[Users] Trusted Pools and CentOS 6 packages

Hello, based on http://www.ovirt.org/Trusted_compute_pools_deployment#Provision_White_List_D... The commands of kind: bash_oat_cert .. bash oat_oem ... are to be run on hypervisor host side, correct? Where can I find these packages for CentOS 6? Thanks in advance Gianluca PS: I took the time to correct a typo in client section where it said "Yum Install oat server package from fedora19 repository" instead of "Yum Install oat client package from fedora19 repository"

----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@gmail.com> To: "users" <users@ovirt.org> Sent: Wednesday, June 5, 2013 12:02:01 PM Subject: [Users] Trusted Pools and CentOS 6 packages
Hello, based on http://www.ovirt.org/Trusted_compute_pools_deployment#Provision_White_List_D...
The commands of kind:
bash_oat_cert .. bash oat_oem ...
are to be run on hypervisor host side, correct?
Where can I find these packages for CentOS 6?
Thanks in advance
Gianluca
PS: I took the time to correct a typo in client section where it said "Yum Install oat server package from fedora19 repository" instead of "Yum Install oat client package from fedora19 repository"
Hi Gianluca, Thanks for the wiki update! The relevant guys handling OAT are currently in a public holiday, so expect a response within 2-3 days. Please ping me if no one answers to you in this time frame. Doron

Il giorno 10/giu/2013 18:23, "Doron Fediuck" <dfediuck@redhat.com> ha scritto:
----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@gmail.com> To: "users" <users@ovirt.org> Sent: Wednesday, June 5, 2013 12:02:01 PM Subject: [Users] Trusted Pools and CentOS 6 packages
Hello, based on
The commands of kind:
bash_oat_cert .. bash oat_oem ...
are to be run on hypervisor host side, correct?
Where can I find these packages for CentOS 6?
Thanks in advance
Gianluca
PS: I took the time to correct a typo in client section where it said "Yum Install oat server package from fedora19 repository" instead of "Yum Install oat client package from fedora19 repository"
Hi Gianluca, Thanks for the wiki update!
The relevant guys handling OAT are currently in a public holiday, so expect a response within 2-3 days.
Please ping me if no one answers to you in this time frame. Doron Hi, In the mean time Jimmy (Gang Wei) let me notice for another task that on oat server, where I built the packages, there is a generated "CommandTool"
http://www.ovirt.org/Trusted_compute_pools_deployment#Provision_White_List_D... directory and I can directly copy its contents to the client (the oVirt node in our scenario) and use them to register with oat server Gianluca

----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@gmail.com> To: "Doron Fediuck" <dfediuck@redhat.com> Cc: "Wei D Chen" <wei.d.chen@intel.com>, "users" <users@ovirt.org>, "Mei Yu" <mei.yu@intel.com>, "Ofri Masad" <omasad@redhat.com>, "Gang Wei" <gang.wei@intel.com> Sent: Monday, June 10, 2013 7:32:49 PM Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Il giorno 10/giu/2013 18:23, "Doron Fediuck" <dfediuck@redhat.com> ha scritto:
----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@gmail.com> To: "users" <users@ovirt.org> Sent: Wednesday, June 5, 2013 12:02:01 PM Subject: [Users] Trusted Pools and CentOS 6 packages
Hello, based on
The commands of kind:
bash_oat_cert .. bash oat_oem ...
are to be run on hypervisor host side, correct?
Where can I find these packages for CentOS 6?
Thanks in advance
Gianluca
PS: I took the time to correct a typo in client section where it said "Yum Install oat server package from fedora19 repository" instead of "Yum Install oat client package from fedora19 repository"
Hi Gianluca, Thanks for the wiki update!
The relevant guys handling OAT are currently in a public holiday, so expect a response within 2-3 days.
Please ping me if no one answers to you in this time frame. Doron Hi, In the mean time Jimmy (Gang Wei) let me notice for another task that on oat server, where I built the packages, there is a generated "CommandTool"
http://www.ovirt.org/Trusted_compute_pools_deployment#Provision_White_List_D... directory and I can directly copy its contents to the client (the oVirt node in our scenario) and use them to register with oat server Gianluca
That's nice of Jimmy to assist. Are you trying out the oVirt TCP feature or will you be using OAT for something else?

