<div dir="ltr">Hi,<div><br></div><div>just FYI, another detail: </div><div>I was trying to build the latest version on a different host using the instructions from</div><div><a href="https://github.com/OpenAttestation/OpenAttestation/wiki/Build-and-Install-OpenAttestation-%282.0%29">https://github.com/OpenAttestation/OpenAttestation/wiki/Build-and-Install-OpenAttestation-%282.0%29</a><br>
</div><div><br></div><div>and also had some trouble there; right now the issue is that the TPM I have does not have an endorsement credential;</div><div>could this be an issue with the RHEL packages as well?</div><div><br>
</div><div>/Nicolae.</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 15 November 2013 16:31, Nicolae Paladi <span dir="ltr"><<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi, </div><div><br></div><div>ok I understand that this may seem really strange now, but I have deployed this on a different, clear host with CentOS which has not had oat installed earlier; again both appraiser and client are on the same host.</div>
<div><br></div><div>The only think in the tomcat6 log is:</div><div><br></div><div>before invoke........................<br></div><div><br></div><div><br></div><div>Here's the error trace:</div><div><br></div><div>oat client attestation config ...ok</div>
<div>oat client provisioner config ...ok</div><div>oat client installation ...ok</div><div>oat appraiser hostname: <a href="http://beijing.sics.se" target="_blank">beijing.sics.se</a></div><div>### ecStorage = NVRAM###</div>
<div>Performing TPM provisioning...Error getting PubEK: gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.setCredential returned nonzero error: 2()</div><div class="im">
<div>DONE</div><div>Successfully initialized TPM</div><div>Performing HIS identity provisioning...FAILED</div></div><div class="im"><div>gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2()</div>
<div> at gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)</div></div><div> at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:217)</div><div class="im"><div>
Failed to receive AIC from Privacy CA, error 1</div>
<div>Registering identity with server...FAILED</div><div>java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory)</div><div> at java.io.FileInputStream.open(Native Method)</div></div>
<div>
at java.io.FileInputStream.<init>(FileInputStream.java:140)</div><div class="im"><div> at java.io.FileInputStream.<init>(FileInputStream.java:96)</div><div> at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)</div>
<div> at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99)</div><div>Failed to register identity with appraiser, error 1</div><div><br></div></div><div>Any ideas?..</div><div><br></div>
<div>Cheers,</div>
<div>/Nicolae</div><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On 15 November 2013 10:45, Wei, Gang <span dir="ltr"><<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So you will not see below error after copying the .cer & .jks again, right?<br>
<div><br>
### ecStorage = NVRAM###<br>
Performing TPM provisioning...FAILED<br>
javax.xml.ws.WebServiceException: Failed to access the WSDL at:<br>
<a href="https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactoryService?wsdl" target="_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactorySe<br>
rvice?wsdl</a>. It failed with:<br>
Connection refused.<br>
<br>
</div>As to below errors:<br>
<div><br>
Performing HIS identity provisioning...FAILED<br>
java.util.NoSuchElementException<br>
at java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>
at<br>
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215)<br>
at<br>
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:292)<br>
at<br>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j<br>
ava:225)<br>
Failed to receive AIC from Privacy CA, error 1<br>
Registering identity with server...FAILED<br>
java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file<br>
or directory)<br>
at java.io.FileInputStream.open(Native Method)<br>
at java.io.FileInputStream.<init>(FileInputStream.java:137)<br>
