<div dir="ltr">Hi, <div><br></div><div>I am using port 8443, since no other process -- as far as I know -- is using it;</div><div><br></div><div>below you will find all of the requested configuration files:</div><div><br></div>
<div>Contents of /etc/oat_client/*:</div><div>log4j.properties: <a href="http://pastebin.com/MQLM68vs">http://pastebin.com/MQLM68vs</a></div><div>OAT.properties: <a href="http://pastebin.com/LwHihxah">http://pastebin.com/LwHihxah</a></div>
<div>OATprovisioner.properties: <a href="http://pastebin.com/0x5TShtZ">http://pastebin.com/0x5TShtZ</a></div><div>TPMModule.properties: <a href="http://pastebin.com/hvw9gfRE">http://pastebin.com/hvw9gfRE</a></div><div><br>
</div><div><br></div><div>server.xml: <a href="http://pastebin.com/VZ9Vk6iC">http://pastebin.com/VZ9Vk6iC</a></div><div>OAT_client.sh: <a href="http://pastebin.com/St4yCGcF">http://pastebin.com/St4yCGcF</a><br></div><div>
provisioner.sh: <a href="http://pastebin.com/RedqQt8V">http://pastebin.com/RedqQt8V</a><br></div><div><br></div><div>cheers,</div><div>/Nicolae.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 13 November 2013 14:47, Wei, Gang <span dir="ltr"><<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This time it failed earlier. Looks like the PCA webservice2 was not<br>
listening on 8443 port. Have you replaced the port 8443 with 8442 in server<br>
side ($TOMCAT_HOME/conf/server.xml) but not change it in client side<br>
(/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied<br>
by another app?<br>
<br>
Please copy the content from your current server.xml, OAT_client.sh,<br>
provisioner.sh and /etc/oat-client/* into the content of your reply for<br>
analysis. (don't attach *.sh as attachments, that will get filtered by my<br>
company's mailing system).<br>
<br>
Thanks<br>
Jimmy<br>
<div class="im HOEnZb"><br>
<br>
> -----Original Message-----<br>
> From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>]<br>
> Sent: Wednesday, November 13, 2013 7:01 PM<br>
> To: Wei, Gang<br>
> Cc: Doron Fediuck; <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>
> Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
><br>
</div><div class="HOEnZb"><div class="h5">> Hi,<br>
><br>
> thank you for the feedback;<br>
> I've gone through the steps again, but obtained the exactly same problem:<br>
><br>
> 1. I removed all of the previously installed packaged related to OAT.<br>
><br>
> 2. I followed the tutorial, until this command:<br>
><br>
> bash provisioner.sh<br>
><br>
> provisioner.sh: line 7: systemctl: command not found<br>
> ### ecStorage = NVRAM###<br>
> Performing TPM provisioning...FAILED<br>
> javax.xml.ws.WebServiceException: Failed to access the WSDL at:<br>
> <a href="https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor" target="_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor</a><br>
> yService?wsdl. It failed with:<br>
> Connection refused.<br>
> at<br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP<br>
> arser.java:162)<br>
> at<br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br>
> ava:144)<br>
> at<br>
> com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav<br>
> a:265)<br>
> at<br>
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)<br>
> at<br>
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)<br>
> at<br>
><br>
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104<br>
> )<br>
> at javax.xml.ws.Service.<init>(Service.java:77)<br>
> at<br>
><br>
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebSer<br>
><br>
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryServiceServi<br>
> ce.java:42)<br>
> at<br>
><br>
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebSer<br>
> vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli<br>
> entInvoker.java:32)<br>
> at<br>
> gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)<br>
> Caused by: java.net.ConnectException: Connection refused<br>
> at java.net.PlainSocketImpl.socketConnect(Native Method)<br>
> at<br>
><br>
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339<br>
> )<br>
> at<br>
><br>
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.j<br>
> ava:200)<br>
> at<br>
> java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)<br>
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)<br>
> at java.net.Socket.connect(Socket.java:579)<br>
> at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)<br>
> at<br>
> sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)<br>
> at sun.net.NetworkClient.doConnect(NetworkClient.java:180)<br>
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)<br>
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)<br>
> at<br>
> sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)<br>
> at<br>
> sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)<br>
