<div dir="ltr">Hi,<div><br></div><div>just FYI, another detail: </div><div>I was trying to build the latest version on a different host using the instructions from</div><div><a href="https://github.com/OpenAttestation/OpenAttestation/wiki/Build-and-Install-OpenAttestation-%282.0%29">https://github.com/OpenAttestation/OpenAttestation/wiki/Build-and-Install-OpenAttestation-%282.0%29</a><br>
</div><div><br></div><div>and also had some trouble there; right now the issue is that the TPM I have does not have an endorsement credential;</div><div>could this be an issue with the RHEL packages as well?</div><div><br>
</div><div>/Nicolae.</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 15 November 2013 16:31, Nicolae Paladi <span dir="ltr">&lt;<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi, </div><div><br></div><div>ok I understand that this may seem really strange now, but I have deployed this on a different, clear host with CentOS which has not had oat installed earlier; again both appraiser and client are on the same host.</div>

<div><br></div><div>The only think in the tomcat6 log is:</div><div><br></div><div>before invoke........................<br></div><div><br></div><div><br></div><div>Here&#39;s the error trace:</div><div><br></div><div>oat client attestation config   ...ok</div>

<div>oat client provisioner config   ...ok</div><div>oat client installation  ...ok</div><div>oat appraiser hostname: <a href="http://beijing.sics.se" target="_blank">beijing.sics.se</a></div><div>### ecStorage = NVRAM###</div>
<div>Performing TPM provisioning...Error getting PubEK: gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.setCredential returned nonzero error: 2()</div><div class="im">
<div>DONE</div><div>Successfully initialized TPM</div><div>Performing HIS identity provisioning...FAILED</div></div><div class="im"><div>gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2()</div>

<div>        at gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)</div></div><div>        at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:217)</div><div class="im"><div>
Failed to receive AIC from Privacy CA, error 1</div>
<div>Registering identity with server...FAILED</div><div>java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory)</div><div>        at java.io.FileInputStream.open(Native Method)</div></div>
<div>
        at java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:140)</div><div class="im"><div>        at java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:96)</div><div>        at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)</div>

<div>        at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99)</div><div>Failed to register identity with appraiser, error 1</div><div><br></div></div><div>Any ideas?..</div><div><br></div>
<div>Cheers,</div>
<div>/Nicolae</div><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On 15 November 2013 10:45, Wei, Gang <span dir="ltr">&lt;<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So you will not see below error after copying the .cer &amp; .jks again, right?<br>
<div><br>
### ecStorage = NVRAM###<br>
Performing TPM provisioning...FAILED<br>
javax.xml.ws.WebServiceException: Failed to access the WSDL at:<br>
<a href="https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactoryService?wsdl" target="_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactorySe<br>
rvice?wsdl</a>. It failed with:<br>
        Connection refused.<br>
<br>
</div>As to below errors:<br>
<div><br>
Performing HIS identity provisioning...FAILED<br>
java.util.NoSuchElementException<br>
        at java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>
        at<br>
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215)<br>
        at<br>
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:292)<br>
        at<br>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j<br>
ava:225)<br>
Failed to receive AIC from Privacy CA, error 1<br>
Registering identity with server...FAILED<br>
java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file<br>
or directory)<br>
        at java.io.FileInputStream.open(Native Method)<br>
        at java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:137)<br>
        at java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:96)<br>
        at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
        at<br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99<br>
</div><div>)<br>
Failed to register identity with appraiser, error 1<br>
<br>
</div>Missing of aik.cer is the subsequence of HIS identity provisioning failure.<br>
The key is:<br>
<div>java.util.NoSuchElementException<br>
        at java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>
        at<br>
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215)<br>
<br>
</div>Which is mostly caused by incorrect tpm owner auth. This is actually the<br>
issue occurred in your first try. So I doubt the oat-client rpm you<br>
reinstalled is still the old one in your local cache.<br>
<br>
Please try to uninstall oat-client, yum clean, then yum install oat-client,<br>
and then try again.<br>
<div><br>
Thanks<br>
Jimmy<br>
<br>
<br>
