<div dir="ltr">Hi,<div><br></div><div>just FYI, another detail:�</div><div>I was trying to build the latest version on a different host using the instructions from</div><div><a href="https://github.com/OpenAttestation/OpenAttestation/wiki/Build-and-Install-OpenAttestation-%282.0%29">https://github.com/OpenAttestation/OpenAttestation/wiki/Build-and-Install-OpenAttestation-%282.0%29</a><br>
</div><div><br></div><div>and also had some trouble there; right now the issue is that the TPM I have does not have an endorsement credential;</div><div>could this be an issue with the RHEL packages as well?</div><div><br>
</div><div>/Nicolae.</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 15 November 2013 16:31, Nicolae Paladi <span dir="ltr"><<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi,�</div><div><br></div><div>ok I understand that this may seem really strange now, but I have deployed this on a different, clear host with CentOS which has not had oat installed earlier; again both appraiser and client are on the same host.</div>
<div><br></div><div>The only think in the tomcat6 log is:</div><div><br></div><div>before invoke........................<br></div><div><br></div><div><br></div><div>Here's the error trace:</div><div><br></div><div>oat client attestation config � ...ok</div>
<div>oat client provisioner config � ...ok</div><div>oat client installation �...ok</div><div>oat appraiser hostname: <a href="http://beijing.sics.se" target="_blank">beijing.sics.se</a></div><div>### ecStorage = NVRAM###</div>
<div>Performing TPM provisioning...Error getting PubEK: gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.setCredential returned nonzero error: 2()</div><div class="im">
<div>DONE</div><div>Successfully initialized TPM</div><div>Performing HIS identity provisioning...FAILED</div></div><div class="im"><div>gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2()</div>
<div>� � � � at gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)</div></div><div>� � � � at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:217)</div><div class="im"><div>
Failed to receive AIC from Privacy CA, error 1</div>
<div>Registering identity with server...FAILED</div><div>java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory)</div><div>� � � � at java.io.FileInputStream.open(Native Method)</div></div>
<div>
� � � � at java.io.FileInputStream.<init>(FileInputStream.java:140)</div><div class="im"><div>� � � � at java.io.FileInputStream.<init>(FileInputStream.java:96)</div><div>� � � � at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)</div>
<div>� � � � at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99)</div><div>Failed to register identity with appraiser, error 1</div><div><br></div></div><div>Any ideas?..</div><div><br></div>
<div>Cheers,</div>
<div>/Nicolae</div><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On 15 November 2013 10:45, Wei, Gang <span dir="ltr"><<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So you will not see below error after copying the .cer & .jks again, right?<br>
<div><br>
### ecStorage = NVRAM###<br>
Performing TPM provisioning...FAILED<br>
javax.xml.ws.WebServiceException: Failed to access the WSDL at:<br>
<a href="https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactoryService?wsdl" target="_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactorySe<br>
rvice?wsdl</a>. It failed with:<br>
� � � � Connection refused.<br>
<br>
</div>As to below errors:<br>
<div><br>
Performing HIS identity provisioning...FAILED<br>
java.util.NoSuchElementException<br>
� � � � at java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>
� � � � at<br>
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215)<br>
� � � � at<br>
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:292)<br>
� � � � at<br>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j<br>
ava:225)<br>
Failed to receive AIC from Privacy CA, error 1<br>
Registering identity with server...FAILED<br>
java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file<br>
or directory)<br>
� � � � at java.io.FileInputStream.open(Native Method)<br>
� � � � at java.io.FileInputStream.<init>(FileInputStream.java:137)<br>
� � � � at java.io.FileInputStream.<init>(FileInputStream.java:96)<br>
� � � � at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
� � � � at<br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99<br>
</div><div>)<br>
Failed to register identity with appraiser, error 1<br>
<br>
</div>Missing of aik.cer is the subsequence of HIS identity provisioning failure.<br>
The key is:<br>
<div>java.util.NoSuchElementException<br>
� � � � at java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>
