本文整理汇总了Java中com.digitalpetri.opcua.stack.core.StatusCodes.Bad_SecurityChecksFailed方法的典型用法代码示例。如果您正苦于以下问题:Java StatusCodes.Bad_SecurityChecksFailed方法的具体用法?Java StatusCodes.Bad_SecurityChecksFailed怎么用?Java StatusCodes.Bad_SecurityChecksFailed使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类com.digitalpetri.opcua.stack.core.StatusCodes的用法示例。
在下文中一共展示了StatusCodes.Bad_SecurityChecksFailed方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getServerSignature
import com.digitalpetri.opcua.stack.core.StatusCodes; //导入方法依赖的package包/类
private SignatureData getServerSignature(ByteString clientNonce,
ByteString clientCertificate,
SecurityPolicy securityPolicy,
KeyPair keyPair) throws UaException {
if (clientNonce.isNull() || clientCertificate.isNull() || keyPair == null) {
return new SignatureData(null, null);
}
try {
SecurityAlgorithm algorithm = securityPolicy.getAsymmetricSignatureAlgorithm();
byte[] data = Bytes.concat(clientCertificate.bytes(), clientNonce.bytes());
byte[] signature = SignatureUtil.sign(
algorithm,
keyPair.getPrivate(),
ByteBuffer.wrap(data)
);
return new SignatureData(algorithm.getUri(), ByteString.of(signature));
} catch (UaRuntimeException e) {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed);
}
}
示例2: getAndInitializeCipher
import com.digitalpetri.opcua.stack.core.StatusCodes; //导入方法依赖的package包/类
@Override
public Cipher getAndInitializeCipher(SecureChannel channel) throws UaException {
try {
String transformation = channel.getSecurityPolicy().getSymmetricEncryptionAlgorithm().getTransformation();
ChannelSecurity.SecretKeys secretKeys = channel.getEncryptionKeys(securitySecrets);
SecretKeySpec keySpec = new SecretKeySpec(secretKeys.getEncryptionKey(), "AES");
IvParameterSpec ivSpec = new IvParameterSpec(secretKeys.getInitializationVector());
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
assert (cipher.getBlockSize() == channel.getSymmetricCipherTextBlockSize());
return cipher;
} catch (GeneralSecurityException e) {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed, e);
}
}
示例3: getCipher
import com.digitalpetri.opcua.stack.core.StatusCodes; //导入方法依赖的package包/类
@Override
public Cipher getCipher(SecureChannel channel) throws UaException {
try {
String transformation = channel.getSecurityPolicy().getSymmetricEncryptionAlgorithm().getTransformation();
ChannelSecurity.SecretKeys decryptionKeys = channel.getDecryptionKeys(securitySecrets);
SecretKeySpec keySpec = new SecretKeySpec(decryptionKeys.getEncryptionKey(), "AES");
IvParameterSpec ivSpec = new IvParameterSpec(decryptionKeys.getInitializationVector());
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
return cipher;
} catch (GeneralSecurityException e) {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed, e);
}
}
示例4: verifyChunk
import com.digitalpetri.opcua.stack.core.StatusCodes; //导入方法依赖的package包/类
@Override
public void verifyChunk(SecureChannel channel, ByteBuf chunkBuffer) throws UaException {
SecurityAlgorithm securityAlgorithm = channel.getSecurityPolicy().getSymmetricSignatureAlgorithm();
byte[] secretKey = channel.getDecryptionKeys(securitySecrets).getSignatureKey();
int signatureSize = channel.getSymmetricSignatureSize();
ByteBuffer chunkNioBuffer = chunkBuffer.nioBuffer(0, chunkBuffer.writerIndex());
chunkNioBuffer.position(0).limit(chunkBuffer.writerIndex() - signatureSize);
byte[] signature = SignatureUtil.hmac(securityAlgorithm, secretKey, chunkNioBuffer);
byte[] signatureBytes = new byte[signatureSize];
chunkNioBuffer.limit(chunkNioBuffer.position() + signatureSize);
chunkNioBuffer.get(signatureBytes);
if (!Arrays.equals(signature, signatureBytes)) {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed, "could not verify signature");
}
}
示例5: hmac
import com.digitalpetri.opcua.stack.core.StatusCodes; //导入方法依赖的package包/类
/**
* Compute the HMAC of the provided buffers.