&gt; -----Original Message-----<br>
&gt; From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>]<br>
</div><div>&gt; Sent: Friday, November 15, 2013 4:08 PM<br>
&gt; To: Wei, Gang<br>
&gt; Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
&gt; Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
&gt;<br>
&gt; Hi,<br>
&gt;<br>
</div><div><div>&gt; I have done that and reran provisioner.sh with the same result.<br>
&gt;<br>
&gt; As I understand, I am copying the files _PrivacyCA.cer_ and<br>
_TrustStore.jks_ to<br>
&gt; /usr/share/oat-client,<br>
&gt; while the java error complains about the missing file _aik.cer_, as<br>
follows:<br>
&gt;<br>
&gt; java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file<br>
or<br>
&gt; directory)<br>
&gt; at java.io.FileInputStream.open(Native Method)<br>
&gt; at java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:146)<br>
&gt; at java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:101)<br>
&gt; at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
&gt; at<br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99<br>
)<br>
&gt;<br>
&gt; is the file _aik.cer_ supposed to be generated at some point here?<br>
&gt;<br>
&gt; Just to clarify, I am using CentOS 6.4, TruSerS and tpm-tools.<br>
&gt;<br>
&gt; Cheers,<br>
&gt; /Nicolae.<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; On 15 November 2013 03:23, Wei, Gang &lt;<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>&gt; wrote:<br>
&gt;<br>
&gt;<br>
&gt;       So, just as what I suggested in last mail, please copy the files<br>
from server<br>
&gt; to client again and run provisioner.sh:<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;       1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to<br>
client.<br>
&gt;<br>
&gt;       Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer<br>
&gt; to :/usr/share/oat-client/<br>
&gt;<br>
&gt;       Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks<br>
&gt; to :/usr/share/oat-client/<br>
&gt;<br>
&gt;       Notes: please repeat above steps in case you have re-deployed your<br>
oat<br>
&gt; appraiser.<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;       Thanks<br>
&gt;<br>
&gt;       Jimmy<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;       From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>]<br>
&gt;       Sent: Thursday, November 14, 2013 6:30 PM<br>
&gt;<br>
&gt;<br>
&gt;       To: Wei, Gang<br>
&gt;       Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
&gt;       Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;       Hi,<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;       As far as I see, port 8443 is not occupied and tomcat6 is running:<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;       root@host /usr/share/oat-client/script # netstat -anp | grep 8443<br>
&gt;<br>
&gt;       root@host /usr/share/oat-client/script # service tomcat6 status<br>
&gt;<br>
&gt;       tomcat6 (pid 30950) is running...                          [  OK  ]<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;       Also, just in case, I&#39;ve checked if disabling iptables helps, and it<br>
doesn&#39;t;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;       In the error trace, there is a line:<br>
&gt;<br>
&gt;       java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No<br>
such file<br>
&gt; or directory)<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;       and indeed, there is not file aik.cer at<br>
/usr/share/oat-client/aik.cer; when<br>
&gt; is it supposed to<br>
&gt;<br>
&gt;       be generated?<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;       cheers,<br>
&gt;<br>
&gt;       /Nicolae<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;       On 14 November 2013 04:32, Wei, Gang &lt;<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>&gt; wrote:<br>
&gt;<br>
&gt;       And you need to copy files from server to client before you try to<br>
run<br>
&gt;       provisioner.sh every time you run OAT_configure.sh again.<br>
&gt;<br>
&gt;       Jimmy<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;       &gt; -----Original Message-----<br>
&gt;       &gt; From: Wei, Gang<br>
&gt;       &gt; Sent: Thursday, November 14, 2013 11:26 AM<br>
&gt;       &gt; To: Nicolae Paladi<br>
&gt;       &gt; Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>; Wei, Gang<br>
&gt;       &gt; Subject: RE: [Users] Trusted Pools and CentOS 6 packages<br>
&gt;       &gt;<br>
&gt;       &gt; Can you try netstat -anp | grep 8443? Maybe it is occupied by<br>
apache.<br>
&gt;       &gt;<br>
&gt;       &gt; Meanwhile check whether tomcat is up.<br>
&gt;       &gt;<br>
&gt;       &gt; Jimmy<br>
&gt;       &gt;<br>
&gt;       &gt;<br>
&gt;       &gt; &gt; -----Original Message-----<br>
&gt;       &gt; &gt; From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>]<br>
&gt;       &gt; &gt; Sent: Wednesday, November 13, 2013 10:43 PM<br>
&gt;       &gt; &gt; To: Wei, Gang<br>
&gt;       &gt; &gt; Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
&gt;       &gt; &gt; Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt; Hi,<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt; I am using port 8443, since no other process -- as far as I know<br>