> at<br>
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt<br>
> tpClient(AbstractDelegateHttpsURLConnection.java:191)<br>
> at<br>
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec<br>
> tion.java:932)<br>
> at<br>
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A<br>
> bstractDelegateHttpsURLConnection.java:177)<br>
> at<br>
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn<br>
> ection.java:1300)<br>
> at<br>
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU<br>
> RLConnectionImpl.java:254)<br>
> at java.net.URL.openStream(URL.java:1037)<br>
> at<br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD<br>
> LParser.java:804)<br>
> at<br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL<br>
> Parser.java:262)<br>
> at<br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br>
> ava:129)<br>
> ... 8 more<br>
> Failed to initialize the TPM, error 1<br>
> Performing HIS identity provisioning...FAILED<br>
> gov.niarl.his.privacyca.TpmModule$TpmModuleException:<br>
> TpmModule.getCredential returned nonzero error: 2()<br>
> at<br>
> gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)<br>
> at<br>
><br>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j<br>
ava:<br>
> 217)<br>
> Failed to receive AIC from Privacy CA, error 1<br>
> Registering identity with server...FAILED<br>
> java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file<br>
or<br>
> directory)<br>
> at java.io.FileInputStream.open(Native Method)<br>
> at java.io.FileInputStream.<init>(FileInputStream.java:146)<br>
> at java.io.FileInputStream.<init>(FileInputStream.java:101)<br>
> at<br>
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
> at<br>
><br>
</div></div><div class="im HOEnZb">gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99<br>
)<br>
> Failed to register identity with appraiser, error 1<br>
><br>
</div><div class="HOEnZb"><div class="h5">> Should I have updated anything else?<br>
><br>
> cheers,<br>
> /Nicolae.<br>
><br>
><br>
><br>
> On 1 November 2013 10:14, Wei, Gang <<a href="mailto:gang.wei@intel.com">gang.wei@intel.com</a>> wrote:<br>
><br>
><br>
> This is indeed an issue caused by the incompatibility between OAT<br>
tpm<br>
> access<br>
> code & tpm-tools(tpm_takeownership -z). It has already been fixed.<br>
> Please<br>
> follow below wiki and try again.<br>
><br>
<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>
> Recipe.<br>
><br>
> Thanks<br>
> Jimmy<br>
><br>
> Nicolae Paladi wrote on 2013-10-28:<br>
><br>
> > Hi, I've followed the recipe<br>
> ><br>
> (<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec</a><br>
><br>
> > i pe) but didn't get it to run yet; I think a step is missing --<br>
the AIK<br>
><br>
> > is not available is /usr/share/oat-client (it was not available in<br>
> > /var/lig/oat-appraiser/ClientFiles either); when I try to run<br>
> > provisioner.sh, I get the following: provisioner.sh: line 7:<br>
systemctl:<br>
> > command not found ### ecStorage = NVRAM### Performing TPM<br>
> > provisioning...710 DONE Successfully initialized TPM Performing<br>
HIS<br>
> > identity provisioning...FAILED java.util.NoSuchElementException<br>
> > at<br>
> java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>
> > at<br>
> ><br>
> gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21<br>
> > 5)<br>
> > at<br>
> ><br>
> gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29<br>
> > 2)<br>
> > at<br>
> ><br>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione<br>
><br>
> > r.java: 225) Failed to receive AIC from Privacy CA, error 1<br>
Registering<br>
><br>
> > identity with server...FAILED java.io.FileNotFoundException:<br>
> > /usr/share/oat-client/aik.cer (No such file or directory)<br>
> > at java.io.FileInputStream.open(Native Method)<br>
> > at<br>
java.io.FileInputStream.<init>(FileInputStream.java:137)<br>
> > at java.io.FileInputStream.<init>(FileInputStream.java:96)<br>
> > at<br>
> gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
> > at<br>
> ><br>
><br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9<br>
> 9<br>
> )<br>
> > Failed to register identity with appraiser, error 1<br>
> ><br>
> ><br>
> ><br>
> > Thanks,<br>
> > /Nicolae<br>
> ><br>
> ><br>
> > On 27 October 2013 22:55, Nicolae Paladi <<a href="mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>><br>
wrote:<br>
> ><br>
> ><br>
> > Awesome, thanks!<br>
> ><br>
> > I'll try this out in the morning<br>
> ><br>
> > /Nicolae<br>
> ><br>
> ><br>
> > On 27 October 2013 17:03, Wei, Gang <<a href="mailto:gang.wei@intel.com">gang.wei@intel.com</a>><br>
> wrote:<br>
> ><br>
> ><br>
> > Please refer to<br>
> ><br>
> ><br>
><br>
<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>
> > Recipe.<br>
> ><br>
> > Jimmy<br>
><br>
><br>
<br>
</div></div></blockquote></div><br></div>