On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote:
That's nice of Jimmy to assist. Are you trying out the oVirt TCP feature or will you be using OAT for something else?
Actually the need was for OpenStack environment, but I'm going to test oVirt node too. Gianluca

----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@gmail.com> To: "Doron Fediuck" <dfediuck@redhat.com> Cc: "Wei D Chen" <wei.d.chen@intel.com>, "users" <users@ovirt.org>, "Mei Yu" <mei.yu@intel.com>, "Ofri Masad" <omasad@redhat.com>, "Gang Wei" <gang.wei@intel.com> Sent: Tuesday, June 11, 2013 2:29:54 AM Subject: Re: [Users] Trusted Pools and CentOS 6 packages
On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote:
That's nice of Jimmy to assist. Are you trying out the oVirt TCP feature or will you be using OAT for something else?
Actually the need was for OpenStack environment, but I'm going to test oVirt node too.
Gianluca
Thanks for the info. Note that openstack and ovirt are using the same OAT infra, but implementing the logic in a different way. Let me know f you have a specific use case so I'll be able to provide additional details.

Doron Fediuck <dfediuck@...> writes:
----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@...> To: "Doron Fediuck" <dfediuck@...> Cc: "Wei D Chen" <wei.d.chen@...>, "users" <users@...>, "Mei Yu" <mei.yu@...>, "Ofri Masad" <omasad@...>, "Gang Wei" <gang.wei@...> Sent: Tuesday, June 11, 2013 2:29:54 AM Subject: Re: [Users] Trusted Pools and CentOS 6 packages
On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote:
That's nice of Jimmy to assist. Are you trying out the oVirt TCP feature or will you be using OAT for something else?
Actually the need was for OpenStack environment, but I'm going to test oVirt node too.
Gianluca
Thanks for the info. Note that openstack and ovirt are using the same OAT infra, but implementing the logic in a different way. Let me know f you have a specific use case so I'll be able to provide additional details.
Hi, I have an environment where the oat-server is on a Ubuntu, while the compute hosts are CentOS servers. I have installed the packages for the oat-server from the Ubuntu repositories, and there is indeed a "ClientFiles" directory, but but it lacks installation files (just the following: endorsement.p12 install.bat lib OAT.properties OATprovisioner.properties PrivacyCA.cer TrustStore.jks) The questions are: * are there packages for centos 6.4 available? * how can the client files be generated by the oat-server? cheers, /Nicolae

----- Original Message -----
From: "Nicolae Paladi" <n.paladi@gmail.com> To: users@ovirt.org Sent: Friday, October 25, 2013 7:16:30 PM Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Doron Fediuck <dfediuck@...> writes:
----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@...> To: "Doron Fediuck" <dfediuck@...> Cc: "Wei D Chen" <wei.d.chen@...>, "users" <users@...>, "Mei Yu" <mei.yu@...>, "Ofri Masad" <omasad@...>, "Gang Wei" <gang.wei@...> Sent: Tuesday, June 11, 2013 2:29:54 AM Subject: Re: [Users] Trusted Pools and CentOS 6 packages
On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote:
That's nice of Jimmy to assist. Are you trying out the oVirt TCP feature or will you be using OAT for something else?
Actually the need was for OpenStack environment, but I'm going to test oVirt node too.
Gianluca
Thanks for the info. Note that openstack and ovirt are using the same OAT infra, but implementing the logic in a different way. Let me know f you have a specific use case so I'll be able to provide additional details.
Hi,
I have an environment where the oat-server is on a Ubuntu, while the compute hosts are CentOS servers.
I have installed the packages for the oat-server from the Ubuntu repositories, and there is indeed a "ClientFiles" directory, but but it lacks installation files (just the following: endorsement.p12 install.bat lib OAT.properties OATprovisioner.properties PrivacyCA.cer TrustStore.jks)
The questions are: * are there packages for centos 6.4 available? * how can the client files be generated by the oat-server?