-- is<br>
&gt;       &gt; using it;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt; below you will find all of the requested configuration files:<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt; Contents of /etc/oat_client/*:<br>
&gt;       &gt; &gt; log4j.properties: <a href="http://pastebin.com/MQLM68vs" target="_blank">http://pastebin.com/MQLM68vs</a><br>
&gt;       &gt; &gt; OAT.properties: <a href="http://pastebin.com/LwHihxah" target="_blank">http://pastebin.com/LwHihxah</a><br>
&gt;       &gt; &gt; OATprovisioner.properties: <a href="http://pastebin.com/0x5TShtZ" target="_blank">http://pastebin.com/0x5TShtZ</a><br>
&gt;       &gt; &gt; TPMModule.properties: <a href="http://pastebin.com/hvw9gfRE" target="_blank">http://pastebin.com/hvw9gfRE</a><br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt; server.xml: <a href="http://pastebin.com/VZ9Vk6iC" target="_blank">http://pastebin.com/VZ9Vk6iC</a><br>
&gt;       &gt; &gt; OAT_client.sh: <a href="http://pastebin.com/St4yCGcF" target="_blank">http://pastebin.com/St4yCGcF</a><br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt; provisioner.sh: <a href="http://pastebin.com/RedqQt8V" target="_blank">http://pastebin.com/RedqQt8V</a><br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt; cheers,<br>
&gt;       &gt; &gt; /Nicolae.<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt; On 13 November 2013 14:47, Wei, Gang &lt;<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>&gt;<br>
&gt; wrote:<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;     This time it failed earlier. Looks like the PCA webservice2<br>
was not<br>
&gt;       &gt; &gt;     listening on 8443 port. Have you replaced the port 8443 with<br>
&gt; 8442 in<br>
&gt;       &gt; &gt; server<br>
&gt;       &gt; &gt;     side ($TOMCAT_HOME/conf/server.xml) but not change it in<br>
&gt; client side<br>
&gt;       &gt; &gt;     (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443<br>
port is<br>
&gt;       &gt; occupied<br>
&gt;       &gt; &gt;     by another app?<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;     Please copy the content from your current server.xml,<br>
&gt; OAT_client.sh,<br>
&gt;       &gt; &gt;     provisioner.sh and /etc/oat-client/* into the content of<br>
your reply<br>
&gt;       &gt; for<br>
&gt;       &gt; &gt;     analysis. (don&#39;t attach *.sh as attachments, that will get<br>
filtered<br>
&gt;       &gt; by my<br>
&gt;       &gt; &gt;     company&#39;s mailing system).<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;     Thanks<br>
&gt;       &gt; &gt;     Jimmy<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;     &gt; -----Original Message-----<br>
&gt;       &gt; &gt;     &gt; From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>]<br>
&gt;       &gt; &gt;     &gt; Sent: Wednesday, November 13, 2013 7:01 PM<br>
&gt;       &gt; &gt;     &gt; To: Wei, Gang<br>
&gt;       &gt; &gt;     &gt; Cc: Doron Fediuck; <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
&gt;       &gt; &gt;     &gt; Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;     &gt; Hi,<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt; thank you for the feedback;<br>
&gt;       &gt; &gt;     &gt; I&#39;ve gone through the steps again, but obtained the<br>
exactly<br>
&gt; same<br>
&gt;       &gt; &gt; problem:<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt; 1. I removed all of the previously installed packaged<br>
related to<br>
&gt;       &gt; OAT.<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt; 2. I followed the tutorial, until this command:<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt; bash provisioner.sh<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt; provisioner.sh: line 7: systemctl: command not found<br>
&gt;       &gt; &gt;     &gt; ### ecStorage = NVRAM###<br>
&gt;       &gt; &gt;     &gt; Performing TPM provisioning...FAILED<br>
&gt;       &gt; &gt;     &gt; javax.xml.ws.WebServiceException: Failed to access the<br>
WSDL<br>
&gt; at:<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; <a href="https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor" target="_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor</a><br>
&gt;       &gt; &gt;     &gt; yService?wsdl. It failed with:<br>
&gt;       &gt; &gt;     &gt;         Connection refused.<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP<br>
&gt;       &gt; &gt;     &gt; arser.java:162)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br>
&gt;       &gt; &gt;     &gt; ava:144)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav<br>
&gt;       &gt; &gt;     &gt; a:265)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; com.sun.xml.ws.client.WSServiceDelegate.&lt;init&gt;(WSServiceDelegate.java:228)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; com.sun.xml.ws.client.WSServiceDelegate.&lt;init&gt;(WSServiceDelegate.java:176)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav<br>
&gt;       &gt; &gt; a:104<br>
&gt;       &gt; &gt;     &gt; )<br>
