FreeOpcUa · oroulet · Aug 29, 2018 · Aug 29, 2018
diff --git a/opcua/common/connection.py b/opcua/common/connection.py
@@ -52,7 +52,10 @@ def from_header_and_body(security_policy, header, buf):
         if signature_size > 0:
             signature = decrypted[-signature_size:]
             decrypted = decrypted[:-signature_size]
-            crypto.verify(header_to_binary(obj.MessageHeader) + struct_to_binary(obj.SecurityHeader) + decrypted, signature)
+            try:
+                crypto.verify(header_to_binary(obj.MessageHeader) + struct_to_binary(obj.SecurityHeader) + decrypted, signature)
+            except UaError:
+                logger.exception("Could not verify signature for message {}".format(obj))
         data = ua.utils.Buffer(crypto.remove_padding(decrypted))
         obj.SequenceHeader = struct_from_binary(ua.SequenceHeader, data)
         obj.Body = data.read(len(data))

diff --git a/opcua/crypto/security_policies.py b/opcua/crypto/security_policies.py
@@ -273,7 +273,7 @@ def signature_size(self):
     def verify(self, data, signature):
         expected = uacrypto.hmac_sha1(self.key, data)
         if signature != expected:
-            raise uacrypto.InvalidSignature
+            raise UaError("Invalid signature in data {} with signature {}".format(data, signature))
 
 
 class EncryptorAesCbc(Encryptor):

diff --git a/opcua/crypto/uacrypto.py b/opcua/crypto/uacrypto.py
@@ -1,7 +1,6 @@
 import os
 
 from cryptography import x509
-from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives import hashes