<div dir="ltr">As I understand it, isn't the core issue that "/usr/share/oat-client/aik.cer" is never generated<div>and causes the error, since it is missing?</div><div><br></div><div>/Nicolae</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On 13 November 2013 12:01, Nicolae Paladi <span dir="ltr"><<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi, <div><br></div><div>thank you for the feedback;</div><div>I've gone through the steps again, but obtained the exactly same problem:</div><div><br></div><div>1. I removed all of the previously installed packaged related to OAT.</div>
<div><br></div><div>2. I followed the tutorial, until this command:</div><div><br></div><div>bash provisioner.sh <br></div><div><div class="im"><div>provisioner.sh: line 7: systemctl: command not found</div><div>### ecStorage = NVRAM###</div>
</div><div>Performing TPM provisioning...FAILED</div><div>javax.xml.ws.WebServiceException: Failed to access the WSDL at: <a href="https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactoryService?wsdl" target="_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactoryService?wsdl</a>. It failed with: </div>
<div> Connection refused.</div><div> at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:162)</div><div> at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:144)</div>
<div> at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:265)</div><div> at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)</div><div> at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)</div>
<div> at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104)</div><div> at javax.xml.ws.Service.<init>(Service.java:77)</div><div> at gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebService2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryServiceService.java:42)</div>
<div> at gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2ClientInvoker.java:32)</div><div> at gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)</div>
<div>Caused by: java.net.ConnectException: Connection refused</div><div> at java.net.PlainSocketImpl.socketConnect(Native Method)</div><div> at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)</div>
<div> at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)</div><div> at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)</div><div> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)</div>
<div> at java.net.Socket.connect(Socket.java:579)</div><div> at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)</div><div> at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)</div>
<div> at sun.net.NetworkClient.doConnect(NetworkClient.java:180)</div><div> at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)</div><div> at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)</div>
<div> at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)</div><div> at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)</div><div> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)</div>
<div> at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932)</div><div> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)</div>
<div> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)</div><div> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)</div>
<div> at java.net.URL.openStream(URL.java:1037)</div><div> at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:804)</div><div> at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:262)</div>
<div> at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:129)</div><div> ... 8 more</div><div>Failed to initialize the TPM, error 1</div><div>Performing HIS identity provisioning...FAILED</div>
<div>gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2()</div><div> at gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)</div><div> at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:217)</div>
<div class="im">
<div>Failed to receive AIC from Privacy CA, error 1</div><div>Registering identity with server...FAILED</div><div>java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory)</div><div> at java.io.FileInputStream.open(Native Method)</div>
</div><div> at java.io.FileInputStream.<init>(FileInputStream.java:146)</div><div> at java.io.FileInputStream.<init>(FileInputStream.java:101)</div><div class="im"><div> at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)</div>
<div> at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99)</div><div>Failed to register identity with appraiser, error 1</div></div></div><div><br></div><div>Should I have updated anything else?</div>
<div><br></div><div>cheers,</div><div>/Nicolae.</div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On 1 November 2013 10:14, Wei, Gang <span dir="ltr"><<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This is indeed an issue caused by the incompatibility between OAT tpm access<br>
code & tpm-tools(tpm_takeownership -z). It has already been fixed. Please<br>
follow below wiki and try again.<br>
<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe</a>.<br>
<br>
Thanks<br>
Jimmy<br>
<br>
Nicolae Paladi wrote on 2013-10-28:<br>
<div>> Hi, I've followed the recipe<br>
> (<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec</a><br>
</div>> i pe) but didn't get it to run yet; I think a step is missing -- the AIK<br>
<div>> is not available is /usr/share/oat-client (it was not available in<br>
> /var/lig/oat-appraiser/ClientFiles either); when I try to run<br>
> provisioner.sh, I get the following: provisioner.sh: line 7: systemctl:<br>
> command not found ### ecStorage = NVRAM### Performing TPM<br>
> provisioning...710 DONE Successfully initialized TPM Performing HIS<br>
> identity provisioning...FAILED java.util.NoSuchElementException<br>
> at java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>
> at<br>
> gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21<br>
> 5)<br>
> at<br>
> gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29<br>
> 2)<br>
> at<br>
> gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione<br>
</div>> r.java: 225) Failed to receive AIC from Privacy CA, error 1 Registering<br>
<div><div>> identity with server...FAILED java.io.FileNotFoundException:<br>
> /usr/share/oat-client/aik.cer (No such file or directory)<br>
> at java.io.FileInputStream.open(Native Method)<br>
> at java.io.FileInputStream.<init>(FileInputStream.java:137)<br>
> at java.io.FileInputStream.<init>(FileInputStream.java:96)<br>
> at<br>
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
> at<br>
><br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99<br>
)<br>
> Failed to register identity with appraiser, error 1<br>
><br>
><br>
><br>
> Thanks,<br>
> /Nicolae<br>
><br>
><br>
> On 27 October 2013 22:55, Nicolae Paladi <<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>> wrote:<br>
><br>
><br>
> Awesome, thanks!<br>
><br>
> I'll try this out in the morning<br>
><br>
> /Nicolae<br>
><br>
><br>
> On 27 October 2013 17:03, Wei, Gang <<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>> wrote:<br>
><br>
><br>
> Please refer to<br>
><br>
><br>
<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>
> Recipe.<br>
><br>
> Jimmy<br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>