Nguyen-BangVu opened a new issue, #2196:
URL: https://github.com/apache/plc4x/issues/2196
### What happened?
I thought that PLC4X was tested using the Milo server, since that's what was
written in the documentation.
Today I have tried connecting to the Milo server using 4096 certs and get
the following response by the server.
```23:03:00.157 [milo-netty-event-loop-7] ERROR
o.e.m.o.s.t.s.u.UascServerAsymmetricHandler - [remote=/172.17.0.1:62112]
Exception caught; sent
ErrorMessage{error=StatusCode[name=Bad_CertificateInvalid, value=0x80120000,
quality=bad], reason=java.security.cert.CertificateParsingException:
java.io.IOException: subject key, java.security.InvalidKeyException: Invalid
RSA public key}
io.netty.handler.codec.DecoderException: UaException:
status=Bad_CertificateInvalid,
message=java.security.cert.CertificateParsingException: java.io.IOException:
subject key, java.security.InvalidKeyException: Invalid RSA public key
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:500)
at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1357)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:868)
at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:796)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:697)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:660)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
at
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:998)
at
io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at java.base/java.lang.Thread.run(Thread.java:1447)
Caused by: org.eclipse.milo.opcua.stack.core.UaException:
java.security.cert.CertificateParsingException: java.io.IOException: subject
key, java.security.InvalidKeyException: Invalid RSA public key
at
org.eclipse.milo.opcua.stack.core.util.CertificateUtil.decodeCertificates(CertificateUtil.java:121)
at
org.eclipse.milo.opcua.stack.core.util.CertificateUtil.decodeCertificate(CertificateUtil.java:82)
at
org.eclipse.milo.opcua.stack.core.util.CertificateUtil.decodeCertificate(CertificateUtil.java:71)
at
org.eclipse.milo.opcua.stack.core.channel.ServerSecureChannel.setRemoteCertificate(ServerSecureChannel.java:71)
at
org.eclipse.milo.opcua.stack.transport.server.uasc.UascServerAsymmetricHandler.onOpenSecureChannel(UascServerAsymmetricHandler.java:259)
at
org.eclipse.milo.opcua.stack.transport.server.uasc.UascServerAsymmetricHandler.decode(UascServerAsymmetricHandler.java:177)
at
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
... 16 common frames omitted
Caused by: java.security.cert.CertificateParsingException:
java.io.IOException: subject key, java.security.InvalidKeyException: Invalid
RSA public key
at
java.base/sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:139)
at
java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1456)
at
java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:143)
at
java.base/sun.security.x509.X509CertImpl.newX509CertImpl(X509CertImpl.java:253)
at
java.base/sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:475)
at
java.base/sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:360)
at
java.base/java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:480)
at
org.eclipse.milo.opcua.stack.core.util.CertificateUtil.decodeCertificates(CertificateUtil.java:117)
... 23 common frames omitted
Caused by: java.io.IOException: subject key,
java.security.InvalidKeyException: Invalid RSA public key
at java.base/sun.security.x509.X509Key.parse(X509Key.java:135)
```
I get the same result using 2048 certs.
on the server side there shouldn't be any error. If the format is correct it
will accept all certs.
Moreover, with UA Expert everything works fine.
I have tried connecting to other OPCUA servers as well like prosys and
Umati.
for the prosys server only the 2048 cert work. I checked with them and they
do not support 4096 on the server side.
However, if you dont use 4096 certs on both sides PLC4X will give the error
### Version
0.13.0
### Programming Languages
- [ ] plc4c
- [ ] plc4go
- [x] plc4j
- [ ] plc4net
- [ ] plc4py
### Protocols
- [ ] AB-Ethernet
- [ ] ADS /AMS
- [ ] BACnet/IP
- [ ] C-Bus
- [ ] CANopen
- [ ] EtherNet/IP
- [ ] Firmata
- [ ] IEC-69870
- [ ] KNXnet/IP
- [ ] Modbus
- [x] OPC-UA
- [ ] Profinet
- [ ] S7
- [ ] S7-light
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