cheers, /Nicolae
Hi Nicolae, Adding Jimmy for RPM updates. Jimmy, are you packaging the OAT for el6 and where can it be found? Also, some of the issues are available here: http://www.ovirt.org/Trusted_compute_pools_deployment Doron

------=_NextPart_000_01C3_01CED371.1F8973B0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Please refer to https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe. Jimmy
-----Original Message----- From: Doron Fediuck [mailto:dfediuck@redhat.com] Sent: Sunday, October 27, 2013 11:53 PM To: Nicolae Paladi Cc: users@ovirt.org; Wei, Gang Subject: Re: [Users] Trusted Pools and CentOS 6 packages
----- Original Message -----
From: "Nicolae Paladi" <n.paladi@gmail.com> To: users@ovirt.org Sent: Friday, October 25, 2013 7:16:30 PM Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Doron Fediuck <dfediuck@...> writes:
----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@...> To: "Doron Fediuck" <dfediuck@...> Cc: "Wei D Chen" <wei.d.chen@...>, "users" <users@...>, "Mei Yu" <mei.yu@...>, "Ofri Masad" <omasad@...>, "Gang Wei" <gang.wei@...> Sent: Tuesday, June 11, 2013 2:29:54 AM Subject: Re: [Users] Trusted Pools and CentOS 6 packages
On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote:
That's nice of Jimmy to assist. Are you trying out the oVirt TCP feature or will you be using OAT for something else?
Actually the need was for OpenStack environment, but I'm going to test oVirt node too.
Gianluca
Thanks for the info. Note that openstack and ovirt are using the same OAT infra, but implementing the logic in a different way. Let me know f you have a specific use case so I'll be able to provide additional details.
Hi,
I have an environment where the oat-server is on a Ubuntu, while the compute hosts are CentOS servers.
I have installed the packages for the oat-server from the Ubuntu repositories, and there is indeed a "ClientFiles" directory, but but it lacks installation files (just the following: endorsement.p12 install.bat lib OAT.properties OATprovisioner.properties PrivacyCA.cer TrustStore.jks)
The questions are: * are there packages for centos 6.4 available? * how can the client files be generated by the oat-server?
cheers, /Nicolae
Hi Nicolae, Adding Jimmy for RPM updates. Jimmy, are you packaging the OAT for el6 and where can it be found?
Also, some of the issues are available here: http://www.ovirt.org/Trusted_compute_pools_deployment
Doron
------=_NextPart_000_01C3_01CED371.1F8973B0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCIX4w ggMgMIICiaADAgECAgQ13vTPMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQK EwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HhcNOTgwODIyMTY0MTUxWhcNMTgwODIyMTY0MTUxWjBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMH RXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBXbFYZwhi7qCaLR8IbZEUaJgKHv7aBG8ThGIhw9F8 zp8F4LgB8E407OKKlQRkrPFrU18Fs8tngL9CAo7+3QEJ7OEAFE/8+/AM3UO6WyvhH4BwmRVXkxbx D5dqt8JoIxzMTVkwrFEeO68r1u5jRXvF2V9Q0uNQDzqI578U/eDHuQIDAQABo4IBCTCCAQUwcAYD VR0fBGkwZzBloGOgYaRfMF0xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQL EyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwGgYD VR0QBBMwEYEPMjAxODA4MjIxNjQxNTFaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBRI5mj5K9Ky lddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUSOZo+SvSspXXR9gjIBBPM5iQn9QwDAYDVR0TBAUwAwEB /zAaBgkqhkiG9n0HQQAEDTALGwVWMy4wYwMCBsAwDQYJKoZIhvcNAQEFBQADgYEAWM4p6vz33rXO ArkXtYXRuePglcwlMQ0AppJuf7aSY55QldGab+QR3mOFbpjuqP9ayNNVsmZxV97AIes9KqcjSQEE hkJ7/O5/ohZStWdn00DbOyZYsih3Pa4Ud2HW+ipmJ6AN+qdzXOpw8ZQhZURf+vzvKWipood573nv T6wHdzgwggM9MIICpqADAgECAgMFsP8wDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAO BgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhv cml0eTAeFw0wNjAyMTYxODAxMzBaFw0xNjAyMTkxODAxMzBaMFIxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjEnMCUGA1UEAxMeSW50ZWwgRXh0ZXJuYWwgQmFzaWMgUG9s aWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaXf1zm/UFahGfJkNdONk3Ti KtwEwyLFdsQ8rd9Mi8jEeVo7brNG59wfoXvPQYjTvyz+vqxcxMJQ+eT5V/hyxiCnjTRve3asnN9B RJRFI2c02RatjeHt5FSf1wBBIADc1fL/aqe6lsMboD4H3N8/QZGKLfgon6M3sRy2/4RGY/siEglO tZEWb7kkNBNdcmC+HUYHIJSXmh6N6F+e67yHJGi7GFef9QI/kfAzNT6ZPeuV0ACrB358k+wuEudE +JVZ+Jc9+sDnTWZ/83oBtc6eNZZ6ExX0+CrilSR+ce2A9aeim4CQii6L57oxrqIargTX3VyqWZL8 +qRr/ogtR2sCXQIDAQABo4GgMIGdMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUGsYMSsRHb6jb rSvw9FYGo+03VAwwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwDwYDVR0TAQH/ BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQATEDitpFSlSJVFsC03csCfntjvjwv7kJbSthd5Ucqz 3wZ+vbTpCD+EoAyTn7McqGyKzy3u+ZAS8Pg6JtdzgQ6fxDGSWdQoJUH1VfHKPZk92mTI0hhkIjIJ CS0d4zH6/dNH12So+V3qgifiT9JhISRhHVQmPhRZZLCY1fOnw66tUDCCBDYwggMeoAMCAQICAQEw DQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYD VQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0 ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMG8xCzAJBgNVBAYT AlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQ IE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC39xoz5vIABC054E5b7R+8bA/Ntfojts7emxEzl6QpTH2Tn71K vJPtAxrjj8/lbVBa1pcplFqAsEl62y6V/bjKvzc4LR4+kUGtcFbH8E8/6DKedMrIkFTpxl8PeJ2a QDwOrGGqXhSPnoehalDc15pOrwWzpnGUnHGzUGAKxxOdOAeGAqjpqGkmGJCrTLBPI6s6T4TY386f 4Wlvu9dC12tE5Met7m1BX3JacQg3s3llpFmglDf3AC8NwpJy2tA4ctsUqEXEXSp9t7TWxO6szRNE t8kr3UMAJfphuWlqWCMRt6czj1Z1WfXNKddGtworZbbTQm8Vsrh7++/pXVPVNFonAgMBAAGjgdww gdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQG EwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3 DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n /PYmE8eAFqW/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt 7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIF UdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZg D8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEMIIE6zCCA9OgAwIBAgIQUukC yhHoRJ2UZTgvoxowuzANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRk VHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQD ExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTEzMDMxOTAwMDAwMFoXDTIwMDUzMDEwNDgz OFoweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgG A1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElz c3VpbmcgQ0EgNEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgsMyAndhJVfoD2wT6 