at java.io.FileInputStream.<init>(FileInputStream.java:96)<br>
at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
at<br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99<br>
</div><div>)<br>
Failed to register identity with appraiser, error 1<br>
<br>
</div>Missing of aik.cer is the subsequence of HIS identity provisioning failure.<br>
The key is:<br>
<div>java.util.NoSuchElementException<br>
at java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>
at<br>
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215)<br>
<br>
</div>Which is mostly caused by incorrect tpm owner auth. This is actually the<br>
issue occurred in your first try. So I doubt the oat-client rpm you<br>
reinstalled is still the old one in your local cache.<br>
<br>
Please try to uninstall oat-client, yum clean, then yum install oat-client,<br>
and then try again.<br>
<div><br>
Thanks<br>
Jimmy<br>
<br>
<br>
> -----Original Message-----<br>
> From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>]<br>
</div><div>> Sent: Friday, November 15, 2013 4:08 PM<br>
> To: Wei, Gang<br>
> Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
> Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
><br>
> Hi,<br>
><br>
</div><div><div>> I have done that and reran provisioner.sh with the same result.<br>
><br>
> As I understand, I am copying the files _PrivacyCA.cer_ and<br>
_TrustStore.jks_ to<br>
> /usr/share/oat-client,<br>
> while the java error complains about the missing file _aik.cer_, as<br>
follows:<br>
><br>
> java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file<br>
or<br>
> directory)<br>
> at java.io.FileInputStream.open(Native Method)<br>
> at java.io.FileInputStream.<init>(FileInputStream.java:146)<br>
> at java.io.FileInputStream.<init>(FileInputStream.java:101)<br>
> at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
> at<br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99<br>
)<br>
><br>
> is the file _aik.cer_ supposed to be generated at some point here?<br>
><br>
> Just to clarify, I am using CentOS 6.4, TruSerS and tpm-tools.<br>
><br>
> Cheers,<br>
> /Nicolae.<br>
><br>
><br>
><br>
> On 15 November 2013 03:23, Wei, Gang <<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>> wrote:<br>
><br>
><br>
> So, just as what I suggested in last mail, please copy the files<br>
from server<br>
> to client again and run provisioner.sh:<br>
><br>
><br>
><br>
> 1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to<br>
client.<br>
><br>
> Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer<br>
> to :/usr/share/oat-client/<br>
><br>
> Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks<br>
> to :/usr/share/oat-client/<br>
><br>
> Notes: please repeat above steps in case you have re-deployed your<br>
oat<br>
> appraiser.<br>
><br>
><br>
><br>
> Thanks<br>
><br>
> Jimmy<br>
><br>
><br>
><br>
> From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>]<br>
> Sent: Thursday, November 14, 2013 6:30 PM<br>
><br>
><br>
> To: Wei, Gang<br>
> Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
> Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
><br>
><br>
><br>
><br>
><br>
> Hi,<br>
><br>
><br>
><br>
><br>
><br>
> As far as I see, port 8443 is not occupied and tomcat6 is running:<br>
><br>
><br>
><br>
> root@host /usr/share/oat-client/script # netstat -anp | grep 8443<br>
><br>
> root@host /usr/share/oat-client/script # service tomcat6 status<br>
><br>
> tomcat6 (pid 30950) is running... [ OK ]<br>
><br>
><br>
><br>
><br>
><br>
> Also, just in case, I've checked if disabling iptables helps, and it<br>
doesn't;<br>
><br>
><br>
><br>
><br>
><br>
> In the error trace, there is a line:<br>
><br>
> java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No<br>
such file<br>
> or directory)<br>
><br>
><br>
><br>
> and indeed, there is not file aik.cer at<br>
/usr/share/oat-client/aik.cer; when<br>
> is it supposed to<br>
><br>
> be generated?<br>
><br>
><br>
><br>
> cheers,<br>
><br>
> /Nicolae<br>
><br>
><br>
><br>
><br>
><br>
