------=_NextPart_000_02D1_01CEE1EC.B38C9770 Content-Type: multipart/alternative; boundary="----=_NextPart_001_02D2_01CEE1EC.B38C9770" ------=_NextPart_001_02D2_01CEE1EC.B38C9770 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit So, just as what I suggested in last mail, please copy the files from server to client again and run provisioner.sh: 1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to client. Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer to :/usr/share/oat-client/ Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks to :/usr/share/oat-client/ Notes: please repeat above steps in case you have re-deployed your oat appraiser. Thanks Jimmy From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Thursday, November 14, 2013 6:30 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages Hi, As far as I see, port 8443 is not occupied and tomcat6 is running: root@host /usr/share/oat-client/script # netstat -anp | grep 8443 root@host /usr/share/oat-client/script # service tomcat6 status tomcat6 (pid 30950) is running... [ OK ] Also, just in case, I've checked if disabling iptables helps, and it doesn't; In the error trace, there is a line: java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; when is it supposed to be generated? cheers, /Nicolae On 14 November 2013 04:32, Wei, Gang <gang.wei@intel.com> wrote: And you need to copy files from server to client before you try to run provisioner.sh every time you run OAT_configure.sh again. Jimmy
-----Original Message----- From: Wei, Gang Sent: Thursday, November 14, 2013 11:26 AM To: Nicolae Paladi Cc: Doron Fediuck; users@ovirt.org; Wei, Gang Subject: RE: [Users] Trusted Pools and CentOS 6 packages
Can you try netstat -anp | grep 8443? Maybe it is occupied by apache.
Meanwhile check whether tomcat is up.
Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 10:43 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
I am using port 8443, since no other process -- as far as I know -- is using it;
below you will find all of the requested configuration files:
Contents of /etc/oat_client/*: log4j.properties: http://pastebin.com/MQLM68vs OAT.properties: http://pastebin.com/LwHihxah OATprovisioner.properties: http://pastebin.com/0x5TShtZ TPMModule.properties: http://pastebin.com/hvw9gfRE
server.xml: http://pastebin.com/VZ9Vk6iC OAT_client.sh: http://pastebin.com/St4yCGcF
provisioner.sh: http://pastebin.com/RedqQt8V
cheers, /Nicolae.
On 13 November 2013 14:47, Wei, Gang <gang.wei@intel.com> wrote:
This time it failed earlier. Looks like the PCA webservice2 was not listening on 8443 port. Have you replaced the port 8443 with 8442 in server side ($TOMCAT_HOME/conf/server.xml) but not change it in client side (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied by another app?
Please copy the content from your current server.xml, OAT_client.sh, provisioner.sh and /etc/oat-client/* into the content of your reply for analysis. (don't attach *.sh as attachments, that will get filtered by my company's mailing system).
Thanks Jimmy
> -----Original Message----- > From: Nicolae Paladi [mailto:n.paladi@gmail.com] > Sent: Wednesday, November 13, 2013 7:01 PM > To: Wei, Gang > Cc: Doron Fediuck; users@ovirt.org > Subject: Re: [Users] Trusted Pools and CentOS 6 packages >
> Hi, > > thank you for the feedback; > I've gone through the steps again, but obtained the exactly same problem: > > 1. I removed all of the previously installed packaged related to OAT. > > 2. I followed the tutorial, until this command: > > bash provisioner.sh > > provisioner.sh: line 7: systemctl: command not found > ### ecStorage = NVRAM### > Performing TPM provisioning...FAILED > javax.xml.ws.WebServiceException: Failed to access the WSDL at: >
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
> yService?wsdl. It failed with: > Connection refused. > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP
> arser.java:162) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:144) > at >
com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav
> a:265) > at >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
> at >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
> at >
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav
a:104 > ) > at javax.xml.ws.Service.<init>(Service.java:77) > at >
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe
bSer >
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService
Servi > ce.java:42) > at >
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe
bSer >
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
> entInvoker.java:32) > at >
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)
> Caused by: java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native Method) > at >
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav
a:339 > ) > at >
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI
mpl.j > ava:200) > at >
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > at java.net.Socket.connect(Socket.java:579) > at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) > at > sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) > at sun.net.NetworkClient.doConnect(NetworkClient.java:180) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) > at >