� � � � at<br>
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215)<br>
<br>
</div>Which is mostly caused by incorrect tpm owner auth. This is actually the<br>
issue occurred in your first try. So I doubt the oat-client rpm you<br>
reinstalled is still the old one in your local cache.<br>
<br>
Please try to uninstall oat-client, yum clean, then yum install oat-client,<br>
and then try again.<br>
<div><br>
Thanks<br>
Jimmy<br>
<br>
<br>
> -----Original Message-----<br>
> From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>]<br>
</div><div>> Sent: Friday, November 15, 2013 4:08 PM<br>
> To: Wei, Gang<br>
> Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
> Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
><br>
> Hi,<br>
><br>
</div><div><div>> I have done that and reran provisioner.sh with the same result.<br>
><br>
> As I understand, I am copying the files _PrivacyCA.cer_ and<br>
_TrustStore.jks_ to<br>
> /usr/share/oat-client,<br>
> while the java error complains about the missing file _aik.cer_, as<br>
follows:<br>
><br>
> java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file<br>
or<br>
> directory)<br>
> at java.io.FileInputStream.open(Native Method)<br>
> at java.io.FileInputStream.<init>(FileInputStream.java:146)<br>
> at java.io.FileInputStream.<init>(FileInputStream.java:101)<br>
> at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
> at<br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99<br>
)<br>
><br>
> is the file _aik.cer_ supposed to be generated at some point here?<br>
><br>
> Just to clarify, I am using CentOS 6.4, TruSerS and tpm-tools.<br>
><br>
> Cheers,<br>
> /Nicolae.<br>
><br>
><br>
><br>
> On 15 November 2013 03:23, Wei, Gang <<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>> wrote:<br>
><br>
><br>
> � � � So, just as what I suggested in last mail, please copy the files<br>
from server<br>
> to client again and run provisioner.sh:<br>
><br>
><br>
><br>
> � � � 1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to<br>
client.<br>
><br>
> � � � Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer<br>
> to :/usr/share/oat-client/<br>
><br>
> � � � Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks<br>
> to :/usr/share/oat-client/<br>
><br>
> � � � Notes: please repeat above steps in case you have re-deployed your<br>
oat<br>
> appraiser.<br>
><br>
><br>
><br>
> � � � Thanks<br>
><br>
> � � � Jimmy<br>
><br>
><br>
><br>
> � � � From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>]<br>
> � � � Sent: Thursday, November 14, 2013 6:30 PM<br>
><br>
><br>
> � � � To: Wei, Gang<br>
> � � � Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
> � � � Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
><br>
><br>
><br>
><br>
><br>
> � � � Hi,<br>
><br>
><br>
><br>
><br>
><br>
> � � � As far as I see, port 8443 is not occupied and tomcat6 is running:<br>
><br>
><br>
><br>
> � � � root@host /usr/share/oat-client/script # netstat -anp | grep 8443<br>
><br>
> � � � root@host /usr/share/oat-client/script # service tomcat6 status<br>
><br>
> � � � tomcat6 (pid 30950) is running... � � � � � � � � � � � � �[ �OK �]<br>
><br>
><br>
><br>
><br>
><br>
> � � � Also, just in case, I've checked if disabling iptables helps, and it<br>
doesn't;<br>
><br>
><br>
><br>
><br>
><br>
> � � � In the error trace, there is a line:<br>
><br>
> � � � java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No<br>
such file<br>
> or directory)<br>
><br>
><br>
><br>
> � � � and indeed, there is not file aik.cer at<br>
/usr/share/oat-client/aik.cer; when<br>
> is it supposed to<br>
><br>
> � � � be generated?<br>
><br>
><br>
><br>
> � � � cheers,<br>
><br>
> � � � /Nicolae<br>
><br>
><br>
><br>
><br>
><br>
> � � � On 14 November 2013 04:32, Wei, Gang <<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>> wrote:<br>
><br>
> � � � And you need to copy files from server to client before you try to<br>
run<br>
> � � � provisioner.sh every time you run OAT_configure.sh again.<br>
><br>
> � � � Jimmy<br>
><br>
><br>
><br>
> � � � > -----Original Message-----<br>
> � � � > From: Wei, Gang<br>
> � � � > Sent: Thursday, November 14, 2013 11:26 AM<br>
> � � � > To: Nicolae Paladi<br>
> � � � > Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>; Wei, Gang<br>
> � � � > Subject: RE: [Users] Trusted Pools and CentOS 6 packages<br>
> � � � ><br>
> � � � > Can you try netstat -anp | grep 8443? Maybe it is occupied by<br>
apache.<br>
> � � � ><br>
> � � � > Meanwhile check whether tomcat is up.<br>
> � � � ><br>
> � � � > Jimmy<br>
> � � � ><br>
> � � � ><br>
> � � � > > -----Original Message-----<br>