*
* @param securityAlgorithm the {@link SecurityAlgorithm} that provides the transformation for
* {@link Mac#getInstance(String)}}.
* @param secretKey the secret key.
* @param buffers the buffers to use.
* @return the computed HMAC.
* @throws UaException
*/
public static byte[] hmac(SecurityAlgorithm securityAlgorithm,
byte[] secretKey,
ByteBuffer... buffers) throws UaException {
String transformation = securityAlgorithm.getTransformation();
try {
Mac mac = Mac.getInstance(transformation);
mac.init(new SecretKeySpec(secretKey, transformation));
for (ByteBuffer buffer : buffers) {
mac.update(buffer);
}
return mac.doFinal();
} catch (GeneralSecurityException e) {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed, e);
}
}
示例6: onError
import com.digitalpetri.opcua.stack.core.StatusCodes; //导入方法依赖的package包/类
private void onError(ChannelHandlerContext ctx, ByteBuf buffer) {
try {
ErrorMessage errorMessage = TcpMessageDecoder.decodeError(buffer);
StatusCode statusCode = errorMessage.getError();
long errorCode = statusCode.getValue();
boolean secureChannelError =
errorCode == StatusCodes.Bad_SecurityChecksFailed ||
errorCode == StatusCodes.Bad_TcpSecureChannelUnknown ||
errorCode == StatusCodes.Bad_SecureChannelIdInvalid;
if (secureChannelError) {
secureChannel.setChannelId(0);
}
logger.error("Received error message: " + errorMessage);
handshakeFuture.completeExceptionally(new UaException(statusCode, errorMessage.getReason()));
} catch (UaException e) {
logger.error("An exception occurred while decoding an error message: {}", e.getMessage(), e);
handshakeFuture.completeExceptionally(e);
} finally {
ctx.close();
}
}
示例7: decryptTokenData
import com.digitalpetri.opcua.stack.core.StatusCodes; //导入方法依赖的package包/类
/**
* Decrypt the data contained in a {@link UserNameIdentityToken} or {@link IssuedIdentityToken}.
* <p>
* See {@link UserNameIdentityToken#getPassword()} and {@link IssuedIdentityToken#getTokenData()}.
*
* @param secureChannel the {@link SecureChannel}.
* @param dataBytes the encrypted data.
* @return the decrypted data.
* @throws UaException if decryption fails.
*/
protected byte[] decryptTokenData(SecureChannel secureChannel,
SecurityAlgorithm algorithm,
byte[] dataBytes) throws UaException {
int cipherTextBlockSize = secureChannel.getLocalAsymmetricCipherTextBlockSize();
int blockCount = dataBytes.length / cipherTextBlockSize;
int plainTextBufferSize = cipherTextBlockSize * blockCount;
byte[] plainTextBytes = new byte[plainTextBufferSize];
ByteBuffer plainTextNioBuffer = ByteBuffer.wrap(plainTextBytes);
ByteBuffer passwordNioBuffer = ByteBuffer.wrap(dataBytes);
try {
Cipher cipher = getCipher(secureChannel, algorithm);
for (int blockNumber = 0; blockNumber < blockCount; blockNumber++) {
passwordNioBuffer.limit(passwordNioBuffer.position() + cipherTextBlockSize);
cipher.doFinal(passwordNioBuffer, plainTextNioBuffer);
}
} catch (GeneralSecurityException e) {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed, e);
}
return plainTextBytes;
}
示例8: getCipher
import com.digitalpetri.opcua.stack.core.StatusCodes; //导入方法依赖的package包/类
private Cipher getCipher(SecureChannel channel, SecurityAlgorithm algorithm) throws UaException {
try {
String transformation = algorithm.getTransformation();
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.DECRYPT_MODE, channel.getKeyPair().getPrivate());
return cipher;
} catch (GeneralSecurityException e) {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed, e);
}
}
示例9: decryptChunk