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
> at > sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) > at >
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt
> tpClient(AbstractDelegateHttpsURLConnection.java:191) > at >
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec
> tion.java:932) > at >
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A
> bstractDelegateHttpsURLConnection.java:177) > at >
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
> ection.java:1300) > at >
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU
> RLConnectionImpl.java:254) > at java.net.URL.openStream(URL.java:1037) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD
> LParser.java:804) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL
> Parser.java:262) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:129) > ... 8 more > Failed to initialize the TPM, error 1 > Performing HIS identity provisioning...FAILED > gov.niarl.his.privacyca.TpmModule$TpmModuleException: > TpmModule.getCredential returned nonzero error: 2() > at >
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
> at >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
ava: > 217) > Failed to receive AIC from Privacy CA, error 1 > Registering identity with server...FAILED > java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No
such file
or > directory) > at java.io.FileInputStream.open(Native Method) > at
java.io.FileInputStream.<init>(FileInputStream.java:146)
> at
java.io.FileInputStream.<init>(FileInputStream.java:101)
> at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > at >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
9 ) > Failed to register identity with appraiser, error 1 >
> Should I have updated anything else? > > cheers, > /Nicolae. > > > > On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote: > > > This is indeed an issue caused by the incompatibility between OAT tpm > access > code & tpm-tools(tpm_takeownership -z). It has already been fixed. > Please > follow below wiki and try again. >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> Recipe. > > Thanks > Jimmy > > Nicolae Paladi wrote on 2013-10-28: > > > Hi, I've followed the recipe > > >
(https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> > > i pe) but didn't get it to run yet; I think a step is
missing --
the AIK > > > is not available is /usr/share/oat-client (it was not
available in
> > /var/lig/oat-appraiser/ClientFiles either); when I try to
run
> > provisioner.sh, I get the following: provisioner.sh: line
7:
systemctl: > > command not found ### ecStorage = NVRAM### Performing TPM > > provisioning...710 DONE Successfully initialized TPM Performing HIS > > identity provisioning...FAILED java.util.NoSuchElementException > > at > java.util.StringTokenizer.nextToken(StringTokenizer.java:349) > > at > > >
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
> > 5) > > at > > >
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> > 2) > > at > >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> > > r.java: 225) Failed to receive AIC from Privacy CA, error
1
Registering > > > identity with server...FAILED
java.io.FileNotFoundException:
> > /usr/share/oat-client/aik.cer (No such file or directory) > > at java.io.FileInputStream.open(Native Method) > > at java.io.FileInputStream.<init>(FileInputStream.java:137) > > at java.io.FileInputStream.<init>(FileInputStream.java:96) > > at >
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> > at > > >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> 9 > ) > > Failed to register identity with appraiser, error 1 > > > > > > > > Thanks, > > /Nicolae > > > > > > On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote: > > > > > > Awesome, thanks! > > > > I'll try this out in the morning > > > > /Nicolae > > > > > > On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> > wrote: > > > > > > Please refer to > > > > >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> > Recipe. > > > > Jimmy > >
> > > ava:144)<br>> > > = at<br>> > ><br>> = ><br>> = com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav<b= r>> > > a:265)<br>> > > = at<br>> > ><br>> = ><br>> = com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.ja= va:228)<br>> > > = at<br>> > ><br>> ><br>> = com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.ja= va:176)<br>> > > = at<br>> > ><br>> ><br>> = com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav<br= > > a:104<br>> > > )<br>> > = > at = javax.xml.ws.Service.<init>(Service.java:77)<br>> > = > at<br>> > = ><br>> ><br>> = gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe<b= r>> > bSer<br>> > ><br>> ><br>> = vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactorySer= vice<br>> > Servi<br>> > > = ce.java:42)<br>> > > = at<br>> > ><br>> ><br>> = gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe<b= r>> > bSer<br>> > ><br>> ><br>> = vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cl= i<br>> > > entInvoker.java:32)<br>> > = > at<br>> > = ><br>> = ><br>gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.