> � � � > > From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>]<br>
> � � � > > Sent: Wednesday, November 13, 2013 10:43 PM<br>
> � � � > > To: Wei, Gang<br>
> � � � > > Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
> � � � > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
> � � � > ><br>
> � � � > > Hi,<br>
> � � � > ><br>
> � � � > > I am using port 8443, since no other process -- as far as I know<br>
-- is<br>
> � � � > using it;<br>
> � � � > ><br>
> � � � > > below you will find all of the requested configuration files:<br>
> � � � > ><br>
> � � � > > Contents of /etc/oat_client/*:<br>
> � � � > > log4j.properties: <a href="http://pastebin.com/MQLM68vs" target="_blank">http://pastebin.com/MQLM68vs</a><br>
> � � � > > OAT.properties: <a href="http://pastebin.com/LwHihxah" target="_blank">http://pastebin.com/LwHihxah</a><br>
> � � � > > OATprovisioner.properties: <a href="http://pastebin.com/0x5TShtZ" target="_blank">http://pastebin.com/0x5TShtZ</a><br>
> � � � > > TPMModule.properties: <a href="http://pastebin.com/hvw9gfRE" target="_blank">http://pastebin.com/hvw9gfRE</a><br>
> � � � > ><br>
> � � � > ><br>
> � � � > > server.xml: <a href="http://pastebin.com/VZ9Vk6iC" target="_blank">http://pastebin.com/VZ9Vk6iC</a><br>
> � � � > > OAT_client.sh: <a href="http://pastebin.com/St4yCGcF" target="_blank">http://pastebin.com/St4yCGcF</a><br>
> � � � > ><br>
> � � � > > provisioner.sh: <a href="http://pastebin.com/RedqQt8V" target="_blank">http://pastebin.com/RedqQt8V</a><br>
> � � � > ><br>
> � � � > ><br>
> � � � > > cheers,<br>
> � � � > > /Nicolae.<br>
> � � � > ><br>
> � � � > ><br>
> � � � > > On 13 November 2013 14:47, Wei, Gang <<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>><br>
> wrote:<br>
> � � � > ><br>
> � � � > ><br>
> � � � > > � � This time it failed earlier. Looks like the PCA webservice2<br>
was not<br>
> � � � > > � � listening on 8443 port. Have you replaced the port 8443 with<br>
> 8442 in<br>
> � � � > > server<br>
> � � � > > � � side ($TOMCAT_HOME/conf/server.xml) but not change it in<br>
> client side<br>
> � � � > > � � (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443<br>
port is<br>
> � � � > occupied<br>
> � � � > > � � by another app?<br>
> � � � > ><br>
> � � � > > � � Please copy the content from your current server.xml,<br>
> OAT_client.sh,<br>
> � � � > > � � provisioner.sh and /etc/oat-client/* into the content of<br>
your reply<br>
> � � � > for<br>
> � � � > > � � analysis. (don't attach *.sh as attachments, that will get<br>
filtered<br>
> � � � > by my<br>
> � � � > > � � company's mailing system).<br>
> � � � > ><br>
> � � � > > � � Thanks<br>
> � � � > > � � Jimmy<br>
> � � � > ><br>
> � � � > ><br>
> � � � > ><br>
> � � � > > � � > -----Original Message-----<br>
> � � � > > � � > From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>]<br>
> � � � > > � � > Sent: Wednesday, November 13, 2013 7:01 PM<br>
> � � � > > � � > To: Wei, Gang<br>
> � � � > > � � > Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
> � � � > > � � > Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � > > � � > Hi,<br>
> � � � > > � � ><br>
> � � � > > � � > thank you for the feedback;<br>
> � � � > > � � > I've gone through the steps again, but obtained the<br>
exactly<br>
> same<br>
> � � � > > problem:<br>
> � � � > > � � ><br>
> � � � > > � � > 1. I removed all of the previously installed packaged<br>
related to<br>
> � � � > OAT.<br>
> � � � > > � � ><br>
> � � � > > � � > 2. I followed the tutorial, until this command:<br>
> � � � > > � � ><br>
> � � � > > � � > bash provisioner.sh<br>
> � � � > > � � ><br>
> � � � > > � � > provisioner.sh: line 7: systemctl: command not found<br>
> � � � > > � � > ### ecStorage = NVRAM###<br>
> � � � > > � � > Performing TPM provisioning...FAILED<br>
> � � � > > � � > javax.xml.ws.WebServiceException: Failed to access the<br>
WSDL<br>
> at:<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> <a href="https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor" target="_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor</a><br>
> � � � > > � � > yService?wsdl. It failed with:<br>
> � � � > > � � > � � � � Connection refused.<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP<br>
> � � � > > � � > arser.java:162)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br>
> � � � > > � � > ava:144)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav<br>
> � � � > > � � > a:265)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav<br>
> � � � > > a:104<br>
> � � � > > � � > )<br>
> � � � > > � � > � � � � at javax.xml.ws.Service.<init>(Service.java:77)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe<br>
