-
Notifications
You must be signed in to change notification settings - Fork 227
/
Changelog.txt
326 lines (232 loc) · 18.7 KB
/
Changelog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
1.4.1.1
Fixed (#194): SpongyCastle provider is now automatically picked in BouncyCastleUtils class
1.4.1
New (#185): Support for ReverseHello (see the ReverseHelloClientServerExample)
New: Better configuration of initial timeouts in opc.tcp connections (see OpcTcpSettings)
Fixed (#187): Changed the 'https' urls in examples to be 'opc.https' to match #159 changes made in 1.4.0
1.4.0
A major release, containing basic support for OPC UA 1.04.
Important (#159): Fixed HTTPS. Server no longer does client side TLS checks as per part 6. Note that the result means that proper UA HTTPS made with 'None' SecurityMode provides only encryption, not application level authentication. If used in conjunction with UserTokenPolicy Anonymous, anyone can access the server (but the traffic is encrypted, behaves like a normal web server/page). SecurityModes with Sign MessageSecurityMode should be used instead if application level authentication is required (and this then uses the same certs as opc.tcp). Additionally based on 1.04 Part 6, the scheme name is now 'opc.https' (instead of old 'https'), which is a breaking change. The stack 1.4.0 only supports this new scheme. Additionally added SecurityMode getter for EndpointServiceRequest to accommodate other than None modes, as the channel is shared between all HTTPS clients, and therefore cannot be used to determine client selection. Please read 1.04 specification Part 6 for more information.
Important (#164): Moved SunJCE based Crypto and CertificateProvider outside of the stack. See folder 'graveyard' of the repo. They are not expected to work in modern java 9+ versions due to having dependencies to the internal api of the JRE. Additionally they did not work properly in all situations anyway nor were able to support full feature set required by the interfaces/UA. As a result the Bouncy/SpongyCastle in practice is a mandatory dependency to the stack (outside of implementing your own Crypto/CertificateProvider).
Important (#121): SecurityMode constants moved to SecurityPolicy (which is also now enum). HttpsSecurityPolicy is also an enum. SecurityMode.combinations method can be used to make permutations of MessageSecurityMode+SecurityPolicy. This avoids the possible confusions on what is considered 'secure' (sign? or only signAndEncrypt?) as now the constants only define what policies which version of the specification consideres secure. Additionally removed the ALL constant, as users should make the choice about which modes to support. Please read 1.04 Part 7 and determine which policies your application supports (some of them are considered deprecated in 1.04, but are heavily used in the industry still).
Fixed (#12): ExpandeNodeIds no longer defines the uri always for the 0-namespace.
Fixed (#33): Names of threads are more descriptive, can be configured. See StackUtils class.
Fixed (#89): Handing of unknown built-in type ids (with assumptions, see the issue)
Fixed (#102): SpongyCastle should be picked up on android better
Fixed (#157): Reflection should no longer provide warnings on java 9+
Fixed (#177): Possible memory leak if StackUtils.shutdown and stack is "restarted". Removed ThreadGroups.
Fixed (#180): ExtensionObject.binaryEncode was overriding the EncoderContext permanently.
Changed (#169): Changed BinaryEncoder mode to be NonStrict by default. All usecases of the stack codebase always changed it to be NonStrict.
Changed (#179): ExtensionObject now uses ByteString in places where it previously used byte[].
Changed (#182): MultidimensionArrayUtils.toString does not by default decode ExtensionObjects.
Changed (#168): Removed EncoderCalc. Refactored logic to avoid precalc for the size where possible.
New (#136): Regenerated classes based on 1.04 resource files (with currently released amendments 1,2,3 for 1.04).
New (#160): New UA Type Decimal, mapped to Java BigDecimal (with assumptions, see the issue).
New (#161): Multidimensional array encoding rules outside of Variant.
New (#163): Support for new security policies defined in 1.04
New (#168): LimitedByteArrayOutputStream and SizeCalculationOutputStream. Can be used with BinaryEncoder in situations where EncoderCalc was previously used.
New (#176): Added a server-side timestamp to EndpointServiceRequest.
New (#178): Added static valueOf(String) method to the unsigned types to match jdk ones.
New (#174): Added Automatic-Module-Name 'org.opcfoundation.ua.stack' to the manifest. Should help when running in Java 9+ module system.