> On 14 November 2013 04:32, Wei, Gang <<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>> wrote:<br>
><br>
> And you need to copy files from server to client before you try to<br>
run<br>
> provisioner.sh every time you run OAT_configure.sh again.<br>
><br>
> Jimmy<br>
><br>
><br>
><br>
> > -----Original Message-----<br>
> > From: Wei, Gang<br>
> > Sent: Thursday, November 14, 2013 11:26 AM<br>
> > To: Nicolae Paladi<br>
> > Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>; Wei, Gang<br>
> > Subject: RE: [Users] Trusted Pools and CentOS 6 packages<br>
> ><br>
> > Can you try netstat -anp | grep 8443? Maybe it is occupied by<br>
apache.<br>
> ><br>
> > Meanwhile check whether tomcat is up.<br>
> ><br>
> > Jimmy<br>
> ><br>
> ><br>
> > > -----Original Message-----<br>
> > > From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>]<br>
> > > Sent: Wednesday, November 13, 2013 10:43 PM<br>
> > > To: Wei, Gang<br>
> > > Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
> > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
> > ><br>
> > > Hi,<br>
> > ><br>
> > > I am using port 8443, since no other process -- as far as I know<br>
-- is<br>
> > using it;<br>
> > ><br>
> > > below you will find all of the requested configuration files:<br>
> > ><br>
> > > Contents of /etc/oat_client/*:<br>
> > > log4j.properties: <a href="http://pastebin.com/MQLM68vs" target="_blank">http://pastebin.com/MQLM68vs</a><br>
> > > OAT.properties: <a href="http://pastebin.com/LwHihxah" target="_blank">http://pastebin.com/LwHihxah</a><br>
> > > OATprovisioner.properties: <a href="http://pastebin.com/0x5TShtZ" target="_blank">http://pastebin.com/0x5TShtZ</a><br>
> > > TPMModule.properties: <a href="http://pastebin.com/hvw9gfRE" target="_blank">http://pastebin.com/hvw9gfRE</a><br>
> > ><br>
> > ><br>
> > > server.xml: <a href="http://pastebin.com/VZ9Vk6iC" target="_blank">http://pastebin.com/VZ9Vk6iC</a><br>
> > > OAT_client.sh: <a href="http://pastebin.com/St4yCGcF" target="_blank">http://pastebin.com/St4yCGcF</a><br>
> > ><br>
> > > provisioner.sh: <a href="http://pastebin.com/RedqQt8V" target="_blank">http://pastebin.com/RedqQt8V</a><br>
> > ><br>
> > ><br>
> > > cheers,<br>
> > > /Nicolae.<br>
> > ><br>
> > ><br>
> > > On 13 November 2013 14:47, Wei, Gang <<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>><br>
> wrote:<br>
> > ><br>
> > ><br>
> > > This time it failed earlier. Looks like the PCA webservice2<br>
was not<br>
> > > listening on 8443 port. Have you replaced the port 8443 with<br>
> 8442 in<br>
> > > server<br>
> > > side ($TOMCAT_HOME/conf/server.xml) but not change it in<br>
> client side<br>
> > > (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443<br>
port is<br>
> > occupied<br>
> > > by another app?<br>
> > ><br>
> > > Please copy the content from your current server.xml,<br>
> OAT_client.sh,<br>
> > > provisioner.sh and /etc/oat-client/* into the content of<br>
your reply<br>
> > for<br>
> > > analysis. (don't attach *.sh as attachments, that will get<br>
filtered<br>
> > by my<br>
> > > company's mailing system).<br>
> > ><br>
> > > Thanks<br>
> > > Jimmy<br>
> > ><br>
> > ><br>
> > ><br>
> > > > -----Original Message-----<br>
> > > > From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>]<br>
> > > > Sent: Wednesday, November 13, 2013 7:01 PM<br>
> > > > To: Wei, Gang<br>
> > > > Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
> > > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
> > > ><br>
> > ><br>
> > > > Hi,<br>
> > > ><br>
> > > > thank you for the feedback;<br>
> > > > I've gone through the steps again, but obtained the<br>
exactly<br>
> same<br>
> > > problem:<br>
> > > ><br>
> > > > 1. I removed all of the previously installed packaged<br>
related to<br>
> > OAT.<br>
> > > ><br>
> > > > 2. I followed the tutorial, until this command:<br>
> > > ><br>
> > > > bash provisioner.sh<br>
> > > ><br>
> > > > provisioner.sh: line 7: systemctl: command not found<br>
> > > > ### ecStorage = NVRAM###<br>
> > > > Performing TPM provisioning...FAILED<br>
> > > > javax.xml.ws.WebServiceException: Failed to access the<br>
