From 4c4f29e609713bc5a0baf5eefe66fe28e9bc8b32 Mon Sep 17 00:00:00 2001
From: oroulet <olivier@loke>
Date: Wed, 29 Aug 2018 10:56:58 +0200
Subject: [PATCH 1/2] do not raise crypto error if signature error, raise
 UaError so it get catched

---
 opcua/crypto/security_policies.py | 2 +-
 opcua/crypto/uacrypto.py          | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/opcua/crypto/security_policies.py b/opcua/crypto/security_policies.py
index 82d66a6d8..d498bb57d 100644
--- a/opcua/crypto/security_policies.py
+++ b/opcua/crypto/security_policies.py
@@ -273,7 +273,7 @@ def signature_size(self):
     def verify(self, data, signature):
         expected = uacrypto.hmac_sha1(self.key, data)
         if signature != expected:
-            raise uacrypto.InvalidSignature
+            raise UaError("Invalid signature in data {} with signature {}".format(data, signature))
 
 
 class EncryptorAesCbc(Encryptor):
diff --git a/opcua/crypto/uacrypto.py b/opcua/crypto/uacrypto.py
index 4d1c41916..ac3efb0c0 100644
--- a/opcua/crypto/uacrypto.py
+++ b/opcua/crypto/uacrypto.py
@@ -1,7 +1,6 @@
 import os
 
 from cryptography import x509
-from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives import hashes

From 3ce97ae95e7ad24cfa4a6d15a54bbea10e267c50 Mon Sep 17 00:00:00 2001
From: oroulet <olivier@loke>
Date: Wed, 29 Aug 2018 11:02:23 +0200
Subject: [PATCH 2/2] only print error if signature not verified. do not raise
 exception

---
 opcua/common/connection.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/opcua/common/connection.py b/opcua/common/connection.py
index 18b251825..8673a5cee 100644
--- a/opcua/common/connection.py
+++ b/opcua/common/connection.py
@@ -52,7 +52,10 @@ def from_header_and_body(security_policy, header, buf):
         if signature_size > 0:
             signature = decrypted[-signature_size:]
             decrypted = decrypted[:-signature_size]
-            crypto.verify(header_to_binary(obj.MessageHeader) + struct_to_binary(obj.SecurityHeader) + decrypted, signature)
+            try:
+                crypto.verify(header_to_binary(obj.MessageHeader) + struct_to_binary(obj.SecurityHeader) + decrypted, signature)
+            except UaError:
+                logger.exception("Could not verify signature for message {}".format(obj))
         data = ua.utils.Buffer(crypto.remove_padding(decrypted))
         obj.SequenceHeader = struct_from_binary(ua.SequenceHeader, data)
         obj.Body = data.read(len(data))