1.3.346
Fixed (#167): Removed redundant Message size calculation in TcpConnection.encodeMessage
Fixed: Added .setProvider("BC") to BouncyCastleUtils.writeToPem as like in others methods of that class
1.3.345
Fixed (#83): Fixed NPE if equals was called for lazily encoded ExtensionObject
Fixed (#150): First tcp message "UA Hello" was segmented, added buffering to avoid tcp fragments of one byte
Fixed (#154): ErrorMessage was sent twice during forming secure channel if there was errors, caused problems vs. Foundation C-stack
Fixed (#155): BinaryDecoder.getExpandedNodeId failed for standard numeric ids in range 128-255
Fixed: ExpandedNodeId.toString uses 'svr' instead of 'srv' for server index output. This is expected by ExpandedNodeId.parseExpandedNodeId and is also the specified as such in the XML encoding for ExpandedNodeId.
Improved: logging and allowing override for logic added in 1.3.344 for disabling the DTD processing in XML
New: static `TcpConnection.setDefaultHandshakeTimeout` which can be used to set a lower timeout default for the initial connection from the default 60000 (milliseconds). Operating System settings influences the maximum possible value, in practice it would see to be at max 20 seconds on e.g. Windows defaults.
1.03.342.0
API Change (#81): Create ByteString class, mapping UA ByteString to ByteString instead of byte[], affects API, request/responses and e.g. NodeId opaque value type.
Fixed (#8): SampleClient uses the #22 cert store and validation
Fixed (#9): StringUtils.addLineBreaks is now used when storing Cert and PrivKey in pem mode
Fixed (#13): Fixed a problem where server socket goes to unrecoverable CLOSE_WAIT state
Fixed (#23): Cert chain is now validated until a root CA is found
Fixed (#44): Sun JCE Crypto/Certificate fallback is now by default disabled
Fixed (#77): EncoderUtils: Array of Structures is serialized correctly
Fixed (#82): Variant accepts any dimension (+scalar) Enumeration arrays and converts it to equivalent integer array. For Variants containing Integer arrays (or scalar), can be converted to Enumerations via asEnum method
Fixed (#87): SunJCECryptoProvider.base64Decode handles line breaks (Fixed as part of #9)
Fixed (#97): Fixed BinaryDecoder.getVariant ArrayDimensions handling (via pull request #101)
New (#79): Unsigned types have new method .parseTYPE(String, radix)
New (#80): Client new method discoverServersOnNetwork
1.03.341.0
API Change (Github #49): NodeClass.Unspecified is removed
Build Change (Github #43, #46, #48): The 'jdk6' profile is no longer active by default. NOTE! in order to be sure that the built jar works on java 6, please build using the 'jdk6' profile, this does require the use of maven toolchains and jdk6 installation.
New (Github #22): Added certificate validation support, see org.opcfoundation.ua.cert package
New (Github #50): Added StandardEngineeringUnits class that contains a set of standard units
New/Changed (Github #52): Added StatusWrite and TimestampWrite enum constants to AccessLevel
New (Github #61): Added support for TLS 1.2 with PFS
Fixed (Github #18): TcpConnection.ReadThread now catches all Exceptions
Fixed (Github #45): EncoderUtils.put now serializes based on the given class parameter
Fixed (Github #47): Javadocs added, mostly autogenerated via maven-javadoc-plugin:fix
Fixed/Changed (Github #53): BinaryDecoder.getVariant does now check total size based on array dimensions
Fixed/Changed (Github #65): Structures are now cloneable by interface .clone method, also inherit from AbstractStructure
Fixed (Github #60): Fixed constant 200 millisecond waits in service calls with certain condition
Fixed (Github #66): XMLDecoder.getContentAsString does now return all data
Fixed (Github #69): CertificateUtils.getApplicationUriOfCertificate() doesn't anymore expect all values to be strings
Note (Github #10): Duplicate of Github #52
Note (Github #63): LICENSE.txt updated/clarified
1.03.340
New (Github #32): Converted toa maven project
New (Github #28): Codegen classes to 1.03 spec
Fixed (Github #39): StackUtils Executors fields changed to private
Fixed (Github #36): Possible overflow when checking lenghts in BinaryDecoder
Fixed (Github #30): StackUtils.shutdown clears all resources
Fixed (Github #35): ExpandedNodeId.isNullNodeId should work also when the standard namespace URI is used instead of namespace index
Note (Github #27 and #26): No changes needed for Union and Optional Structure Fields, because it is purely serializer implementation and out of scope for the stack, because the standard model does not define such types.
1.02.337.8
New: XMLFactoryCache, caches XML parsing related factories
Fixed (Github #1): DateTime.parseDateTime typo fixed
Fixed (Github #2): CloseSecureChannelRequest should be sent with CLOF header
Fixed (Github #30): Proper shutdown for blocking work executor's rejectionhandler
New: IEncoder.put() & EncoderUtils.put() overloads with Class argument
1.02.337.6
Fixed (Mantis 3149): Private keys encrypted with passwords containing non-ASCII characters cannot be loaded
Fixed (Mantis 3139): sendPendingMessagesRunnable should not run in parallel
Changed: TIMEOUT_TOLERANCE (constant 10%) for client side - extra time to wait before defining a request has timed out
Changed: Generating cert with SUN JCE, to use subject names as plain string instead of CertificateIssuerName object.