WSDL<br>
> at:<br>
> > > ><br>
> > ><br>
> ><br>
> <a href="https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor" target="_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor</a><br>
> > > > yService?wsdl. It failed with:<br>
> > > > Connection refused.<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP<br>
> > > > arser.java:162)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br>
> > > > ava:144)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav<br>
> > > > a:265)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav<br>
> > > a:104<br>
> > > > )<br>
> > > > at javax.xml.ws.Service.<init>(Service.java:77)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe<br>
> > > bSer<br>
> > > ><br>
> > ><br>
> ><br>
> vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService<br>
> > > Servi<br>
> > > > ce.java:42)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe<br>
> > > bSer<br>
> > > ><br>
> > ><br>
> ><br>
> vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli<br>
> > > > entInvoker.java:32)<br>
> > > > at<br>
> > > ><br>
> > ><br>
><br>
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:20<br>
> 5)<br>
> > > > Caused by: java.net.ConnectException: Connection refused<br>
> > > > at java.net.PlainSocketImpl.socketConnect(Native<br>
> Method)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav<br>
> > > a:339<br>
> > > > )<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI<br>
> > > mpl.j<br>
> > > > ava:200)<br>
> > > > at<br>
> > > ><br>
> > ><br>
><br>
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:1<br>
> 82)<br>
> > > > at<br>
> > > java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)<br>
> > > > at java.net.Socket.connect(Socket.java:579)<br>
> > > > at<br>
> > > sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)<br>
> > > > at<br>
> sun.net.NetworkClient.doConnect(NetworkClient.java:180)<br>
> > > > at<br>
> > > sun.net.www.http.HttpClient.openServer(HttpClient.java:432)<br>
> > > > at<br>
> > > sun.net.www.http.HttpClient.openServer(HttpClient.java:527)<br>
> > > > at<br>
> > > ><br>
> ><br>
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)<br>
> > > > at<br>
> > > ><br>
> sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt<br>
> > > > tpClient(AbstractDelegateHttpsURLConnection.java:191)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec<br>
> > > > tion.java:932)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A<br>
> > > > bstractDelegateHttpsURLConnection.java:177)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn<br>
> > > > ection.java:1300)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU<br>
> > > > RLConnectionImpl.java:254)<br>
> > > > at java.net.URL.openStream(URL.java:1037)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD<br>
> > > > LParser.java:804)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL<br>
> > > > Parser.java:262)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br>
> > > > ava:129)<br>
> > > > ... 8 more<br>
> > > > Failed to initialize the TPM, error 1<br>
> > > > Performing HIS identity provisioning...FAILED<br>
> > > > gov.niarl.his.privacyca.TpmModule$TpmModuleException:<br>
> > > > TpmModule.getCredential returned nonzero error: 2()<br>
> > > > at<br>
> > > ><br>
> ><br>
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> ><br>
><br>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j<br>
> > > ava:<br>
> > > > 217)<br>
> > > > Failed to receive AIC from Privacy CA, error 1<br>
> > > > Registering identity with server...FAILED<br>
> > > > java.io.FileNotFoundException:<br>
/usr/share/oat-client/aik.cer<br>
> (No<br>
> > such file<br>
> > > or<br>
> > > > directory)<br>
> > > > at java.io.FileInputStream.open(Native Method)<br>
> > > > at<br>
> > java.io.FileInputStream.<init>(FileInputStream.java:146)<br>
> > > > at<br>
> > java.io.FileInputStream.<init>(FileInputStream.java:101)<br>
> > > > at<br>
> > ><br>
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
> > > > at<br>
> > > ><br>
> > ><br>
> > ><br>
> ><br>
><br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9<br>
