Hi,
I am using port 8443, since no other process -- as far as I know -- is
using it;
below you will find all of the requested configuration files:
Contents of /etc/oat_client/*:
log4j.properties:
cheers,
/Nicolae.
On 13 November 2013 14:47, Wei, Gang <gang.wei(a)intel.com> wrote:
This time it failed earlier. Looks like the PCA webservice2 was not
listening on 8443 port. Have you replaced the port 8443 with 8442 in server
side ($TOMCAT_HOME/conf/server.xml) but not change it in client side
(/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied
by another app?
Please copy the content from your current server.xml, OAT_client.sh,
provisioner.sh and /etc/oat-client/* into the content of your reply for
analysis. (don't attach *.sh as attachments, that will get filtered by my
company's mailing system).
Thanks
Jimmy
> -----Original Message-----
> From: Nicolae Paladi [mailto:n.paladi@gmail.com]
> Sent: Wednesday, November 13, 2013 7:01 PM
> To: Wei, Gang
> Cc: Doron Fediuck; users(a)ovirt.org
> Subject: Re: [Users] Trusted Pools and CentOS 6 packages
>
> Hi,
>
> thank you for the feedback;
> I've gone through the steps again, but obtained the exactly same problem:
>
> 1. I removed all of the previously installed packaged related to OAT.
>
> 2. I followed the tutorial, until this command:
>
> bash provisioner.sh
>
> provisioner.sh: line 7: systemctl: command not found
> ### ecStorage = NVRAM###
> Performing TPM provisioning...FAILED
> javax.xml.ws.WebServiceException: Failed to access the WSDL at:
>
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
> yService?wsdl. It failed with:
> Connection refused.
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP
> arser.java:162)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:144)
> at
> com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav
> a:265)
> at
>
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
> at
>
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
> at
>
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104
> )
> at javax.xml.ws.Service.<init>(Service.java:77)
> at
>
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebSer
>
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryServiceServi
> ce.java:42)
> at
>
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebSer
>
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
> entInvoker.java:32)
> at
>
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)
> Caused by: java.net.ConnectException: Connection refused
> at java.net.PlainSocketImpl.socketConnect(Native Method)
> at
>
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339
> )
> at
>
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.j
> ava:200)
> at
>
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> at java.net.Socket.connect(Socket.java:579)
> at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
> at
> sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)
> at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
> at
> sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
> at
> sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt
> tpClient(AbstractDelegateHttpsURLConnection.java:191)
> at
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec
> tion.java:932)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A
> bstractDelegateHttpsURLConnection.java:177)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
> ection.java:1300)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU
> RLConnectionImpl.java:254)
> at java.net.URL.openStream(URL.java:1037)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD
> LParser.java:804)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL
> Parser.java:262)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:129)
> ... 8 more
> Failed to initialize the TPM, error 1
> Performing HIS identity provisioning...FAILED
> gov.niarl.his.privacyca.TpmModule$TpmModuleException:
> TpmModule.getCredential returned nonzero error: 2()
> at
> gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
> at
>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
ava:
> 217)
> Failed to receive AIC from Privacy CA, error 1
> Registering identity with server...FAILED
> java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such
file
or
> directory)
> at java.io.FileInputStream.open(Native Method)
> at java.io.FileInputStream.<init>(FileInputStream.java:146)
> at java.io.FileInputStream.<init>(FileInputStream.java:101)
> at
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> at
>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99
)
> Failed to register identity with appraiser, error 1
>
> Should I have updated anything else?
>
> cheers,
> /Nicolae.
>
>
>
> On 1 November 2013 10:14, Wei, Gang <gang.wei(a)intel.com> wrote:
>
>
> This is indeed an issue caused by the incompatibility between OAT
tpm
> access
> code & tpm-tools(tpm_takeownership -z). It has already been fixed.
> Please
> follow below wiki and try again.
>
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> Recipe.
>
> Thanks
> Jimmy
>
> Nicolae Paladi wrote on 2013-10-28:
>
> > Hi, I've followed the recipe
> >
> (
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
>
> > i pe) but didn't get it to run yet; I think a step is missing --
the AIK
>
> > is not available is /usr/share/oat-client (it was not available
in
> > /var/lig/oat-appraiser/ClientFiles either); when I try to run
> > provisioner.sh, I get the following: provisioner.sh: line 7:
systemctl:
> > command not found ### ecStorage = NVRAM### Performing TPM
> > provisioning...710 DONE Successfully initialized TPM Performing
HIS
> > identity provisioning...FAILED java.util.NoSuchElementException
> > at
> java.util.StringTokenizer.nextToken(StringTokenizer.java:349)
> > at
> >
> gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
> > 5)
> > at
> >
>
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> > 2)
> > at
> >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
>
> > r.java: 225) Failed to receive AIC from Privacy CA, error 1
Registering
>
> > identity with server...FAILED java.io.FileNotFoundException:
> > /usr/share/oat-client/aik.cer (No such file or directory)
> > at java.io.FileInputStream.open(Native Method)
> > at
java.io.FileInputStream.<init>(FileInputStream.java:137)
> > at
java.io.FileInputStream.<init>(FileInputStream.java:96)
> > at
> gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> > at
> >
>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> 9
> )
> > Failed to register identity with appraiser, error 1
> >
> >
> >
> > Thanks,
> > /Nicolae
> >
> >
> > On 27 October 2013 22:55, Nicolae Paladi <n.paladi(a)gmail.com>
wrote:
> >
> >
> > Awesome, thanks!
> >
> > I'll try this out in the morning
> >
> > /Nicolae
> >
> >
> > On 27 October 2013 17:03, Wei, Gang <gang.wei(a)intel.com>
> wrote:
> >
> >
> > Please refer to
> >
> >
>
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> > Recipe.
> >
> > Jimmy
>
>