1.02.337.4
Library update: Spongy Castle updated to version 1.52
Fixed (Mantis 3114): NullPointerException from XmlDecoder.getVariant() if an unknown Structure type is read
Fixed: potential NPE in EndpointUtil.createUserNameIdentityToken
New (Mantis 3084): Enable connection handshake timeout to be configured
Fixed (Mantis 3116): BAD_TIMEOUT constant loses stack trace in SecureChannelTcp
Fixed (Mantis 3101): Renewed security token is not taken in use before the old one expires
Fixed (Mantis 3108): Limit depth of recursion for variant arrays and diagnosticInfo.
1.02.337.2
Library update: Bouncy Castle updated to version 1.52, Spongy Castle updated to version1.51
Library update: Support for HTTP Core classes version 4.4 added - a minor issue found in unit tests,
so version 4.2 is still the default library suggested
Changed (Mantis 2824): Extensible "security framework" allowing custom security engines to be incorporated
- New interfaces: CryptoProvider and CertificateProvider, including fault implementations. See readme.txt for details
New (Mantis 2823): Sample Nano Server
- Minimal server intended to conform to Nano Embedded Device Server Profile.
Fixed (Mantis 3041): Enable the endpointUrl check between GetEndpoints and CreateSession responses to be omitted
- createSession can be called without discoveredEndpoints to omit the check
Fixed (Mantis 3042): XmlDecoder.getByteString refers to javax.xml.bind, which is not available on all environments
Fixed (Mantis 2590): Basic256Sha256 interoperability testing
Fixed (Mantis 3005): Encoding and decoding Structures in Structures is not working against C/.NET Stack
Fixed (Mantis 2495): GetEndpoints should return endpoints bound to the queried network interface only
1.02.336.2
Fixed (Mantis 2604): CloseSecureChannel never called
Library Change (Mantis 2629): Replace Apache log4j with SLF, which is a more flexible logging framework
- log4j can be used via the slf4-log4j bridge
- see install.txt and readme.txt for details on usage
Fixed (Mantis 2818): XmlElement.getNode() fails if the XML string contains a BOM
Fixed (Mantis 2108): IPV6 should be supported
- requires Java 7 or later
- New: EndpointUtil.getInetAddresses(boolean enableIPv6) - called by default with 'true'
Changed (Mantis 2633): SecureChannel should expose the SecurityConfiguration
Changed (Mantis 2879): AsyncResult changed to a Generic class - and serviceRequestAsync changed to return AsyncResult<ServiceResponse>
Changed: ObjectUtils.printObjectIds & shoDataType default changed to false to give prettier printing by default
New: DateTime.is/setLocaleTimeInToString()
1.02.335.7
Fixed: XmlElement.toString() to not throw exception, if the XmlElement is not XML at all
Fixed: StatusCode.getName() to provide a name for plain "BAD" as well
Fixed: EncoderContext.getDefaultInstance() to use NamespaceTable.getDefaultInstance() (which is NEW)
1.02.335.6
Fixed (Mantis 2660) the FileType definition according to the fixed Nodeset2.xml
New (Mantis 1230): equals() and hashCode() generated to Structure types
New: ExpandedNode(uri,value) constructor (assuming serverIndex=0)
New: ObjectUtils.equals(left, right)
New: valueOf(int[]), valueOf(Integer[]), valueOf(UnsignedInteger[]) for all Enumeration types
New: LocalizedText(string) constructor (assuming NO_LOCALE)
New: IEncoder.put(), IDecoder.get, EncoderUtils
Fixed (Mantis 1810, which was supposed to be fixed already...): Do not check the securityMode when opening the channel - to enable only secure endpoints used for actual connections (since GetEndpoints must be performed over an insecure channel, anyway)
Fixed: Do not use namespace to calculate ExpandedNodeId.hashCode() - since the same namespace will give different hashCodes depending on which is used
Changed (Mantis 1534): NumericRange supports several dimensions
Changed: ExpandedNodeId used in places where NodeId was previously used (especially in Structure types). In addition, EncoderContext is required in some methods. The EncoderContext object is available from Server and Client objects.
Changed: XmlDecoder.setNamespaceTable() to enable mapping of namespace indexes between XmlElements and the target system
Changed: Refactored HttpsServerSecureChannel to inherit from AbstractServerSecureChannel
Fixed: CryptoUtil.asymmEncrypt() did not use the correct transformation - failing with 256 bit user password encryption.
