View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009813CTT UA Test Case4 - Test Case Definitionpublic2024-09-03 09:372024-09-03 09:37
ReporterTomi Takala Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version1.04.11.502 
Summary0009813: Security User Name Password 006.js test fails with SecurityPolicyNone and empty password
Description

If SecurityPolicyNone is used, no serverNonce is appended to the password field according to:

UserNameIdentityToken: https://reference.opcfoundation.org/Core/Part4/v104/docs/7.36.4
Password field format: https://reference.opcfoundation.org/Core/Part4/v104/docs/7.36.2.2

Test case expects ActivateSessionRequest to fail as the serverNonce is missing.

However, that is standard behaviour if SecurityPolicyNone is used and the request should succeed.

Of course, SecurityPolicyNone is not recommended to be used but, as I understand it, v1.0,4 specifications doesn't forbid using it.

Could the test case take into account the used security policy and, for example, not run the test if SecurityPolicyNone is used or then allow success in that case?

As an additional thing, the test could use the configured password so that it really tests the missing serverNonce and doesn't succeed because BadUserAccessDenied is returned.

Steps To Reproduce

Have user with empty password configured in UACTT settings.
Have a server that has only SecurityPolicyNone supported.
Run the test case.

Additional Information

Actually the product version that I'm using seems to be 1.04.11.508 but that wasn't available in the drop down.

Wireshark log and test log attached.

TagsNo tags attached.
Attached Files
Security_User_Name_Password_006.txt (10,928 bytes)    
AuditThread::Start args = false
GetEndpoints( LocaleIds #0; ProfileUris #0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
OpenSecureChannel( MessageSecurityMode: None; RequestedSecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None ); Result = Good (0x00000000)
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CreateSession( EndpointUrl=opc.tcp://192.168.1.202:4840/; SessionName: UaCttSession_1; RequestedSessionTimeout: 60000 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
buildUserNameIdentityToken - password not encrypted!
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
ActivateSession( LocaleIds #1; UserIdentityToken: open62541-username-policy-none#None ( ClientSignature=, UserTokenSignature= ) ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #2; TimestampsToReturn: 1; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Obtaining the ServerCapabilities...
Read( NodesToRead #12; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #12; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #3; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #3; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #7; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #7; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #4; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #4; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #2; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #2; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #7; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #7; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #4; TimestampsToReturn: 2; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CloseSession().Result: Good (0x00000000)
CloseSession( DeleteSubscriptions=true ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CloseSecureChannel(); Result = Good (0x00000000)
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
OpenSecureChannel( MessageSecurityMode: None; RequestedSecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None ); Result = Good (0x00000000)
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CreateSession( EndpointUrl=opc.tcp://192.168.1.202:4840/; SessionName: UaCttSession_2; RequestedSessionTimeout: 60000 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
buildUserNameIdentityToken - password not encrypted!
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
ActivateSession( LocaleIds #1; UserIdentityToken: open62541-username-policy-none#None ( ClientSignature=, UserTokenSignature= ) ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #2; TimestampsToReturn: 1; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Calling BuildCacheMap Loop Count 1
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CloseSession().Result: Good (0x00000000)
CloseSession( DeleteSubscriptions=true ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CloseSecureChannel(); Result = Good (0x00000000)
Time in BuildCacheMap = 0 seconds
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
OpenSecureChannel( MessageSecurityMode: None; RequestedSecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None ); Result = Good (0x00000000)
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CreateSession( EndpointUrl=opc.tcp://192.168.1.202:4840/; SessionName: UaCttSession_3; RequestedSessionTimeout: 60000 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CloseSession().Result: Good (0x00000000)
CloseSession( DeleteSubscriptions=true ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CloseSecureChannel(); Result = Good (0x00000000)



