=0x0]
13:44:58.915Z|4|41266700* CALL cryptoProvider.AsymmetricVerify
13:44:58.916Z|4|41266700* DONE cryptoProvider.AsymmetricVerify [Result=0x0]
13:44:58.916Z|4|41266700* Verification of UserTokenSignature failed
13:44:58.916Z|3|41266700* Session/ActivateSession - SessionId: {f6fd3386-fa5e-4e66-b02d-592a811dc840}
13:44:58.916Z|3|41266700* Session/ActivateSession - ClientUserId:
13:44:58.916Z|3|41266700* Session/ActivateSession - UserTokenCertificate: Certificate Data: 3082057D30820365A0030201020208012B7E3F4F...
I am really struggling to understand this error, in fact I don't know what kind of bug can trigger it.
Thank you very much for your time, please let me know if you need any further details about this issue.
Nicolas