import com.digitalpetri.opcua.stack.core.StatusCodes; //导入方法依赖的package包/类
private void decryptChunk(Delegate delegate, SecureChannel channel, ByteBuf chunkBuffer) throws UaException {
int cipherTextBlockSize = delegate.getCipherTextBlockSize(channel);
int blockCount = chunkBuffer.readableBytes() / cipherTextBlockSize;
int plainTextBufferSize = cipherTextBlockSize * blockCount;
ByteBuf plainTextBuffer = BufferUtil.buffer(plainTextBufferSize);
ByteBuffer plainTextNioBuffer = plainTextBuffer
.writerIndex(plainTextBufferSize)
.nioBuffer();
ByteBuffer chunkNioBuffer = chunkBuffer.nioBuffer();
try {
Cipher cipher = delegate.getCipher(channel);
assert (chunkBuffer.readableBytes() % cipherTextBlockSize == 0);
if (delegate instanceof AsymmetricDelegate) {
for (int blockNumber = 0; blockNumber < blockCount; blockNumber++) {
chunkNioBuffer.limit(chunkNioBuffer.position() + cipherTextBlockSize);
cipher.doFinal(chunkNioBuffer, plainTextNioBuffer);
}
} else {
cipher.doFinal(chunkNioBuffer, plainTextNioBuffer);
}
} catch (GeneralSecurityException e) {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed, e);
}
/* Write plainTextBuffer back into the chunk buffer we decrypted from. */
plainTextNioBuffer.flip(); // limit = pos, pos = 0
chunkBuffer.writerIndex(chunkBuffer.readerIndex());
chunkBuffer.writeBytes(plainTextNioBuffer);
plainTextBuffer.release();
}
示例10: validateTrustChain
import com.digitalpetri.opcua.stack.core.StatusCodes; //导入方法依赖的package包/类
public static void validateTrustChain(X509Certificate certificate,
List<X509Certificate> chain,
Set<X509Certificate> trustedCertificates,
Set<X509Certificate> authorityCertificates) throws UaException {
boolean certificateTrusted = trustedCertificates.stream()
.anyMatch(c -> Arrays.equals(certificate.getSignature(), c.getSignature()));
if (certificateTrusted) return;
try {
Set<TrustAnchor> trustAnchors = new HashSet<>();
authorityCertificates.forEach(ca -> trustAnchors.add(new TrustAnchor(ca, null)));
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(certificate);
PKIXBuilderParameters params = new PKIXBuilderParameters(trustAnchors, selector);
params.setRevocationEnabled(false);
CertStore intermediateCertStore =
CertStore.getInstance("Collection", new CollectionCertStoreParameters(chain));
params.addCertStore(intermediateCertStore);
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(params);
LOGGER.debug("Validated certificate chain: {}", result.getCertPath());
} catch (Throwable t) {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed);
}
}
示例11: decode
import com.digitalpetri.opcua.stack.core.StatusCodes; //导入方法依赖的package包/类
private ByteBuf decode(Delegate delegate, SecureChannel channel, List<ByteBuf> chunkBuffers) throws UaException {
CompositeByteBuf composite = BufferUtil.compositeBuffer();
int signatureSize = delegate.getSignatureSize(channel);
int cipherTextBlockSize = delegate.getCipherTextBlockSize(channel);
boolean encrypted = delegate.isEncryptionEnabled(channel);
boolean signed = delegate.isSigningEnabled(channel);
for (ByteBuf chunkBuffer : chunkBuffers) {
char chunkType = (char) chunkBuffer.getByte(3);
chunkBuffer.skipBytes(SecureMessageHeader.SECURE_MESSAGE_HEADER_SIZE);
delegate.readSecurityHeader(channel, chunkBuffer);
if (encrypted) {
decryptChunk(delegate, channel, chunkBuffer);
}
int encryptedStart = chunkBuffer.readerIndex();
chunkBuffer.readerIndex(0);
if (signed) {
delegate.verifyChunk(channel, chunkBuffer);
}
int paddingSize = encrypted ? getPaddingSize(cipherTextBlockSize, signatureSize, chunkBuffer) : 0;