> � � � > > bSer<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService<br>
> � � � > > Servi<br>
> � � � > > � � > ce.java:42)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe<br>
> � � � > > bSer<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli<br>
> � � � > > � � > entInvoker.java:32)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
><br>
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:20<br>
> 5)<br>
> � � � > > � � > Caused by: java.net.ConnectException: Connection refused<br>
> � � � > > � � > � � � � at java.net.PlainSocketImpl.socketConnect(Native<br>
> Method)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav<br>
> � � � > > a:339<br>
> � � � > > � � > )<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI<br>
> � � � > > mpl.j<br>
> � � � > > � � > ava:200)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
><br>
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:1<br>
> 82)<br>
> � � � > > � � > � � � � at<br>
> � � � > > java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)<br>
> � � � > > � � > � � � � at java.net.Socket.connect(Socket.java:579)<br>
> � � � > > � � > � � � � at<br>
> � � � > > sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)<br>
> � � � > > � � > � � � � at<br>
> sun.net.NetworkClient.doConnect(NetworkClient.java:180)<br>
> � � � > > � � > � � � � at<br>
> � � � > > sun.net.www.http.HttpClient.openServer(HttpClient.java:432)<br>
> � � � > > � � > � � � � at<br>
> � � � > > sun.net.www.http.HttpClient.openServer(HttpClient.java:527)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � ><br>
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt<br>
> � � � > > � � > tpClient(AbstractDelegateHttpsURLConnection.java:191)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec<br>
> � � � > > � � > tion.java:932)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A<br>
> � � � > > � � > bstractDelegateHttpsURLConnection.java:177)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn<br>
> � � � > > � � > ection.java:1300)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU<br>
> � � � > > � � > RLConnectionImpl.java:254)<br>
> � � � > > � � > � � � � at java.net.URL.openStream(URL.java:1037)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD<br>
> � � � > > � � > LParser.java:804)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL<br>
> � � � > > � � > Parser.java:262)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br>
> � � � > > � � > ava:129)<br>
> � � � > > � � > � � � � ... 8 more<br>
> � � � > > � � > Failed to initialize the TPM, error 1<br>
> � � � > > � � > Performing HIS identity provisioning...FAILED<br>
> � � � > > � � > gov.niarl.his.privacyca.TpmModule$TpmModuleException:<br>
> � � � > > � � > TpmModule.getCredential returned nonzero error: 2()<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � ><br>
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
><br>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j<br>
> � � � > > � � ava:<br>
> � � � > > � � > 217)<br>
> � � � > > � � > Failed to receive AIC from Privacy CA, error 1<br>
> � � � > > � � > Registering identity with server...FAILED<br>
> � � � > > � � > java.io.FileNotFoundException:<br>
/usr/share/oat-client/aik.cer<br>
> (No<br>
> � � � > such file<br>
> � � � > > � � or<br>
> � � � > > � � > directory)<br>
> � � � > > � � > � � � � at java.io.FileInputStream.open(Native Method)<br>
> � � � > > � � > � � � � at<br>
> � � � > java.io.FileInputStream.<init>(FileInputStream.java:146)<br>
> � � � > > � � > � � � � at<br>
> � � � > java.io.FileInputStream.<init>(FileInputStream.java:101)<br>
> � � � > > � � > � � � � at<br>
> � � � > ><br>
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
> � � � > > � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � > ><br>
> � � � ><br>
><br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9<br>
> � � � > > 9<br>
> � � � > > � � )<br>
> � � � > > � � > Failed to register identity with appraiser, error 1<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � > > � � > Should I have updated anything else?<br>
> � � � > > � � ><br>
> � � � > > � � > cheers,<br>
> � � � > > � � > /Nicolae.<br>
> � � � > > � � ><br>
> � � � > > � � ><br>
> � � � > > � � ><br>
> � � � > > � � > On 1 November 2013 10:14, Wei, Gang <<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>><br>
> wrote:<br>
> � � � > > � � ><br>
> � � � > > � � ><br>
> � � � > > � � > � � � This is indeed an issue caused by the<br>
incompatibility<br>
> � � � > between<br>
> � � � > > OAT<br>
> � � � > > � � tpm<br>
> � � � > > � � > access<br>
> � � � > > � � > � � � code & tpm-tools(tpm_takeownership -z). It has<br>