= java:205)<br>> > > Caused by: = java.net.ConnectException: Connection refused<br>> > = > at = java.net.PlainSocketImpl.socketConnect(Native Method)<br>> > = > at<br>> > = ><br>> ><br>> = java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav<br= > > a:339<br>> > > )<br>> > = > at<br>> > = ><br>> ><br>> = java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI<br= > > mpl.j<br>> > > ava:200)<br>> > = > at<br>> > = ><br>> = ><br>java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.= java:182)<br>> > > = at<br>> > = java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)<br>> > = > at = java.net.Socket.connect(Socket.java:579)<br>> > > = at<br>> > = sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)<br>> = > > at<br>> > = ><br>> > = sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)<br= > > > at = sun.net.NetworkClient.doConnect(NetworkClient.java:180)<br>> > = > at<br>> > = sun.net.www.http.HttpClient.openServer(HttpClient.java:432)<br>> > = > at<br>> > = sun.net.www.http.HttpClient.openServer(HttpClient.java:527)<br>> > = > at<br>> > = ><br>> = sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)= <br>> > > at<br>> = > > = sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)<br>> = > > at<br>> > = ><br>> ><br>> = sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt<br= > > > = tpClient(AbstractDelegateHttpsURLConnection.java:191)<br>> > = > at<br>> > = ><br>> ><br>> = sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec<br= > > > tion.java:932)<br>> > = > at<br>> > = ><br>> ><br>> = sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A<b= r>> > > = bstractDelegateHttpsURLConnection.java:177)<br>> > = > at<br>> > = ><br>> ><br>> = sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn<br= > > > ection.java:1300)<br>> > = > at<br>> > = ><br>> ><br>> = sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU<b= r>> > > RLConnectionImpl.java:254)<br>> > = > at = java.net.URL.openStream(URL.java:1037)<br>> > > = at<br>> > ><br>> = ><br>> = com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD<br>&= gt; > > LParser.java:804)<br>> > = > at<br>> > = ><br>> ><br>> = com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL<br>&= gt; > > Parser.java:262)<br>> > = > at<br>> > = ><br>> ><br>> = com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br= > > > ava:129)<br>> > > = ... 8 more<br>> > > = Failed to initialize the TPM, error 1<br>> > > = Performing HIS identity provisioning...FAILED<br>> > = > gov.niarl.his.privacyca.TpmModule$TpmModuleException:<br>> > = > TpmModule.getCredential returned nonzero error: = 2()<br>> > > = at<br>> > ><br>> = gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)<br>&g= t; > > at<br>> > = ><br>> = ><br>><br>gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisId= entityProvisioner.j<br>> > ava:<br>> > = > 217)<br>> > > Failed to receive AIC = from Privacy CA, error 1<br>> > > Registering = identity with server...FAILED<br>> > > = java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No<br>> = such file<br>> > or<br>> > > =
> > > > 5)<br>> > = > > = at<br>> > > ><br>> = > ><br>> ><br>> = gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:2= 9<br>> > > > 2)<br>> = > > > = at<br>> > > = ><br>> ><br>> = gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione= <br>> > ><br>> > > = > r.java: 225) Failed to receive AIC from Privacy CA, = error<br>> 1<br>> > Registering<br>> > = ><br>> > > = > identity with server...FAILED<br>> = java.io.FileNotFoundException:<br>> > > = > /usr/share/oat-client/aik.cer (No such file or =
------=_NextPart_001_02D2_01CEE1EC.B38C9770 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" = xmlns=3D"http://www.w3.org/TR/REC-html40"><head><META = HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 14 = (filtered medium)"><style><!-- /* Font Definitions */ @font-face {font-family:Helvetica; panose-1:2 11 6 4 2 2 2 2 2 4;} @font-face {font-family:SimSun; panose-1:2 1 6 0 3 1 1 1 1 1;} @font-face {font-family:SimSun; panose-1:2 1 6 0 3 1 1 1 1 1;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:SimSun; panose-1:2 1 6 0 3 1 1 1 1 1;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman","serif";} h3 {mso-style-priority:9; mso-style-link:"Heading 3 Char"; mso-margin-top-alt:auto; margin-right:0cm; mso-margin-bottom-alt:auto; margin-left:0cm; font-size:13.5pt; font-family:SimSun; font-weight:bold;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0cm; mso-margin-bottom-alt:auto; margin-left:0cm; font-size:12.0pt; font-family:SimSun;} span.EmailStyle17 {mso-style-type:personal-reply; font-family:"Calibri","sans-serif"; color:#1F497D;} span.Heading3Char {mso-style-name:"Heading 3 Char"; mso-style-priority:9; mso-style-link:"Heading 3"; font-family:SimSun; font-weight:bold;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri","sans-serif";} @page WordSection1 {size:612.0pt 792.0pt; margin:72.0pt 90.0pt 72.0pt 90.0pt;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--></head><body lang=3DZH-CN link=3Dblue = vlink=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><span = lang=3DEN-US = style=3D'font-size:10.5pt;font-family:"Calibri","sans-serif";color:#1F497= D'>So, just as what I suggested in last mail, please copy the files from = server to client again and run provisioner.sh:<o:p></o:p></span></p><p = class=3DMsoNormal><span lang=3DEN-US = style=3D'font-size:10.5pt;font-family:"Calibri","sans-serif";color:#1F497= D'><o:p> </o:p></span></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:12.0pt;margin-right:0cm;margin-bottom:11.25pt= ;margin-left:0cm;background:white'><b><span lang=3DEN-US = style=3D'font-size:18.0pt;font-family:"Helvetica","sans-serif";color:#333= 333'>1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to = client.