***** CONFORMANCE UNIT 'Security User Name Password' INITIALIZATION COMPLETE - TESTS STARTING ******



	~~~ START OF TEST [username006] ~~~

Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
OpenSecureChannel( MessageSecurityMode: None; RequestedSecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None ); Result = Good (0x00000000)
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CreateSession( EndpointUrl=opc.tcp://192.168.1.202:4840/; SessionName: UaCttSession_4; RequestedSessionTimeout: 60000 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CloseSession().Result: Good (0x00000000)
CloseSession( DeleteSubscriptions=true ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CreateSession( EndpointUrl=opc.tcp://192.168.1.202:4840/; SessionName: UaCttSession_5; RequestedSessionTimeout: 60000 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
buildUserNameIdentityToken - password not encrypted!
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
ActivateSession( LocaleIds #1; UserIdentityToken: open62541-username-policy-none#None ( ClientSignature=, UserTokenSignature= ) ).Response.ResponseHeader.ServiceResult: Good (0x00000000); would've accepted: Expected: BadIdentityTokenRejected (0x80210000) or BadUserAccessDenied (0x801f0000)
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CloseSession().Result: Good (0x00000000)
CloseSession( DeleteSubscriptions=true ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CloseSecureChannel(); Result = Good (0x00000000)


	~~~ END OF TEST [username006] ~~~




***** CONFORMANCE UNIT 'Security User Name Password' TEST SCRIPTS COMPLETE ******




***** CONFORMANCE UNIT 'Security User Name Password' TESTING COMPLETE ******

Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
OpenSecureChannel( MessageSecurityMode: None; RequestedSecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None ); Result = Good (0x00000000)
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CreateSession( EndpointUrl=opc.tcp://192.168.1.202:4840/; SessionName: UaCttSession_6; RequestedSessionTimeout: 60000 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
buildUserNameIdentityToken - password not encrypted!
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
ActivateSession( LocaleIds #1; UserIdentityToken: open62541-username-policy-none#None ( ClientSignature=, UserTokenSignature= ) ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Read( NodesToRead #2; TimestampsToReturn: 1; MaxAge: 0 ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.


	~~~ START OF TEST [CheckAllUAServices] ~~~

Discovery =>
	FindServers() => Implemented
	GetEndpoints() => Implemented
	RegisterServer() => NotImplemented
Session =>
	CreateSession() => Implemented
	ActivateSession() => Implemented
	CloseSession() => Implemented
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
	Cancel() => Implemented
NodeManagement =>
	AddNodes() => NotImplemented
	AddReferences() => NotImplemented
	DeleteNodes() => NotImplemented
	DeleteReferences() => NotImplemented
View =>
	Browse() => Implemented
	BrowseNext() => Implemented
	TranslateBrowsePathsToNodeIds() => Implemented
	RegisteredNodes() => Implemented
	UnregisterNodes() => Implemented
Query =>
	QueryFirst() => NotImplemented
	QueryNext() => NotImplemented
Attribute =>
	Read() => Implemented
	HistoryRead() => NotImplemented
	Write() => Implemented
	HistoryUpdate() => NotImplemented
Method =>
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
	Call() => Implemented
MonitoredItem =>
	CreateMonitoredItems() => Implemented
	ModifyMonitoredItems() => Implemented
	SetMonitoringMode() => Implemented
	SetTriggering() => Implemented
	DeleteMonitoredItems() => Implemented
Subscription =>
	CreateSubscription() => Implemented
	ModifySubscription() => Implemented
	SetPublishingMode() => Implemented
	Publish() => Implemented
	Republish() => Implemented
	TransferSubscription.Response.Results[0] = BadSubscriptionIdInvalid (0x80280000) BadSubscriptionIdInvalid (0x80280000)
	TransferSubscriptions() => Implemented
	DeleteSubscriptions() => Implemented


	~~~ END OF TEST [CheckAllUAServices] ~~~

Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CloseSession().Result: Good (0x00000000)
CloseSession( DeleteSubscriptions=true ).Response.ResponseHeader.ServiceResult: Good (0x00000000) as expected.
Audit::PushAuditRecord - Thread and/or Subscription id is not initialized yet
CloseSecureChannel(); Result = Good (0x00000000)
******************************************
	COMPLIANCE TEST RUN COMPLETE
******************************************
	FINAL REPORT
******************************************
	UA SERVICES TESTED
******************************************
	Sessions Used: 6
	******************************************
Security_User_Name_Password_006.txt (10,928 bytes)   
CTT_Security_User_Name_Password_006.pcapng (538,256 bytes)
Files Affected

Activities

Issue History

Date Modified Username Field Change
2024-09-03 09:37 Tomi Takala New Issue
2024-09-03 09:37 Tomi Takala File Added: Security_User_Name_Password_006.txt
2024-09-03 09:37 Tomi Takala File Added: CTT_Security_User_Name_Password_006.pcapng