> > > 9<br>
> > > )<br>
> > > > Failed to register identity with appraiser, error 1<br>
> > > ><br>
> > ><br>
> > > > Should I have updated anything else?<br>
> > > ><br>
> > > > cheers,<br>
> > > > /Nicolae.<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > On 1 November 2013 10:14, Wei, Gang <<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>><br>
> wrote:<br>
> > > ><br>
> > > ><br>
> > > > This is indeed an issue caused by the<br>
incompatibility<br>
> > between<br>
> > > OAT<br>
> > > tpm<br>
> > > > access<br>
> > > > code & tpm-tools(tpm_takeownership -z). It has<br>
> already been<br>
> > > fixed.<br>
> > > > Please<br>
> > > > follow below wiki and try again.<br>
> > > ><br>
> > ><br>
> ><br>
> <a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>
> > > > Recipe.<br>
> > > ><br>
> > > > Thanks<br>
> > > > Jimmy<br>
> > > ><br>
> > > > Nicolae Paladi wrote on 2013-10-28:<br>
> > > ><br>
> > > > > Hi, I've followed the recipe<br>
> > > > ><br>
> > > ><br>
> > ><br>
> ><br>
> (<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec</a><br>
> > > ><br>
> > > > > i pe) but didn't get it to run yet; I think a step<br>
is<br>
> > missing --<br>
> > > the AIK<br>
> > > ><br>
> > > > > is not available is /usr/share/oat-client (it was<br>
not<br>
> > available in<br>
> > > > > /var/lig/oat-appraiser/ClientFiles either); when I<br>
try<br>
> to<br>
> > run<br>
> > > > > provisioner.sh, I get the following:<br>
provisioner.sh: line<br>
> > 7:<br>
> > > systemctl:<br>
> > > > > command not found ### ecStorage = NVRAM###<br>
> Performing<br>
> > > TPM<br>
> > > > > provisioning...710 DONE Successfully initialized<br>
TPM<br>
> > > Performing<br>
> > > HIS<br>
> > > > > identity provisioning...FAILED<br>
> > > java.util.NoSuchElementException<br>
> > > > > at<br>
> > > ><br>
java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>
> > > > > at<br>
> > > > ><br>
> > > ><br>
> > ><br>
> ><br>
> gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21<br>
> > > > > 5)<br>
> > > > > at<br>
> > > > ><br>
> > > ><br>
> > ><br>
> ><br>
> gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29<br>
> > > > > 2)<br>
> > > > > at<br>
> > > > ><br>
> > ><br>
> ><br>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione<br>
> > > ><br>
> > > > > r.java: 225) Failed to receive AIC from Privacy<br>
CA,<br>
> error<br>
> > 1<br>
> > > Registering<br>
> > > ><br>
> > > > > identity with server...FAILED<br>
> > java.io.FileNotFoundException:<br>
> > > > > /usr/share/oat-client/aik.cer (No such file or<br>
> directory)<br>
> > > > > at java.io.FileInputStream.open(Native<br>
> Method)<br>
> > > > > at<br>
> > > java.io.FileInputStream.<init>(FileInputStream.java:137)<br>
> > > > > at<br>
> > > java.io.FileInputStream.<init>(FileInputStream.java:96)<br>
> > > > > at<br>
> > > ><br>
> > gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
> > > > > at<br>
> > > > ><br>
> > > ><br>
> > ><br>
> ><br>
><br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9<br>
> > > > 9<br>
> > > > )<br>
> > > > > Failed to register identity with appraiser, error<br>
1<br>
> > > > ><br>
> > > > ><br>
> > > > ><br>
> > > > > Thanks,<br>
> > > > > /Nicolae<br>
> > > > ><br>
> > > > ><br>
> > > > > On 27 October 2013 22:55, Nicolae Paladi<br>
> > > <<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>><br>
> > > wrote:<br>
> > > > ><br>
> > > > ><br>
> > > > > Awesome, thanks!<br>
> > > > ><br>
> > > > > I'll try this out in the morning<br>
> > > > ><br>
> > > > > /Nicolae<br>
> > > > ><br>
> > > > ><br>
> > > > > On 27 October 2013 17:03, Wei, Gang<br>
> > > <<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>><br>
> > > > wrote:<br>
> > > > ><br>
> > > > ><br>
> > > > > Please refer to<br>
> > > > ><br>
> > > > ><br>
> > > ><br>
> > ><br>
> ><br>
> <a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>
> > > > > Recipe.<br>
> > > > ><br>
> > > > > Jimmy<br>
> > > ><br>
> > > ><br>
> > ><br>
> > ><br>
> > ><br>
><br>
><br>
><br>
<br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>