<o:p></o:p></span></b></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:11.25pt;margin-right:0cm;margin-bottom:11.25p= t;margin-left:0cm;line-height:18.75pt;background:white'><span = lang=3DEN-US = style=3D'font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333= 333'>Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer to = :/usr/share/oat-client/<o:p></o:p></span></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:11.25pt;margin-right:0cm;margin-bottom:11.25p= t;margin-left:0cm;line-height:18.75pt;background:white'><span = lang=3DEN-US = style=3D'font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333= 333'>Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks to = :/usr/share/oat-client/<o:p></o:p></span></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:11.25pt;margin-right:0cm;margin-bottom:11.25p= t;margin-left:0cm;line-height:18.75pt;background:white'><b><i><span = lang=3DEN-US = style=3D'font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333= 333'>Notes: please repeat above steps in case you have re-deployed your = oat appraiser.</span></i></b><span lang=3DEN-US = style=3D'font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333= 333'><o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN = style=3D'font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o= :p></span></p><p class=3DMsoNormal><span lang=3DEN = style=3D'font-family:"Calibri","sans-serif";color:#1F497D'>Thanks<o:p></o= :p></span></p><p class=3DMsoNormal><span lang=3DEN = style=3D'font-family:"Calibri","sans-serif";color:#1F497D'>Jimmy<o:p></o:= p></span></p><p class=3DMsoNormal><span lang=3DEN-US = style=3D'font-size:10.5pt;font-family:"Calibri","sans-serif";color:#1F497= D'><o:p> </o:p></span></p><div = style=3D'border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm = 4.0pt'><div><div style=3D'border:none;border-top:solid #B5C4DF = 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=3DMsoNormal><b><span = lang=3DEN-US = style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span>= </b><span lang=3DEN-US = style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Nicolae = Paladi [mailto:n.paladi@gmail.com] <br><b>Sent:</b> Thursday, November = 14, 2013 6:30 PM<br><b>To:</b> Wei, Gang<br><b>Cc:</b> Doron Fediuck; = users@ovirt.org<br><b>Subject:</b> Re: [Users] Trusted Pools and CentOS = 6 packages<o:p></o:p></span></p></div></div><p class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p><div><p class=3DMsoNormal><span = lang=3DEN-US>Hi, <o:p></o:p></span></p><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span lang=3DEN-US>As far as I see, port 8443 is not = occupied and tomcat6 is running:<o:p></o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><div><p = class=3DMsoNormal><span lang=3DEN-US>root@host = /usr/share/oat-client/script # netstat -anp | grep = 8443<o:p></o:p></span></p></div><div><p class=3DMsoNormal><span = lang=3DEN-US>root@host /usr/share/oat-client/script # service tomcat6 = status<o:p></o:p></span></p></div><div><p class=3DMsoNormal><span = lang=3DEN-US>tomcat6 (pid 30950) is running... = [ = OK ]<o:p></o:p></span></p></div></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span lang=3DEN-US>Also, just in case, I've checked if = disabling iptables helps, and it = doesn't;<o:p></o:p></span></p></div><div><p class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span lang=3DEN-US>In the error trace, there is a = line: <o:p></o:p></span></p></div><div><p = class=3DMsoNormal><b><span lang=3DEN-US>java.io.FileNotFoundException: = /usr/share/oat-client/aik.cer (No such file or = directory)</span></b><span = lang=3DEN-US><o:p></o:p></span></p></div><div><p class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span lang=3DEN-US>and indeed, there is not file = aik.cer at /usr/share/oat-client/aik.cer; when is it supposed = to<o:p></o:p></span></p></div><div><p class=3DMsoNormal><span = lang=3DEN-US>be generated?<o:p></o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US>cheers,<o:p></o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US>/Nicolae<o:p></o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div></div><div><p = class=3DMsoNormal style=3D'margin-bottom:12.0pt'><span = lang=3DEN-US><o:p> </o:p></span></p><div><p class=3DMsoNormal><span = lang=3DEN-US>On 14 November 2013 04:32, Wei, Gang <<a = href=3D"mailto:gang.wei@intel.com" = target=3D"_blank">gang.wei@intel.com</a>> = wrote:<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US>And = you need to copy files from server to client before you try to = run<br>provisioner.sh every time you run OAT_configure.sh = again.