Re: [milo-dev] Security issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [milo-dev] Security issue

From: Kevin Herron <kevinherron@xxxxxxxxx>
Date: Tue, 14 Nov 2017 08:40:29 -0800
Delivered-to: milo-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/milo-dev>
List-help: <mailto:milo-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/milo-dev>, <mailto:milo-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/milo-dev>, <mailto:milo-dev-request@eclipse.org?subject=unsubscribe>

When using security both the client and the server must trust each other's certificate before the connection can be made.

This is handled configuring an instance of CertificateValidator on the server's config. The default implementation of it uses the simple directory structure to manage which certificates are trusted and to hold untrusted certificates in quarantine until the server admin decides they can be trusted.

This implementation is optional and you're free to manage the certificates however best suits your application by providing your own implementation of CertificateValidator.

On Tue, Nov 14, 2017 at 7:05 AM, Isuru Samaraweera <isuru@xxxxxxxx> wrote:

It worked Keven..Had to download jce libs as well.

One more clarification needed

If client and server is in two machines ..Do we need to copy these in both client and server or is it only in server so that you have ephemeral key based encryption?

Thanks

On Tue, Nov 14, 2017 at 7:01 PM, Kevin Herron <kevinherron@xxxxxxxxx> wrote:
When the example server starts it logs about a temporary security directory.

Inside this directory you'll find 3 folders. You need to move the certificate of any client that attempts to connect from "rejected" to "trusted" folder.

On Mon, Nov 13, 2017 at 10:39 PM, Isuru Samaraweera <isuru@xxxxxxxx> wrote:
Hi All,
I am new to Milo code base.I tried running BrowseNodeExample.java enabling security policy to SecurityPolicy.Basic256Sha256 in ClientExample. example-certs are on the class path.However I got the below error while running the example on Milo.

Please let me know what has gone wrong.

java.util.concurrent.ExecutionException: UaException: status=Bad_SecurityChecksFailed, message=security checks failed
at java.util.concurrent.CompletableFuture.reportGet(Unknown Source)
at java.util.concurrent.CompletableFuture.get(Unknown Source)
at com.yukon.opc.testclient.BrowseNodeExample.run(BrowseNodeExample.java:40)
at com.yukon.opc.testclient.ClientExampleRunner.run(ClientExampleRunner.java:107)
at com.yukon.opc.testclient.BrowseNodeExample.main(BrowseNodeExample.java:32)
Caused by: UaException: status=Bad_SecurityChecksFailed, message=security checks failed
at com.yukon.opc.stack.client.handlers.UaTcpClientAcknowledgeHandler.onError(UaTcpClientAcknowledgeHandler.java:232)
at com.yukon.opc.stack.client.handlers.UaTcpClientAcknowledgeHandler.decode(UaTcpClientAcknowledgeHandler.java:128)
at io.netty.handler.codec.ByteToMessageCodec$1.decode(ByteToMessageCodec.java:42)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:387)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:245)
at io.netty.handler.codec.ByteToMessageCodec.channelRead(ByteToMessageCodec.java:103)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:528)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:485)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:399)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:371)
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112)
at java.lang.Thread.run(Unknown Source)

Thanks,
Isuru

_______________________________________________
milo-dev mailing list
milo-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/milo-dev

_______________________________________________
milo-dev mailing list
milo-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/milo-dev

_______________________________________________
milo-dev mailing list
milo-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/milo-dev

Follow-Ups:
- Re: [milo-dev] Security issue
  - From: Isuru Samaraweera

References:
- [milo-dev] Security issue
  - From: Isuru Samaraweera
- Re: [milo-dev] Security issue
  - From: Kevin Herron
- Re: [milo-dev] Security issue
  - From: Isuru Samaraweera

Prev by Date: Re: [milo-dev] Security issue
Next by Date: Re: [milo-dev] Security issue
Previous by thread: Re: [milo-dev] Security issue
Next by thread: Re: [milo-dev] Security issue
Index(es):
- Date
- Thread

Breadcrumbs