OPCua getHttpsCert ошибка
Итак, я никогда не работал с любым OPC, так что будьте осторожны со мной здесь... Я продолжаю получать эту ошибку всякий раз, когда я использую Java OPCua SampleClient
(bad_UnexpectedError (code=0x80010000, description="Bad_UnexpectedError (code=0x80010000, description="Subject class type invalid.")"))
Вот код, который я использую для загрузки сертификатов:
public static KeyPair getCACert() throws ServiceResultException {
File certFile = new File("FlyMasterCA.der");
File privKeyFile = new File("FlyMasterCA.pem");
try {
Cert myCertificate = Cert.load( certFile );
PrivKey myPrivateKey = PrivKey.load( privKeyFile, PRIVKEY_PASSWORD );
return new KeyPair(myCertificate, myPrivateKey);
} catch (CertificateException e) {
throw new ServiceResultException( e );
} catch (IOException e) {
try {
KeyPair keys = CertificateUtils.createIssuerCertificate("FlyMasterCA", 3650, null);
keys.getCertificate().save(certFile);
keys.getPrivateKey().save(privKeyFile, PRIVKEY_PASSWORD);
return keys;
} catch (Exception e1) {
throw new ServiceResultException( e1 );
}
} catch (NoSuchAlgorithmException e) {
throw new ServiceResultException( e );
} catch (InvalidKeyException e) {
throw new ServiceResultException( e );
} catch (InvalidKeySpecException e) {
throw new ServiceResultException( e );
} catch (NoSuchPaddingException e) {
throw new ServiceResultException( e );
} catch (InvalidAlgorithmParameterException e) {
throw new ServiceResultException( e );
} catch (IllegalBlockSizeException e) {
throw new ServiceResultException( e );
} catch (BadPaddingException e) {
throw new ServiceResultException( e );
} catch (InvalidParameterSpecException e) {
throw new ServiceResultException( e );
}
}
/**
* Load file certificate and private key from applicationName.der & .pfx - or create ones if they do not exist
* @param applicationName
* @param caKey
* @return the KeyPair composed of the certificate and private key
* @throws ServiceResultException
*/
public static KeyPair getHttpsCert(String applicationName) throws ServiceResultException {
File certFile = new File(applicationName + "_https.der");
File privKeyFile = new File(applicationName+ "_https.pem");
try {
Cert myCertificate = Cert.load( certFile );
PrivKey myPrivateKey = PrivKey.load( privKeyFile, PRIVKEY_PASSWORD );
return new KeyPair(myCertificate, myPrivateKey);
} catch (CertificateException e) {
throw new ServiceResultException( e );
} catch (IOException e) {
try {
Console.log("Getting CACert");
KeyPair caCert = getCACert();
Console.log("Got CACert");
String hostName = InetAddress.getLocalHost().getHostName();
String applicationUri = "urn:"+hostName+":"+applicationName;
KeyPair keys = CertificateUtils.createHttpsCertificate(hostName, applicationUri, 3650, caCert);
Console.log("Got keypair");
keys.getCertificate().save(certFile);
Console.log("Saved cert");
keys.getPrivateKey().save(privKeyFile, PRIVKEY_PASSWORD);
Console.log("Saved private key");
return keys;
} catch (Exception e1) {
throw new ServiceResultException( e1 );
}
} catch (NoSuchAlgorithmException e) {
throw new ServiceResultException( e );
} catch (InvalidKeyException e) {
throw new ServiceResultException( e );
} catch (InvalidKeySpecException e) {
throw new ServiceResultException( e );
} catch (NoSuchPaddingException e) {
throw new ServiceResultException( e );
} catch (InvalidAlgorithmParameterException e) {
throw new ServiceResultException( e );
} catch (IllegalBlockSizeException e) {
throw new ServiceResultException( e );
} catch (BadPaddingException e) {
throw new ServiceResultException( e );
} catch (InvalidParameterSpecException e) {
throw new ServiceResultException( e );
}
}
/**
* Open keypair from keystore.p12 used in some of these examples.