<br><br>Jimmy<o:p></o:p></span></p><div><div><p class=3DMsoNormal = style=3D'margin-bottom:12.0pt'><span lang=3DEN-US><br><br>> = -----Original Message-----<br>> From: Wei, Gang<br>> Sent: = Thursday, November 14, 2013 11:26 AM<br>> To: Nicolae Paladi<br>> = Cc: Doron Fediuck; <a = href=3D"mailto:users@ovirt.org">users@ovirt.org</a>; Wei, Gang<br>> = Subject: RE: [Users] Trusted Pools and CentOS 6 packages<br>><br>> = Can you try netstat -anp | grep 8443? Maybe it is occupied by = apache.<br>><br>> Meanwhile check whether tomcat is = up.<br>><br>> Jimmy<br>><br>><br>> > -----Original = Message-----<br>> > From: Nicolae Paladi [mailto:<a = href=3D"mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>]<br>> > = Sent: Wednesday, November 13, 2013 10:43 PM<br>> > To: Wei, = Gang<br>> > Cc: Doron Fediuck; <a = href=3D"mailto:users@ovirt.org">users@ovirt.org</a><br>> > = Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>> = ><br>> > Hi,<br>> ><br>> > I am using port 8443, = since no other process -- as far as I know -- is<br>> using = it;<br>> ><br>> > below you will find all of the requested = configuration files:<br>> ><br>> > Contents of = /etc/oat_client/*:<br>> > log4j.properties: <a = href=3D"http://pastebin.com/MQLM68vs" = target=3D"_blank">http://pastebin.com/MQLM68vs</a><br>>; > = OAT.properties: <a href=3D"http://pastebin.com/LwHihxah" = target=3D"_blank">http://pastebin.com/LwHihxah</a><br>>; > = OATprovisioner.properties: <a href=3D"http://pastebin.com/0x5TShtZ" = target=3D"_blank">http://pastebin.com/0x5TShtZ</a><br>>; > = TPMModule.properties: <a href=3D"http://pastebin.com/hvw9gfRE" = target=3D"_blank">http://pastebin.com/hvw9gfRE</a><br>>; ><br>> = ><br>> > server.xml: <a href=3D"http://pastebin.com/VZ9Vk6iC" = target=3D"_blank">http://pastebin.com/VZ9Vk6iC</a><br>>; > = OAT_client.sh: <a href=3D"http://pastebin.com/St4yCGcF" = target=3D"_blank">http://pastebin.com/St4yCGcF</a><br>>; ><br>> = > provisioner.sh: <a href=3D"http://pastebin.com/RedqQt8V" = target=3D"_blank">http://pastebin.com/RedqQt8V</a><br>>; ><br>> = ><br>> > cheers,<br>> > /Nicolae.<br>> ><br>> = ><br>> > On 13 November 2013 14:47, Wei, Gang <<a = href=3D"mailto:gang.wei@intel.com">gang.wei@intel.com</a>> = wrote:<br>> ><br>> ><br>> > This time it = failed earlier. Looks like the PCA webservice2 was not<br>> > = listening on 8443 port. Have you replaced the port 8443 = with 8442 in<br>> > server<br>> > side = ($TOMCAT_HOME/conf/server.xml) but not change it in client side<br>> = > (/usr/share/oat-client/script/OAT_client.sh)? Or the = 8443 port is<br>> occupied<br>> > by another = app?<br>> ><br>> > Please copy the content = from your current server.xml, OAT_client.sh,<br>> > = provisioner.sh and /etc/oat-client/* into the content of your = reply<br>> for<br>> > analysis. (don't attach = *.sh as attachments, that will get filtered<br>> by my<br>> > = company's mailing system).<br>> ><br>> > = Thanks<br>> > Jimmy<br>> = ><br>> ><br>> ><br>> > > = -----Original Message-----<br>> > > From: Nicolae = Paladi [mailto:<a = href=3D"mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>]<br>> > = > Sent: Wednesday, November 13, 2013 7:01 PM<br>> = > > To: Wei, Gang<br>> > > = Cc: Doron Fediuck; <a = href=3D"mailto:users@ovirt.org">users@ovirt.org</a><br>> > = > Subject: Re: [Users] Trusted Pools and CentOS 6 = packages<br>> > ><br>> ><br>> > = > Hi,<br>> > ><br>> > = > thank you for the feedback;<br>> > = > I've gone through the steps again, but obtained the exactly = same<br>> > problem:<br>> > ><br>> > = > 1. I removed all of the previously installed packaged = related to<br>> OAT.<br>> > ><br>> > = > 2. I followed the tutorial, until this = command:<br>> > ><br>> > > = bash provisioner.sh<br>> > ><br>> > = > provisioner.sh: line 7: systemctl: command not found<br>> = > > ### ecStorage =3D NVRAM###<br>> > = > Performing TPM provisioning...FAILED<br>> > = > javax.xml.ws.WebServiceException: Failed to access the WSDL = at:<br>> > ><br>> ><br>> <a = href=3D"https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebServic= e2Factor" = target=3D"_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyC= AWebService2Factor</a><br>> > > yService?wsdl. It = failed with:<br>> > > = Connection refused.<br>> > > = at<br>> > ><br>> ><br>> = com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP<br>&= gt; > > arser.java:162)<br>> > = > at<br>> > = ><br>> ><br>> = com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br= directory)<br>> > > = at java.io.FileInputStream.open(Native Method)<br>> > = > at<br>> = java.io.FileInputStream.<init>(FileInputStream.java:146)<br>> = > > at<br>> = java.io.FileInputStream.<init>(FileInputStream.java:101)<br>> = > > at<br>> > = = gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>> = > > at<br>> > = ><br>> ><br>> = ><br>><br>gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegis= terIdentity.java:9<br>> > 9<br>> > )<br>> = > > Failed to register identity with appraiser, = error 1<br>> > ><br>> ><br>> > = > Should I have updated anything else?<br>> > = ><br>> > > cheers,<br>> > = > /Nicolae.<br>> > ><br>> > = ><br>> > ><br>> > = > On 1 November 2013 10:14, Wei, Gang <<a = href=3D"mailto:gang.wei@intel.com">gang.wei@intel.com</a>> = wrote:<br>> > ><br>> > = ><br>> > > This is indeed = an issue caused by the incompatibility<br>> between<br>> > = OAT<br>> > tpm<br>> > > = access<br>> > > code & = tpm-tools(tpm_takeownership -z). It has already been<br>> > = fixed.