int bodyEnd = chunkBuffer.readableBytes() - signatureSize - paddingSize;
chunkBuffer.readerIndex(encryptedStart);
SequenceHeader sequenceHeader = SequenceHeader.decode(chunkBuffer);
long sequenceNumber = sequenceHeader.getSequenceNumber();
lastRequestId = sequenceHeader.getRequestId();
if (lastSequenceNumber == -1) {
lastSequenceNumber = sequenceNumber;
} else {
if (lastSequenceNumber + 1 != sequenceNumber) {
String message = String.format("expected sequence number %s but received %s",
lastSequenceNumber + 1, sequenceNumber);
logger.error(message);
logger.error(ByteBufUtil.hexDump(chunkBuffer, 0, chunkBuffer.writerIndex()));
throw new UaException(StatusCodes.Bad_SecurityChecksFailed, message);
}
lastSequenceNumber = sequenceNumber;
}
ByteBuf bodyBuffer = chunkBuffer.readSlice(bodyEnd - chunkBuffer.readerIndex());
if (chunkType == 'A') {
ErrorMessage errorMessage = ErrorMessage.decode(bodyBuffer);
throw new MessageAbortedException(errorMessage.getError(), errorMessage.getReason());
}
composite.addComponent(bodyBuffer);
composite.writerIndex(composite.writerIndex() + bodyBuffer.readableBytes());
}
return composite.order(ByteOrder.LITTLE_ENDIAN);
}
示例12: onOpenSecureChannel
import com.digitalpetri.opcua.stack.core.StatusCodes; //导入方法依赖的package包/类
private void onOpenSecureChannel(ChannelHandlerContext ctx, ByteBuf buffer) throws UaException {
if (secureChannelTimeout != null) {
if (secureChannelTimeout.cancel()) {
logger.debug("OpenSecureChannel timeout canceled");
secureChannelTimeout = null;
} else {
logger.warn("timed out waiting for secure channel");
handshakeFuture.completeExceptionally(
new UaException(StatusCodes.Bad_Timeout,
"timed out waiting for secure channel"));
ctx.close();
return;
}
}
buffer.skipBytes(3 + 1 + 4 + 4); // skip messageType, chunkType, messageSize, secureChannelId
AsymmetricSecurityHeader securityHeader = AsymmetricSecurityHeader.decode(buffer);
if (!headerRef.compareAndSet(null, securityHeader)) {
if (!securityHeader.equals(headerRef.get())) {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed,
"subsequent AsymmetricSecurityHeader did not match");
}
}
if (accumulateChunk(buffer)) {
final List<ByteBuf> buffersToDecode = ImmutableList.copyOf(chunkBuffers);
chunkBuffers = new LinkedList<>();
serializationQueue.decode((binaryDecoder, chunkDecoder) -> {
ByteBuf decodedBuffer = null;
try {
decodedBuffer = chunkDecoder.decodeAsymmetric(secureChannel, buffersToDecode);
UaResponseMessage responseMessage = binaryDecoder
.setBuffer(decodedBuffer)
.decodeMessage(null);
StatusCode serviceResult = responseMessage.getResponseHeader().getServiceResult();
if (serviceResult.isGood()) {
OpenSecureChannelResponse response = (OpenSecureChannelResponse) responseMessage;
secureChannel.setChannelId(response.getSecurityToken().getChannelId().longValue());
logger.debug("Received OpenSecureChannelResponse.");
installSecurityToken(ctx, response);
handshakeFuture.complete(secureChannel);
} else {
ServiceFault serviceFault = (responseMessage instanceof ServiceFault) ?
(ServiceFault) responseMessage :
new ServiceFault(responseMessage.getResponseHeader());
throw new UaServiceFaultException(serviceFault);
}
} catch (MessageAbortedException e) {
logger.error("Received message abort chunk; error={}, reason={}", e.getStatusCode(), e.getMessage());
ctx.close();
} catch (Throwable t) {
logger.error("Error decoding OpenSecureChannelResponse: {}", t.getMessage(), t);
ctx.close();
} finally {
if (decodedBuffer != null) {
decodedBuffer.release();
}
}
});
}
}