New: DateTime.get/setStrFormat() & fromMillis()
New: ObjectUtils.set/getShowDataType(), set/getPrintObjectIds(), set/getShowByteDataAsHex(), set/getShowFullClassName()
Changed: Bad_CertificateInvalid error to Bad_SecurityChecksFailed
New: DataValue.clone()
Fixed: UnsignedLong constructor with BigInteger (equal to Long.MAX_VALUE)
Fixed (Mantis 2783): Use createNonce() with the symmetricEncryptionAlgorithm, instead of asymmetric, in OpenSecureChannel
1.02.334.10
Fixed: CertificateUtils.createIssuerCertificate() dates
Fixed: XmlDecoder, reading missing optional field.
1.02.334.9
Fixed: Provide Bad_TcpEndpointUrlInvalid from the server, if the requested endpoint is not found.
1.02.334.8
New: CertificateUtils.getApplicationUriOfCertificate()
Fixed: BigCertificateExample
Fixed: All compiler warnings removed (except for the generated core-classes).
1.02.334.7
Minor details with opening client connection.
New: SecurityMode.ALL_102 & SECURE_102
Mantis issues resolved
2616: Certificate Subject does not define the hostname in the DC field
1615: NodeId & ExpandedNodeId refer to Sun implementation of base64
2607: Remove BASIC256SHA256 from SecurityModes.ALL
2605: Keep HTTPS socket connection alive forever in the server
1.02.334.6
New: CertificateUtils.createIssuerCertificate()
New: CertificateUtils.createHttpsCertificate()
Changed: CertificateUtils.createApplicationInstanceCertificate() takes an optional issuerKeys, which is used to sign the certificate
Changed: Examples to use createHttpsCertificate() and createIssuerCertificate() via ExampleKeys.getHttpsCertificate()
Changed: StatusCode.OVERFLOW_MASK
New: StatusCode.INFOTYPE_DATAVALUE & OVEFLOW_BIT
New: CertificateUtils.set/getCertificateSignatureAlgorithm
Removed: ClientExample2-4, TestStackExample
Mantis issues resolved
2588 StatusCode does not support InfoType
2595 Incorrect CertificateSignatureAlgorithm used
2593 Create basic implementation for Browse and Read to ServerExample1
2590 HTTPS Certificate fields of the sample applications
1.02.334.5
IOP tested HTTPS against .NET and C stacks
Updated Makefiles to enable building (and running) of samples from the command line
1.02.334.4
Mantis issues resolved
2493 GetEndpoints only returns endpoints of the "same" protocol
2556 EndpointDescription.TransportProfileUri incorrect for HTTPS endpoints
1.02.334.3
New: HttpsSecurityPolicy (moved TLS policies from SecurityMode to this separate class)
New: HttpsSettings.get/setHttpsSecurityPolicy()
Changed: HTTP core libraries updated to version 4.2.4/5
Mantis issues resolved
2467 Client side stack is not checking timeout based on RequestHeader
1.02.334.2
Mantis issues resolved
2426 Certificate generated by SampleClient not read by the UA Configuration tool
2436 GenerateCertificateExample fails
2449 EndpointUtil.createX509IdentityToken defines an incorrect algorithm for UserTokenSignature/SignatureData
1.02.334.1
Mantis issues resolved
1392 MaxRequestMessageSize not used
2345 NPE during connection break
2346 Bad_UnexpectedError instead of Bad_IdentityTokenRejected in client, if user token not supported by server
2379 Uncaught exception after communication problem
2308 XmlElement bigger than 64kB not marshalled properly via Read service
2400 Inconsistency between UpdateEventDetails in spec and stacks
1.02.334.0
Major features
o https
o Big certificates (keysize > 2048) and new SecurityPolicy: Basic256Sha256
o BouncyCastle upgraded to 1.47
o SpongyCastle for Android security
Major changes
o "" URL has Endpoint socket discovery.
o Binding endpoint refactored. A socket can host different service servers.
o Cryptography refactored: enabling different security providers
o Server, Client and Application classes refactored.
o Client: Separation of connectUrl (socket address) and endpointUrl (identifier)
o IPv6 https
Changes & Fixes:
o Dead-lock from misbehaving Executor
o Worker thread count limited to 64 (changeble)
Mantis issues resolved in this release:
1810 GetEndpoints not available if SecurityPolicy.None not available
1995 Open Secure Channel policy None
1836 Problem with key length larger 2048 bits
2074 HTTPS Support
1802 Troubleshoot with Publish Requests
1830 Provide abilility to use "available" security providers
2134 The JAVA Stack adds additional bytes to messages in the absence of security profiles that sign or encrypt the message chunk
2214 Memory leak in UaTcpServer; connections not released