<br>> > > Please<br>> > = > follow below wiki and try again.<br>> > = ><br>> ><br>> <a = href=3D"https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-R= HEL-" = target=3D"_blank">https://github.com/OpenAttestation/OpenAttestation/wiki= /OAT-for-RHEL-</a><br>> > > Recipe.<br>> > = ><br>> > > = Thanks<br>> > > = Jimmy<br>> > ><br>> > > = Nicolae Paladi wrote on 2013-10-28:<br>> > = ><br>> > > = > Hi, I've followed the recipe<br>> > > = ><br>> > ><br>> ><br>> = (<a = href=3D"https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-R= HEL-Rec" = target=3D"_blank">https://github.com/OpenAttestation/OpenAttestation/wiki= /OAT-for-RHEL-Rec</a><br>> > ><br>> > = > > i pe) but didn't get it to = run yet; I think a step is<br>> missing --<br>> > = the AIK<br>> > ><br>> > > = > is not available is /usr/share/oat-client (it = was not<br>> available in<br>> > > = > /var/lig/oat-appraiser/ClientFiles either); when I = try to<br>> run<br>> > > = > provisioner.sh, I get the following: provisioner.sh: line<br>> = 7:<br>> > systemctl:<br>> > > = > command not found ### ecStorage =3D NVRAM### = Performing<br>> > TPM<br>> > > = > provisioning...710 DONE Successfully initialized = TPM<br>> > Performing<br>> > HIS<br>> > = > > identity = provisioning...FAILED<br>> > = java.util.NoSuchElementException<br>> > > = > at<br>> > = > = java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>> = > > > = at<br>> > > = ><br>> > ><br>> ><br>> = gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21<br= directory)<br>> > > > = at java.io.FileInputStream.open(Native = Method)<br>> > > > = at<br>> > = java.io.FileInputStream.<init>(FileInputStream.java:137)<br>> = > > > = at<br>> > = java.io.FileInputStream.<init>(FileInputStream.java:96)<br>> = > > > = at<br>> > ><br>> = gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>> = > > > = at<br>> > > = ><br>> > ><br>> = ><br>><br>gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegis= terIdentity.java:9<br>> > > 9<br>> > = > )<br>> > > = > Failed to register identity with appraiser, = error 1<br>> > > = ><br>> > > ><br>> = > > ><br>> > = > > Thanks,<br>> > = > > /Nicolae<br>> > > = ><br>> > > = ><br>> > > > On = 27 October 2013 22:55, Nicolae Paladi<br>> > <<a = href=3D"mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>><br>> = > wrote:<br>> > > = ><br>> > > = ><br>> > > > = Awesome, thanks!<br>> > > = ><br>> > > = > I'll try this out in the morning<br>> > = > ><br>> > = > > /Nicolae<br>> = > > ><br>> > = > ><br>> > > = > On 27 October 2013 17:03, = Wei, Gang<br>> > <<a = href=3D"mailto:gang.wei@intel.com">gang.wei@intel.com</a>><br>> = > > wrote:<br>> > > = ><br>> > > = ><br>> > > > = Please refer to<br>> > = > ><br>> > = > ><br>> > ><br>> = ><br>> <a = href=3D"https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-R= HEL-" = target=3D"_blank">https://github.com/OpenAttestation/OpenAttestation/wiki= /OAT-for-RHEL-</a><br>> > > = > Recipe.<br>> > > = ><br>> > > > = Jimmy<br>> > = ><br>> > ><br>> ><br>> = ><br>> ><o:p></o:p></span></p></div></div></div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div></div></div></body></html> ------=_NextPart_001_02D2_01CEE1EC.B38C9770-- ------=_NextPart_000_02D1_01CEE1EC.B38C9770 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCIX4w ggMgMIICiaADAgECAgQ13vTPMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQK EwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HhcNOTgwODIyMTY0MTUxWhcNMTgwODIyMTY0MTUxWjBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMH RXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBXbFYZwhi7qCaLR8IbZEUaJgKHv7aBG8ThGIhw9F8 zp8F4LgB8E407OKKlQRkrPFrU18Fs8tngL9CAo7+3QEJ7OEAFE/8+/AM3UO6WyvhH4BwmRVXkxbx D5dqt8JoIxzMTVkwrFEeO68r1u5jRXvF2V9Q0uNQDzqI578U/eDHuQIDAQABo4IBCTCCAQUwcAYD VR0fBGkwZzBloGOgYaRfMF0xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQL EyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwGgYD VR0QBBMwEYEPMjAxODA4MjIxNjQxNTFaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBRI5mj5K9Ky lddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUSOZo+SvSspXXR9gjIBBPM5iQn9QwDAYDVR0TBAUwAwEB /zAaBgkqhkiG9n0HQQAEDTALGwVWMy4wYwMCBsAwDQYJKoZIhvcNAQEFBQADgYEAWM4p6vz33rXO ArkXtYXRuePglcwlMQ0AppJuf7aSY55QldGab+QR3mOFbpjuqP9ayNNVsmZxV97AIes9KqcjSQEE hkJ7/O5/ohZStWdn00DbOyZYsih3Pa4Ud2HW+ipmJ6AN+qdzXOpw8ZQhZURf+vzvKWipood573nv T6wHdzgwggM9MIICpqADAgECAgMFsP8wDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAO BgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhv cml0eTAeFw0wNjAyMTYxODAxMzBaFw0xNjAyMTkxODAxMzBaMFIxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjEnMCUGA1UEAxMeSW50ZWwgRXh0ZXJuYWwgQmFzaWMgUG9s aWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaXf1zm/UFahGfJkNdONk3Ti KtwEwyLFdsQ8rd9Mi8jEeVo7brNG59wfoXvPQYjTvyz+vqxcxMJQ+eT5V/hyxiCnjTRve3asnN9B RJRFI2c02RatjeHt5FSf1wBBIADc1fL/aqe6lsMboD4H3N8/QZGKLfgon6M3sRy2/4RGY/siEglO tZEWb7kkNBNdcmC+HUYHIJSXmh6N6F+e67yHJGi7GFef9QI/kfAzNT6ZPeuV0ACrB358k+wuEudE +JVZ+Jc9+sDnTWZ/83oBtc6eNZZ6ExX0+CrilSR+ce2A9aeim4CQii6L57oxrqIargTX3VyqWZL8 +qRr/ogtR2sCXQIDAQABo4GgMIGdMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUGsYMSsRHb6jb rSvw9FYGo+03VAwwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwDwYDVR0TAQH/ BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQATEDitpFSlSJVFsC03csCfntjvjwv7kJbSthd5Ucqz 3wZ+vbTpCD+EoAyTn7McqGyKzy3u+ZAS8Pg6JtdzgQ6fxDGSWdQoJUH1VfHKPZk92mTI0hhkIjIJ CS0d4zH6/dNH12So+V3qgifiT9JhISRhHVQmPhRZZLCY1fOnw66tUDCCBDYwggMeoAMCAQICAQEw DQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYD VQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0 ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMG8xCzAJBgNVBAYT AlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQ IE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC39xoz5vIABC054E5b7R+8bA/Ntfojts7emxEzl6QpTH2Tn71K vJPtAxrjj8/lbVBa1pcplFqAsEl62y6V/bjKvzc4LR4+kUGtcFbH8E8/6DKedMrIkFTpxl8PeJ2a QDwOrGGqXhSPnoehalDc15pOrwWzpnGUnHGzUGAKxxOdOAeGAqjpqGkmGJCrTLBPI6s6T4TY386f 4Wlvu9dC12tE5Met7m1BX3JacQg3s3llpFmglDf3AC8NwpJy2tA4ctsUqEXEXSp9t7TWxO6szRNE t8kr3UMAJfphuWlqWCMRt6czj1Z1WfXNKddGtworZbbTQm8Vsrh7++/pXVPVNFonAgMBAAGjgdww gdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQG EwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3 DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n /PYmE8eAFqW/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt 7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIF UdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZg D8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEMIIE6zCCA9OgAwIBAgIQUukC yhHoRJ2UZTgvoxowuzANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRk VHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQD ExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTEzMDMxOTAwMDAwMFoXDTIwMDUzMDEwNDgz OFoweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgG A1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElz c3VpbmcgQ0EgNEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgsMyAndhJVfoD2wT6 OMfdv4XddrzrPcssq7/pa+Mh29RvGejPaqe+X1QpAjewTXNRFDGt+C+0/Rs+C3W4PAB8tzofl6qf KL7sWs+xMYJHiDAOarVaRNCA0M1dSBvvV73/qx+r5Z8IOmLxJxqCXIsJGnumH9XrRxuK0G+dkV6U oIMGHffZLoobdsB2c0YH++TzpvAOVjqiYOzr9Gx83DNBXCj8zeg+u7HrLrPIihG6V+RUQ1szT/1G vNA6XIrhblWTgQSx9baOUJXhbzdAqpFxwAohTHDar8egdU9tsROusuYTpFFn/55aWQZaX6a3HjYc 6A6ZfQFF1NGj28fvJ4GjAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g JMtUGjAdBgNVHQ4EFgQUHmkqtNwo/kcYTiELP7ysES/wmPUwDgYDVR0PAQH/BAQDAgGGMBIGA1Ud EwEB/wQIMAYBAf8CAQAwNgYDVR0lBC8wLQYIKwYBBQUHAwQGCisGAQQBgjcKAwQGCisGAQQBgjcK AwwGCSsGAQQBgjcVBTAXBgNVHSAEEDAOMAwGCiqGSIb4TQEFAWkwSQYDVR0fBEIwQDA+oDygOoY4 aHR0cDovL2NybC50cnVzdC1wcm92aWRlci5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmww OgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC50cnVzdC1wcm92aWRlci5j b20wNQYDVR0eBC4wLKAqMAuBCWludGVsLmNvbTAboBkGCisGAQQBgjcUAgOgCwwJaW50ZWwuY29t MA0GCSqGSIb3DQEBBQUAA4IBAQApws2j/ZKjUmeiLwbtblDoVI+rV+bIpbexIN/Vqa/IeSMSB3bm fswpEcYSZHHGjOI8qlyZt9dhT4nSDnrScKjmA8XvxZ3tmbNyYJybVQUV8jF/DpADX1tGlMLxswxp JISXzLf0+DBr4cQ2ag9mwzrcN1nrOIOc+pxJtx9izyp3+bl3baulerkgZVS1fotftH+FJLD/ex8B OcEuCIm2KVXJjs4YaZgoIBLYjTiK29JLVa15xdO305kPI1uXsu05sGuAwuFmSklb6k5H1/eHlUbZ Lm4qQDtOH00L0ShJx3BAIAjD5RYptJDQiyPZQUvt8cq+apYpVMv3yxHO8jex40LgMIIFijCCBHKg AwIBAgIKYSCKYgAAAAAACDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMR SW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHkludGVsIEV4dGVybmFsIEJhc2ljIFBvbGljeSBD QTAeFw0wOTA1MTUxOTI3MjZaFw0xNTA1MTUxOTM3MjZaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQK ExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWlu ZyBDQSAzQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQEM1Wn9TU9vc9C+/Tc7KB+ eiYElmrcEWE32WUdHvWG+IcQHVQsikTmMyKKojNLw2B5s6Iekc8ivDo/wCfjZzX9JyftMnc+AArc 0la87Olybzm8K9jXEfTBvTnUSFSiI9ZYefITdiUgqlAFuljFZEHYKYtLuhrRacpmQfP4mV63NKdc 2bT804HRf6YptZFa4k6YN94zlrGNrBuQQ74WFzz/jLBusbUpEkro6Mu/ZYFOFWQrV9lBhF9Ruk8y N+3N6n9fUo/qBigiF2kEn9xVh1ykl7SCGL2jBUkXx4qgV27a6Si8lRRdgrHGtN/HWnSWlLXTH5l5 75H4Lq++77OFv38CAwEAAaOCAlwwggJYMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFA7GKvdZ sggQkCVvw939imYxMCvFMAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQB gjcVAgQWBBQ5oFY2ekKQ/5Ktim+VdMeSWb4QWTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAf BgNVHSMEGDAWgBQaxgxKxEdvqNutK/D0Vgaj7TdUDDCBvQYDVR0fBIG1MIGyMIGvoIGsoIGphk5o dHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFz aWMlMjBQb2xpY3klMjBDQS5jcmyGV2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9z aXRvcnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNybDCB4wYI KwYBBQUHAQEEgdYwgdMwYwYIKwYBBQUHMAKGV2h0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRv cnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNy dDBsBggrBgEFBQcwAoZgaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9j ZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EuY3J0MA0G CSqGSIb3DQEBBQUAA4IBAQCxtQEHchVQhXyjEqtMVUMe6gkmPsIczHxSeqNbo9dsD+6xbT65JT+o YgpIAtfEsYXeUJu1cChqpb22U5bMAz7eaQcW5bzefufWvA6lg2048B8oczBj/q+5P5NpYrUO8jOm N4jTjfJq3ElZ7yFWpy7rB3Vm/aN6ATYqWfMbS/xfh+JCxmH3droUmMJI0/aZJHsLtjbjFnNsHDNr JZX1vxlM78Lb1hjskTENPmhbVbfTj5i/ZGnhv4tmI8QZPCNtcegXJrfhRl2D9bWpdTOPrWiLDUqz y1Z6KL7TcOS/PCl8RHCJXkPau/thTQCpIoDa2+c+3XA++gRTfAQ4svTO260NMIIF+zCCBOOgAwIB AgIKHtX06gABAACWPTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRSW50 ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0Eg M0IwHhcNMTIwNjA4MDgwNTExWhcNMTUwNTE1MTkzNzI2WjA3MRIwEAYDVQQDEwlXZWksIEdhbmcx