*
* Usable aliases are : "server", "client", "https_server", "https_client"
* Usable keysizes are : 8192, 4096, 2048, 1024
*
* @param alias
* @param keysize
* @return
* @throws KeyStoreException
* @throws IOException
* @throws CertificateException
* @throws NoSuchAlgorithmException
* @throws UnrecoverableKeyException
*/
public static KeyPair getKeyPair(String alias, int keysize) throws ServiceResultException {
try {
Certificate cert = ks.getCertificate(alias+"_"+keysize);
Key key = ks.getKey(alias+"_"+keysize, "password".toCharArray());
KeyPair pair = new KeyPair( new Cert( (X509Certificate) cert ), new PrivKey( (RSAPrivateKey) key ) );
return pair;
} catch (KeyStoreException e) {
throw new ServiceResultException( e );
} catch (UnrecoverableKeyException e) {
throw new ServiceResultException( e );
} catch (NoSuchAlgorithmException e) {
throw new ServiceResultException( e );
} catch (CertificateEncodingException e) {
throw new ServiceResultException( e );
}
}
И вот моя версия SampleClient:
public void loadPLC() throws Exception {
String url = CoreData.PLC_IP;
Console.log("Connecting to: "+url);
////////////// CLIENT //////////////
// Create Client
//CryptoUtil.setSecurityProviderName("SunJCE");
// Set default key size for created certificates. The default value is also 2048,
// but in some cases you may want to specify a different size.
CertificateUtils.setKeySize(2048);
// Try to load an application certificate with the specified application name.
// In case it is not found, a new certificate is created.
final KeyPair pair = OPC_Keys.getCert("FlyMaster");
// Create the client using information provided by the created certificate
final Client myClient = Client.createClientApplication(pair);
myClient.getApplication().addLocale(Locale.ENGLISH);
myClient.getApplication().setApplicationName(new LocalizedText("FlyMaster", Locale.ENGLISH));
myClient.getApplication().setProductUri("urn:FlyMaster");
// Create a certificate store for handling server certificates.
// The constructor uses relative path "SampleClientPKI/CA" as the base directory, storing
// rejected certificates in folder "rejected" and trusted certificates in folder "trusted".
// To accept a server certificate, a rejected certificate needs to be moved from rejected to
// trusted folder. This can be performed by moving the certificate manually, using method
// addTrustedCertificate of PkiDirectoryCertificateStore or, as in this example, using a
// custom implementation of DefaultCertificateValidatorListener.
final PkiDirectoryCertificateStore myCertStore = new PkiDirectoryCertificateStore("FlyMasterPKI/CA");
// Create a default certificate validator for validating server certificates in the certificate
// store.
final DefaultCertificateValidator myValidator = new DefaultCertificateValidator(myCertStore);
// Set MyValidationListener instance as the ValidatorListener. In case a certificate is not
// automatically accepted, user can choose to reject or accept the certificate.
final MyValidationListener myValidationListener = new MyValidationListener();
myValidator.setValidationListener(myValidationListener);
// Set myValidator as the validator for OpcTcp and Https
myClient.getApplication().getOpctcpSettings().setCertificateValidator(myValidator);
myClient.getApplication().getHttpsSettings().setCertificateValidator(myValidator);
// The HTTPS SecurityPolicies are defined separate from the endpoint securities
myClient.getApplication().getHttpsSettings().setHttpsSecurityPolicies(HttpsSecurityPolicy.ALL);
// The certificate to use for HTTPS
KeyPair myHttpsCertificate = OPC_Keys.getHttpsCert("FlyMaster");
myClient.getApplication().getHttpsSettings().setKeyPair(myHttpsCertificate);
SessionChannel mySession = myClient.createSessionChannel(url);
// mySession.activate("username", "123");
mySession.activate();
//////////////////////////////////////
///////////// EXECUTE //////////////
// Browse Root
BrowseDescription browse = new BrowseDescription();
browse.setNodeId(Identifiers.RootFolder);
browse.setBrowseDirection(BrowseDirection.Forward);
browse.setIncludeSubtypes(true);
browse.setNodeClassMask(NodeClass.Object, NodeClass.Variable);
browse.setResultMask(BrowseResultMask.All);
BrowseResponse res3 = mySession.Browse(null, null, null, browse);
Console.log(res3+"");
Console.log(res3.toString());
System.out.println(res3);
// Read a variable (Works with NanoServer example!)
ReadResponse res4 = mySession.Read(null, 500.0, TimestampsToReturn.Source, new ReadValueId(new NodeId(1, "Boolean"), Attributes.Value, null, null));
Console.log(res4+"");
Console.log(res4.toString());
///////////// SHUTDOWN /////////////
mySession.close();
mySession.closeAsync();
//////////////////////////////////////
//*/
}
Вылетает в тот момент, когда запускается getCACert();.
Я искал всю сеть, но они продолжают говорить о других серверах, и я не могу найти ту же ошибку тоже..
Я разместил скриншот полной трассировки стека: https://imgur.com/a/BZ5qh