> already been<br>
> � � � > > fixed.<br>
> � � � > > � � > Please<br>
> � � � > > � � > � � � follow below wiki and try again.<br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> <a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>
> � � � > > � � > Recipe.<br>
> � � � > > � � ><br>
> � � � > > � � > � � � Thanks<br>
> � � � > > � � > � � � Jimmy<br>
> � � � > > � � ><br>
> � � � > > � � > � � � Nicolae Paladi wrote on 2013-10-28:<br>
> � � � > > � � ><br>
> � � � > > � � > � � � > Hi, I've followed the recipe<br>
> � � � > > � � > � � � ><br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> (<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec</a><br>
> � � � > > � � ><br>
> � � � > > � � > � � � > i pe) but didn't get it to run yet; I think a step<br>
is<br>
> � � � > missing --<br>
> � � � > > � � the AIK<br>
> � � � > > � � ><br>
> � � � > > � � > � � � > is not available is /usr/share/oat-client (it was<br>
not<br>
> � � � > available in<br>
> � � � > > � � > � � � > /var/lig/oat-appraiser/ClientFiles either); when I<br>
try<br>
> to<br>
> � � � > run<br>
> � � � > > � � > � � � > provisioner.sh, I get the following:<br>
provisioner.sh: line<br>
> � � � > 7:<br>
> � � � > > � � systemctl:<br>
> � � � > > � � > � � � > command not found ### ecStorage = NVRAM###<br>
> Performing<br>
> � � � > > TPM<br>
> � � � > > � � > � � � > provisioning...710 DONE Successfully initialized<br>
TPM<br>
> � � � > > Performing<br>
> � � � > > � � HIS<br>
> � � � > > � � > � � � > identity provisioning...FAILED<br>
> � � � > > java.util.NoSuchElementException<br>
> � � � > > � � > � � � > � � � � at<br>
> � � � > > � � ><br>
java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>
> � � � > > � � > � � � > � � � � at<br>
> � � � > > � � > � � � ><br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21<br>
> � � � > > � � > � � � > 5)<br>
> � � � > > � � > � � � > � � � � at<br>
> � � � > > � � > � � � ><br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29<br>
> � � � > > � � > � � � > 2)<br>
> � � � > > � � > � � � > � � � � at<br>
> � � � > > � � > � � � ><br>
> � � � > ><br>
> � � � ><br>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione<br>
> � � � > > � � ><br>
> � � � > > � � > � � � > r.java: 225) Failed to receive AIC from Privacy<br>
CA,<br>
> error<br>
> � � � > 1<br>
> � � � > > � � Registering<br>
> � � � > > � � ><br>
> � � � > > � � > � � � > identity with server...FAILED<br>
> � � � > java.io.FileNotFoundException:<br>
> � � � > > � � > � � � > /usr/share/oat-client/aik.cer (No such file or<br>
> directory)<br>
> � � � > > � � > � � � > � � � � at java.io.FileInputStream.open(Native<br>
> Method)<br>
> � � � > > � � > � � � > � � � � at<br>
> � � � > > � � java.io.FileInputStream.<init>(FileInputStream.java:137)<br>
> � � � > > � � > � � � > � � � � at<br>
> � � � > > java.io.FileInputStream.<init>(FileInputStream.java:96)<br>
> � � � > > � � > � � � > � � � � at<br>
> � � � > > � � ><br>
> � � � > gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
> � � � > > � � > � � � > � � � � at<br>
> � � � > > � � > � � � ><br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
><br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9<br>
> � � � > > � � > 9<br>
> � � � > > � � > � � � )<br>
> � � � > > � � > � � � > Failed to register identity with appraiser, error<br>
1<br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � > Thanks,<br>
> � � � > > � � > � � � > /Nicolae<br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � > On 27 October 2013 22:55, Nicolae Paladi<br>
> � � � > > <<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>><br>
> � � � > > � � wrote:<br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � > � � � Awesome, thanks!<br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � > � � � I'll try this out in the morning<br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � > � � � /Nicolae<br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � > � � � On 27 October 2013 17:03, Wei, Gang<br>
> � � � > > <<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>><br>
> � � � > > � � > wrote:<br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � > � � � � � � � Please refer to<br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � ><br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � ><br>
> <a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>
> � � � > > � � > � � � > Recipe.<br>
> � � � > > � � > � � � ><br>
> � � � > > � � > � � � > � � � � � � � Jimmy<br>
> � � � > > � � ><br>
> � � � > > � � ><br>
> � � � > ><br>
> � � � > ><br>
> � � � > ><br>
><br>
><br>
><br>
<br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>