ITAfBgkqhkiG9w0BCQEWEmdhbmcud2VpQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALNyfS4yC6aDo3DZ/oId96Dvi8CB5SJyDUcMhpKWZtzqPX2mMOqQNgv4qAtHUjt4 ibyPSjGZ+0EM3r63384gGcVR8+uxiuijBIOCkis6oGQ+TmBl1i28KobkE4jNnLCES0keisfNdzO8 vAOxIFbT9KxQl1f1MfvsZfyGfFYB53gHCh1VxdZ7a2XKaON+l2YYx2p5xGGZtDDb61ajXSGvdHK+ qMIfo7LMoZmY42t5NawgizwcqBPUOLR+JXOtyGGiXZx3wZPeRmZx/eCMPBhSlfewpvUrK8W0kL59 1Lv0HeUVEJye2bOmlLo1DeIp6KH9JujFB33KhHXvNsugc9IYUVMCAwEAAaOCAugwggLkMAsGA1Ud DwQEAwIHgDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiGw4x1hJnlUYP9gSiFjp9TgpHACWeB 3r05lfBDAgFkAgEIMB0GA1UdDgQWBBQYdG5bBKSgjlBUQ6dpUm2vjlkEKDAfBgNVHSMEGDAWgBQO xir3WbIIEJAlb8Pd/YpmMTArxTCBzwYDVR0fBIHHMIHEMIHBoIG+oIG7hldodHRwOi8vd3d3Lmlu dGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5n JTIwQ0ElMjAzQigxKS5jcmyGYGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRv cnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNCKDEpLmNy bDCB9QYIKwYBBQUHAQEEgegwgeUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3Jl cG9zaXRvcnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3Vpbmcl MjBDQSUyMDNCKDEpLmNydDB1BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5j b20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNz dWluZyUyMENBJTIwM0IoMSkuY3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMCkG CSsGAQQBgjcVCgQcMBowCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDDDBBBgNVHREEOjA4oCIGCisG AQQBgjcUAgOgFAwSZ2FuZy53ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZI hvcNAQEFBQADggEBAHuycX8AxjwfC5zmWDh0QpY8vDSgyLXaUDYKm2+ATDJDn5kALJgxAqaThvqG TH+oz73HQ7L8v7QxM0Yp1IQd/k5GeqMzhuXEoPM4rcORlOlvRqxBJNZUuYwxvyYaUpLU1W8EsOB2 zB31ykzdXH93b6ZpfJk78eqZuq00xHxU9mw4PXlWPnn1NDBYD1JH/ufCmpFk6sBE2bBf2u2miBEw HoRUyoH1nbu78aOs4mE6fRC9NutIriNPI2790R3FAY8dLWl3nrpXs80TrUCptat61uNRJDH06KXe 81QCtvDVlBGbZ4gqWR3PZGsnJKeOLOO38PQvFFm1Xjs4DVYiPVYyCTIwggZfMIIFR6ADAgECAgoX k5lZAAIAACHzMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIG A1UEBxMLU2FudGEgQ2xhcmExGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMSswKQYDVQQDEyJJ bnRlbCBFeHRlcm5hbCBCYXNpYyBJc3N1aW5nIENBIDRBMB4XDTEzMDgxOTAwMzYzN1oXDTE2MDgw MzAwMzYzN1owNzESMBAGA1UEAxMJV2VpLCBHYW5nMSEwHwYJKoZIhvcNAQkBFhJnYW5nLndlaUBp bnRlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5n/5H2E4IaFTN6vf/5c8e QY+u2n0X6FBqaOcJLEjHxkruNV8FYsNtngjFToTw6+1/UagW/vCKKovY9xdFN4hzbfufpgKS3qDm r4xi0b4d9hKIItaClYfbfO90qdz/GuFJByWmjqqjWmzgS1gHP8lV/7skH8ykBPXP1pdbi9zsR5qc dY1J9pv6+80W/7t6a1Hc/YcxiGPWBIoxeEcOwyIUvHkB3YCNiTF/b8Yd2XP7WOS5dTCyTQznSc4f LWh4/+9uJ2DwNJSwmA3i/E8Ypuj2nkl2sON5XhHwLgZPAubbVetnE9GhYqC2gMPAtGdanjq89qLp HooNYxSz5DBZ/qGXAgMBAAGjggMpMIIDJTALBgNVHQ8EBAMCBDAwPQYJKwYBBAGCNxUHBDAwLgYm KwYBBAGCNxUIhsOMdYSZ5VGD/YEohY6fU4KRwAlnhLnZQYeE/04CAWQCAQ0wRAYJKoZIhvcNAQkP BDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMH MB0GA1UdDgQWBBQXPB4WAJS7jGIRmmWelsAl0gdIyzAfBgNVHSMEGDAWgBQeaSq03Cj+RxhOIQs/ vKwRL/CY9TCByQYDVR0fBIHBMIG+MIG7oIG4oIG1hlRodHRwOi8vd3d3LmludGVsLmNvbS9yZXBv c2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjA0QS5j cmyGXWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIw RXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBLmNybDCB9QYIKwYBBQUHAQEEgegw geUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlmaWNh dGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBKDIpLmNydDB1 BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0 aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwNEEoMiku Y3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMEMCkGCSsGAQQBgjcVCgQcMBowCgYI KwYBBQUHAwQwDAYKKwYBBAGCNwoDBDBBBgNVHREEOjA4oCIGCisGAQQBgjcUAgOgFAwSZ2FuZy53 ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZIhvcNAQEFBQADggEBABbAGh9L zr7TdotBWnVEUR2ZohZjdhIs7vMslFWmwYvuge2PkPTUhV6sUDWEE04S7+L+XUIvm5DOMCoqY+eJ RfIDxpbqAEQOSf8Ro+xR2zsohSgbNiN7ocjh6siCW2FsPfdV2jV12eDMM4IvT5J2aAMLlQ8LSRq5 g+vaXrp0lengXNIGEUxHeQRTkQEEc/UsixV1FVBhlUjF5c6qKzSOY4xV/OMeMmxzoLf+h41zU4da TYEeXeWsed//nrtoTVOYSJ3bko6kpnP/sOVKN1dmWZWi8h2hg3MP42mTZI+fiLCgBsCqNFlbfXeC /OornRiCqKrjk1KERzICUuIKXYbqN+ExggPiMIID3gIBATBkMFYxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNz dWluZyBDQSAzQgIKHtX06gABAACWPTANBglghkgBZQMEAgEFAKCCAk8wGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMxMTE1MDIyMzE4WjAvBgkqhkiG9w0BCQQxIgQg javldfz4mHkCM7kSk1fiRRn2SH5U1glA+205tbvdWK4wgZgGCSsGAQQBgjcQBDGBijCBhzB5MQsw CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQKExFJ bnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBD QSA0QQIKF5OZWQACAAAh8zCBmgYLKoZIhvcNAQkQAgsxgYqggYcweTELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRp b24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0EgNEECCheTmVkAAgAA IfMwgasGCSqGSIb3DQEJDzGBnTCBmjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAoGCCqGSIb3 DQMHMAsGCWCGSAFlAwQBAjAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICAUAw DQYIKoZIhvcNAwICASgwCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwBwYF Kw4DAhowDQYJKoZIhvcNAQEBBQAEggEAE8lqq5vFOulvfb/7lWpEEUYnHxRcQDXuqU+zGEeTYpwD zC/z0wbrVG+z9+6i8y+ONVrZqYa3UhJ6+izeGZDaN7PKCcwgFtW6aLMA4sIYhCChF/k8m6mBIL1I HWKcbrW4qDPvn5Tdha5T27VoNuKnh6RwJMp76pLVV6cCJ65L2IqitcDU4LWUCDPoIU1aMAq/vRu0 7M5SpFDj6l8xY/xXmnNWWsnNXy891KbB3BcM7zq0n6IsChVV9PxhjZ4l67te/5NM8fIjV3JCglbU x59A4rodI6clbciHsNGwRV77u13lQ3nZOC596n3B+yYAYlPliAWU+is7aUbSDVp3ktSNGQAAAAAA AA== ------=_NextPart_000_02D1_01CEE1EC.B38C9770--