OMfdv4XddrzrPcssq7/pa+Mh29RvGejPaqe+X1QpAjewTXNRFDGt+C+0/Rs+C3W4PAB8tzofl6qf KL7sWs+xMYJHiDAOarVaRNCA0M1dSBvvV73/qx+r5Z8IOmLxJxqCXIsJGnumH9XrRxuK0G+dkV6U oIMGHffZLoobdsB2c0YH++TzpvAOVjqiYOzr9Gx83DNBXCj8zeg+u7HrLrPIihG6V+RUQ1szT/1G vNA6XIrhblWTgQSx9baOUJXhbzdAqpFxwAohTHDar8egdU9tsROusuYTpFFn/55aWQZaX6a3HjYc 6A6ZfQFF1NGj28fvJ4GjAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g JMtUGjAdBgNVHQ4EFgQUHmkqtNwo/kcYTiELP7ysES/wmPUwDgYDVR0PAQH/BAQDAgGGMBIGA1Ud EwEB/wQIMAYBAf8CAQAwNgYDVR0lBC8wLQYIKwYBBQUHAwQGCisGAQQBgjcKAwQGCisGAQQBgjcK AwwGCSsGAQQBgjcVBTAXBgNVHSAEEDAOMAwGCiqGSIb4TQEFAWkwSQYDVR0fBEIwQDA+oDygOoY4 aHR0cDovL2NybC50cnVzdC1wcm92aWRlci5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmww OgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC50cnVzdC1wcm92aWRlci5j b20wNQYDVR0eBC4wLKAqMAuBCWludGVsLmNvbTAboBkGCisGAQQBgjcUAgOgCwwJaW50ZWwuY29t MA0GCSqGSIb3DQEBBQUAA4IBAQApws2j/ZKjUmeiLwbtblDoVI+rV+bIpbexIN/Vqa/IeSMSB3bm fswpEcYSZHHGjOI8qlyZt9dhT4nSDnrScKjmA8XvxZ3tmbNyYJybVQUV8jF/DpADX1tGlMLxswxp JISXzLf0+DBr4cQ2ag9mwzrcN1nrOIOc+pxJtx9izyp3+bl3baulerkgZVS1fotftH+FJLD/ex8B OcEuCIm2KVXJjs4YaZgoIBLYjTiK29JLVa15xdO305kPI1uXsu05sGuAwuFmSklb6k5H1/eHlUbZ Lm4qQDtOH00L0ShJx3BAIAjD5RYptJDQiyPZQUvt8cq+apYpVMv3yxHO8jex40LgMIIFijCCBHKg AwIBAgIKYSCKYgAAAAAACDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMR SW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHkludGVsIEV4dGVybmFsIEJhc2ljIFBvbGljeSBD QTAeFw0wOTA1MTUxOTI3MjZaFw0xNTA1MTUxOTM3MjZaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQK ExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWlu ZyBDQSAzQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQEM1Wn9TU9vc9C+/Tc7KB+ eiYElmrcEWE32WUdHvWG+IcQHVQsikTmMyKKojNLw2B5s6Iekc8ivDo/wCfjZzX9JyftMnc+AArc 0la87Olybzm8K9jXEfTBvTnUSFSiI9ZYefITdiUgqlAFuljFZEHYKYtLuhrRacpmQfP4mV63NKdc 2bT804HRf6YptZFa4k6YN94zlrGNrBuQQ74WFzz/jLBusbUpEkro6Mu/ZYFOFWQrV9lBhF9Ruk8y N+3N6n9fUo/qBigiF2kEn9xVh1ykl7SCGL2jBUkXx4qgV27a6Si8lRRdgrHGtN/HWnSWlLXTH5l5 75H4Lq++77OFv38CAwEAAaOCAlwwggJYMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFA7GKvdZ sggQkCVvw939imYxMCvFMAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQB gjcVAgQWBBQ5oFY2ekKQ/5Ktim+VdMeSWb4QWTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAf BgNVHSMEGDAWgBQaxgxKxEdvqNutK/D0Vgaj7TdUDDCBvQYDVR0fBIG1MIGyMIGvoIGsoIGphk5o dHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFz aWMlMjBQb2xpY3klMjBDQS5jcmyGV2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9z aXRvcnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNybDCB4wYI KwYBBQUHAQEEgdYwgdMwYwYIKwYBBQUHMAKGV2h0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRv cnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNy dDBsBggrBgEFBQcwAoZgaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9j ZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EuY3J0MA0G CSqGSIb3DQEBBQUAA4IBAQCxtQEHchVQhXyjEqtMVUMe6gkmPsIczHxSeqNbo9dsD+6xbT65JT+o YgpIAtfEsYXeUJu1cChqpb22U5bMAz7eaQcW5bzefufWvA6lg2048B8oczBj/q+5P5NpYrUO8jOm N4jTjfJq3ElZ7yFWpy7rB3Vm/aN6ATYqWfMbS/xfh+JCxmH3droUmMJI0/aZJHsLtjbjFnNsHDNr JZX1vxlM78Lb1hjskTENPmhbVbfTj5i/ZGnhv4tmI8QZPCNtcegXJrfhRl2D9bWpdTOPrWiLDUqz