&gt;       &gt; &gt;     &gt;         at javax.xml.ws.Service.&lt;init&gt;(Service.java:77)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe<br>
&gt;       &gt; &gt; bSer<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; vice2FactoryServiceService.&lt;init&gt;(HisPrivacyCAWebService2FactoryService<br>
&gt;       &gt; &gt; Servi<br>
&gt;       &gt; &gt;     &gt; ce.java:42)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe<br>
&gt;       &gt; &gt; bSer<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli<br>
&gt;       &gt; &gt;     &gt; entInvoker.java:32)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;<br>
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:20<br>
&gt; 5)<br>
&gt;       &gt; &gt;     &gt; Caused by: java.net.ConnectException: Connection refused<br>
&gt;       &gt; &gt;     &gt;         at java.net.PlainSocketImpl.socketConnect(Native<br>
&gt; Method)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav<br>
&gt;       &gt; &gt; a:339<br>
&gt;       &gt; &gt;     &gt; )<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI<br>
&gt;       &gt; &gt; mpl.j<br>
&gt;       &gt; &gt;     &gt; ava:200)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;<br>
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:1<br>
&gt; 82)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt; java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)<br>
&gt;       &gt; &gt;     &gt;         at java.net.Socket.connect(Socket.java:579)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt; sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt; sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt; sun.net.NetworkClient.doConnect(NetworkClient.java:180)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt; sun.net.www.http.HttpClient.openServer(HttpClient.java:432)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt; sun.net.www.http.HttpClient.openServer(HttpClient.java:527)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt;<br>
sun.net.www.protocol.https.HttpsClient.&lt;init&gt;(HttpsClient.java:275)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt; sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt<br>
&gt;       &gt; &gt;     &gt; tpClient(AbstractDelegateHttpsURLConnection.java:191)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec<br>
&gt;       &gt; &gt;     &gt; tion.java:932)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A<br>
&gt;       &gt; &gt;     &gt; bstractDelegateHttpsURLConnection.java:177)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn<br>
&gt;       &gt; &gt;     &gt; ection.java:1300)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU<br>
&gt;       &gt; &gt;     &gt; RLConnectionImpl.java:254)<br>
&gt;       &gt; &gt;     &gt;         at java.net.URL.openStream(URL.java:1037)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD<br>
&gt;       &gt; &gt;     &gt; LParser.java:804)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL<br>
&gt;       &gt; &gt;     &gt; Parser.java:262)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br>
&gt;       &gt; &gt;     &gt; ava:129)<br>
&gt;       &gt; &gt;     &gt;         ... 8 more<br>
&gt;       &gt; &gt;     &gt; Failed to initialize the TPM, error 1<br>
&gt;       &gt; &gt;     &gt; Performing HIS identity provisioning...FAILED<br>
&gt;       &gt; &gt;     &gt; gov.niarl.his.privacyca.TpmModule$TpmModuleException:<br>
&gt;       &gt; &gt;     &gt; TpmModule.getCredential returned nonzero error: 2()<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt;<br>
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt;<br>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j<br>
&gt;       &gt; &gt;     ava:<br>
&gt;       &gt; &gt;     &gt; 217)<br>
&gt;       &gt; &gt;     &gt; Failed to receive AIC from Privacy CA, error 1<br>
&gt;       &gt; &gt;     &gt; Registering identity with server...FAILED<br>
&gt;       &gt; &gt;     &gt; java.io.FileNotFoundException:<br>
/usr/share/oat-client/aik.cer<br>
&gt; (No<br>
&gt;       &gt; such file<br>
&gt;       &gt; &gt;     or<br>
&gt;       &gt; &gt;     &gt; directory)<br>
&gt;       &gt; &gt;     &gt;         at java.io.FileInputStream.open(Native Method)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:146)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:101)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;<br>
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
&gt;       &gt; &gt;     &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt;<br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9<br>
&gt;       &gt; &gt; 9<br>
&gt;       &gt; &gt;     )<br>
&gt;       &gt; &gt;     &gt; Failed to register identity with appraiser, error 1<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;     &gt; Should I have updated anything else?<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt; cheers,<br>
&gt;       &gt; &gt;     &gt; /Nicolae.<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt; On 1 November 2013 10:14, Wei, Gang &lt;<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>&gt;<br>
&gt; wrote:<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt;       This is indeed an issue caused by the<br>
incompatibility<br>
&gt;       &gt; between<br>
