Hi, I am using port 8443, since no other process -- as far as I know -- is using it; below you will find all of the requested configuration files: Contents of /etc/oat_client/*: log4j.properties: http://pastebin.com/MQLM68vs OAT.properties: http://pastebin.com/LwHihxah OATprovisioner.properties: http://pastebin.com/0x5TShtZ TPMModule.properties: http://pastebin.com/hvw9gfRE server.xml: http://pastebin.com/VZ9Vk6iC OAT_client.sh: http://pastebin.com/St4yCGcF provisioner.sh: http://pastebin.com/RedqQt8V cheers, /Nicolae. On 13 November 2013 14:47, Wei, Gang <gang.wei@intel.com> wrote:
This time it failed earlier. Looks like the PCA webservice2 was not listening on 8443 port. Have you replaced the port 8443 with 8442 in server side ($TOMCAT_HOME/conf/server.xml) but not change it in client side (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied by another app?
Please copy the content from your current server.xml, OAT_client.sh, provisioner.sh and /etc/oat-client/* into the content of your reply for analysis. (don't attach *.sh as attachments, that will get filtered by my company's mailing system).
Thanks Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 7:01 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
thank you for the feedback; I've gone through the steps again, but obtained the exactly same problem:
1. I removed all of the previously installed packaged related to OAT.
2. I followed the tutorial, until this command:
bash provisioner.sh
provisioner.sh: line 7: systemctl: command not found ### ecStorage = NVRAM### Performing TPM provisioning...FAILED javax.xml.ws.WebServiceException: Failed to access the WSDL at:
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
yService?wsdl. It failed with: Connection refused. at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP arser.java:162) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j ava:144) at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav a:265) at
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
at
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
at
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104
) at javax.xml.ws.Service.<init>(Service.java:77) at
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebSer
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryServiceServi
ce.java:42) at
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebSer
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
entInvoker.java:32) at
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)
Caused by: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339
) at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.j
ava:200) at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:579) at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) at sun.net.NetworkClient.doConnect(NetworkClient.java:180) at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt tpClient(AbstractDelegateHttpsURLConnection.java:191) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec tion.java:932) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A bstractDelegateHttpsURLConnection.java:177) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn ection.java:1300) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU RLConnectionImpl.java:254) at java.net.URL.openStream(URL.java:1037) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD LParser.java:804) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL Parser.java:262) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j ava:129) ... 8 more Failed to initialize the TPM, error 1 Performing HIS identity provisioning...FAILED gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2() at gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594) at
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j ava:
217) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at java.io.FileInputStream.<init>(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 )
Failed to register identity with appraiser, error 1
Should I have updated anything else?
cheers, /Nicolae.
On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote:
This is indeed an issue caused by the incompatibility between OAT tpm access code & tpm-tools(tpm_takeownership -z). It has already been fixed. Please follow below wiki and try again.
Recipe.
Thanks Jimmy
Nicolae Paladi wrote on 2013-10-28:
> Hi, I've followed the recipe > ( https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> i pe) but didn't get it to run yet; I think a step is missing --
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL- the AIK
> is not available is /usr/share/oat-client (it was not available
in
> /var/lig/oat-appraiser/ClientFiles either); when I try to run > provisioner.sh, I get the following: provisioner.sh: line 7:
systemctl:
> command not found ### ecStorage = NVRAM### Performing TPM > provisioning...710 DONE Successfully initialized TPM Performing
HIS
> identity provisioning...FAILED java.util.NoSuchElementException > at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) > at > gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21 > 5) > at >
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> 2) > at >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> r.java: 225) Failed to receive AIC from Privacy CA, error 1
Registering
> identity with server...FAILED java.io.FileNotFoundException: > /usr/share/oat-client/aik.cer (No such file or directory) > at java.io.FileInputStream.open(Native Method) > at
java.io.FileInputStream.<init>(FileInputStream.java:137)
> at
java.io.FileInputStream.<init>(FileInputStream.java:96)
> at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > at >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
9 ) > Failed to register identity with appraiser, error 1 > > > > Thanks, > /Nicolae > > > On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote: > > > Awesome, thanks! > > I'll try this out in the morning > > /Nicolae > > > On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> wrote: > > > Please refer to > >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> Recipe. > > Jimmy