&gt;       &gt; &gt; OAT<br>
&gt;       &gt; &gt;     tpm<br>
&gt;       &gt; &gt;     &gt; access<br>
&gt;       &gt; &gt;     &gt;       code &amp; tpm-tools(tpm_takeownership -z). It has<br>
&gt; already been<br>
&gt;       &gt; &gt; fixed.<br>
&gt;       &gt; &gt;     &gt; Please<br>
&gt;       &gt; &gt;     &gt;       follow below wiki and try again.<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; <a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>
&gt;       &gt; &gt;     &gt; Recipe.<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt;       Thanks<br>
&gt;       &gt; &gt;     &gt;       Jimmy<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt;       Nicolae Paladi wrote on 2013-10-28:<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt; Hi, I&#39;ve followed the recipe<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; (<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec</a><br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt; i pe) but didn&#39;t get it to run yet; I think a step<br>
is<br>
&gt;       &gt; missing --<br>
&gt;       &gt; &gt;     the AIK<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt; is not available is /usr/share/oat-client (it was<br>
not<br>
&gt;       &gt; available in<br>
&gt;       &gt; &gt;     &gt;       &gt; /var/lig/oat-appraiser/ClientFiles either); when I<br>
try<br>
&gt; to<br>
&gt;       &gt; run<br>
&gt;       &gt; &gt;     &gt;       &gt; provisioner.sh, I get the following:<br>
provisioner.sh: line<br>
&gt;       &gt; 7:<br>
&gt;       &gt; &gt;     systemctl:<br>
&gt;       &gt; &gt;     &gt;       &gt; command not found ### ecStorage = NVRAM###<br>
&gt; Performing<br>
&gt;       &gt; &gt; TPM<br>
&gt;       &gt; &gt;     &gt;       &gt; provisioning...710 DONE Successfully initialized<br>
TPM<br>
&gt;       &gt; &gt; Performing<br>
&gt;       &gt; &gt;     HIS<br>
&gt;       &gt; &gt;     &gt;       &gt; identity provisioning...FAILED<br>
&gt;       &gt; &gt; java.util.NoSuchElementException<br>
&gt;       &gt; &gt;     &gt;       &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>
&gt;       &gt; &gt;     &gt;       &gt;         at<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21<br>
&gt;       &gt; &gt;     &gt;       &gt; 5)<br>
&gt;       &gt; &gt;     &gt;       &gt;         at<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29<br>
&gt;       &gt; &gt;     &gt;       &gt; 2)<br>
&gt;       &gt; &gt;     &gt;       &gt;         at<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt; r.java: 225) Failed to receive AIC from Privacy<br>
CA,<br>
&gt; error<br>
&gt;       &gt; 1<br>
&gt;       &gt; &gt;     Registering<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt; identity with server...FAILED<br>
&gt;       &gt; java.io.FileNotFoundException:<br>
&gt;       &gt; &gt;     &gt;       &gt; /usr/share/oat-client/aik.cer (No such file or<br>
&gt; directory)<br>
&gt;       &gt; &gt;     &gt;       &gt;         at java.io.FileInputStream.open(Native<br>
&gt; Method)<br>
&gt;       &gt; &gt;     &gt;       &gt;         at<br>
&gt;       &gt; &gt;     java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:137)<br>
&gt;       &gt; &gt;     &gt;       &gt;         at<br>
&gt;       &gt; &gt; java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:96)<br>
&gt;       &gt; &gt;     &gt;       &gt;         at<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>
&gt;       &gt; &gt;     &gt;       &gt;         at<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt;<br>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9<br>
&gt;       &gt; &gt;     &gt; 9<br>
&gt;       &gt; &gt;     &gt;       )<br>
&gt;       &gt; &gt;     &gt;       &gt; Failed to register identity with appraiser, error<br>
1<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt; Thanks,<br>
&gt;       &gt; &gt;     &gt;       &gt; /Nicolae<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt; On 27 October 2013 22:55, Nicolae Paladi<br>
&gt;       &gt; &gt; &lt;<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>&gt;<br>
&gt;       &gt; &gt;     wrote:<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;       Awesome, thanks!<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;       I&#39;ll try this out in the morning<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;       /Nicolae<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;       On 27 October 2013 17:03, Wei, Gang<br>
&gt;       &gt; &gt; &lt;<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>&gt;<br>
&gt;       &gt; &gt;     &gt; wrote:<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;               Please refer to<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt;<br>
&gt; <a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>
&gt;       &gt; &gt;     &gt;       &gt; Recipe.<br>
&gt;       &gt; &gt;     &gt;       &gt;<br>
&gt;       &gt; &gt;     &gt;       &gt;               Jimmy<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;     &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;<br>
&gt;       &gt; &gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
<br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>