y1Z6KL7TcOS/PCl8RHCJXkPau/thTQCpIoDa2+c+3XA++gRTfAQ4svTO260NMIIF+zCCBOOgAwIB AgIKHtX06gABAACWPTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRSW50 ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0Eg M0IwHhcNMTIwNjA4MDgwNTExWhcNMTUwNTE1MTkzNzI2WjA3MRIwEAYDVQQDEwlXZWksIEdhbmcx ITAfBgkqhkiG9w0BCQEWEmdhbmcud2VpQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALNyfS4yC6aDo3DZ/oId96Dvi8CB5SJyDUcMhpKWZtzqPX2mMOqQNgv4qAtHUjt4 ibyPSjGZ+0EM3r63384gGcVR8+uxiuijBIOCkis6oGQ+TmBl1i28KobkE4jNnLCES0keisfNdzO8 vAOxIFbT9KxQl1f1MfvsZfyGfFYB53gHCh1VxdZ7a2XKaON+l2YYx2p5xGGZtDDb61ajXSGvdHK+ qMIfo7LMoZmY42t5NawgizwcqBPUOLR+JXOtyGGiXZx3wZPeRmZx/eCMPBhSlfewpvUrK8W0kL59 1Lv0HeUVEJye2bOmlLo1DeIp6KH9JujFB33KhHXvNsugc9IYUVMCAwEAAaOCAugwggLkMAsGA1Ud DwQEAwIHgDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiGw4x1hJnlUYP9gSiFjp9TgpHACWeB 3r05lfBDAgFkAgEIMB0GA1UdDgQWBBQYdG5bBKSgjlBUQ6dpUm2vjlkEKDAfBgNVHSMEGDAWgBQO xir3WbIIEJAlb8Pd/YpmMTArxTCBzwYDVR0fBIHHMIHEMIHBoIG+oIG7hldodHRwOi8vd3d3Lmlu dGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5n JTIwQ0ElMjAzQigxKS5jcmyGYGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRv cnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNCKDEpLmNy bDCB9QYIKwYBBQUHAQEEgegwgeUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3Jl cG9zaXRvcnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3Vpbmcl MjBDQSUyMDNCKDEpLmNydDB1BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5j b20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNz dWluZyUyMENBJTIwM0IoMSkuY3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMCkG CSsGAQQBgjcVCgQcMBowCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDDDBBBgNVHREEOjA4oCIGCisG AQQBgjcUAgOgFAwSZ2FuZy53ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZI hvcNAQEFBQADggEBAHuycX8AxjwfC5zmWDh0QpY8vDSgyLXaUDYKm2+ATDJDn5kALJgxAqaThvqG TH+oz73HQ7L8v7QxM0Yp1IQd/k5GeqMzhuXEoPM4rcORlOlvRqxBJNZUuYwxvyYaUpLU1W8EsOB2 zB31ykzdXH93b6ZpfJk78eqZuq00xHxU9mw4PXlWPnn1NDBYD1JH/ufCmpFk6sBE2bBf2u2miBEw HoRUyoH1nbu78aOs4mE6fRC9NutIriNPI2790R3FAY8dLWl3nrpXs80TrUCptat61uNRJDH06KXe 81QCtvDVlBGbZ4gqWR3PZGsnJKeOLOO38PQvFFm1Xjs4DVYiPVYyCTIwggZfMIIFR6ADAgECAgoX k5lZAAIAACHzMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIG A1UEBxMLU2FudGEgQ2xhcmExGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMSswKQYDVQQDEyJJ bnRlbCBFeHRlcm5hbCBCYXNpYyBJc3N1aW5nIENBIDRBMB4XDTEzMDgxOTAwMzYzN1oXDTE2MDgw MzAwMzYzN1owNzESMBAGA1UEAxMJV2VpLCBHYW5nMSEwHwYJKoZIhvcNAQkBFhJnYW5nLndlaUBp bnRlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5n/5H2E4IaFTN6vf/5c8e QY+u2n0X6FBqaOcJLEjHxkruNV8FYsNtngjFToTw6+1/UagW/vCKKovY9xdFN4hzbfufpgKS3qDm r4xi0b4d9hKIItaClYfbfO90qdz/GuFJByWmjqqjWmzgS1gHP8lV/7skH8ykBPXP1pdbi9zsR5qc dY1J9pv6+80W/7t6a1Hc/YcxiGPWBIoxeEcOwyIUvHkB3YCNiTF/b8Yd2XP7WOS5dTCyTQznSc4f LWh4/+9uJ2DwNJSwmA3i/E8Ypuj2nkl2sON5XhHwLgZPAubbVetnE9GhYqC2gMPAtGdanjq89qLp HooNYxSz5DBZ/qGXAgMBAAGjggMpMIIDJTALBgNVHQ8EBAMCBDAwPQYJKwYBBAGCNxUHBDAwLgYm KwYBBAGCNxUIhsOMdYSZ5VGD/YEohY6fU4KRwAlnhLnZQYeE/04CAWQCAQ0wRAYJKoZIhvcNAQkP BDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMH MB0GA1UdDgQWBBQXPB4WAJS7jGIRmmWelsAl0gdIyzAfBgNVHSMEGDAWgBQeaSq03Cj+RxhOIQs/ vKwRL/CY9TCByQYDVR0fBIHBMIG+MIG7oIG4oIG1hlRodHRwOi8vd3d3LmludGVsLmNvbS9yZXBv c2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjA0QS5j cmyGXWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIw RXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBLmNybDCB9QYIKwYBBQUHAQEEgegw geUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlmaWNh dGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBKDIpLmNydDB1 BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0 aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwNEEoMiku Y3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMEMCkGCSsGAQQBgjcVCgQcMBowCgYI KwYBBQUHAwQwDAYKKwYBBAGCNwoDBDBBBgNVHREEOjA4oCIGCisGAQQBgjcUAgOgFAwSZ2FuZy53 ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZIhvcNAQEFBQADggEBABbAGh9L zr7TdotBWnVEUR2ZohZjdhIs7vMslFWmwYvuge2PkPTUhV6sUDWEE04S7+L+XUIvm5DOMCoqY+eJ RfIDxpbqAEQOSf8Ro+xR2zsohSgbNiN7ocjh6siCW2FsPfdV2jV12eDMM4IvT5J2aAMLlQ8LSRq5 g+vaXrp0lengXNIGEUxHeQRTkQEEc/UsixV1FVBhlUjF5c6qKzSOY4xV/OMeMmxzoLf+h41zU4da TYEeXeWsed//nrtoTVOYSJ3bko6kpnP/sOVKN1dmWZWi8h2hg3MP42mTZI+fiLCgBsCqNFlbfXeC /OornRiCqKrjk1KERzICUuIKXYbqN+ExggPiMIID3gIBATBkMFYxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNz dWluZyBDQSAzQgIKHtX06gABAACWPTANBglghkgBZQMEAgEFAKCCAk8wGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMxMDI3MTYwMzI1WjAvBgkqhkiG9w0BCQQxIgQg oKAbpz+776/4n2nyb/02AB/InjzkhxYOJYm9SejP+SEwgZgGCSsGAQQBgjcQBDGBijCBhzB5MQsw CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQKExFJ bnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBD QSA0QQIKF5OZWQACAAAh8zCBmgYLKoZIhvcNAQkQAgsxgYqggYcweTELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRp b24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0EgNEECCheTmVkAAgAA IfMwgasGCSqGSIb3DQEJDzGBnTCBmjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAoGCCqGSIb3 DQMHMAsGCWCGSAFlAwQBAjAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICAUAw DQYIKoZIhvcNAwICASgwCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwBwYF Kw4DAhowDQYJKoZIhvcNAQEBBQAEggEAVoJcm288Ij8FAMqyhaS4SWb2sDpwjL/8HBDbSczL78ga sy3Yy7q7qKq9EgPvlR21YdnPMDkh6nFhuS1vqF9M8f/x4eCuWZ5yIakXlJm5KN6mRADpAFt4zuNl cvqd9nzAOTVa3H2CzCYmB3rXlkuVr8AR5QjTe4XXlYQBv271+D0PPB/x/PAdqE+N2gCyzAimPW8D Ix31Hetsm02HZl7jGy2iPsrXPlCbtwNme2KPBDDGJihn4UsPi8XjjFJRFa6kqpn5Yecm2PAFEzR8 +Ybpvyr4hP9HtBT0fRvSX/6TKM7gm1mdB2jT7hnjklKGW1JOGiJpXlfH4+B3246ENr2AswAAAAAA AA== ------=_NextPart_000_01C3_01CED371.1F8973B0--

Awesome, thanks! I'll try this out in the morning /Nicolae On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> wrote:
Please refer to https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe .
Jimmy
-----Original Message----- From: Doron Fediuck [mailto:dfediuck@redhat.com] Sent: Sunday, October 27, 2013 11:53 PM To: Nicolae Paladi Cc: users@ovirt.org; Wei, Gang Subject: Re: [Users] Trusted Pools and CentOS 6 packages
----- Original Message -----
From: "Nicolae Paladi" <n.paladi@gmail.com> To: users@ovirt.org Sent: Friday, October 25, 2013 7:16:30 PM Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Doron Fediuck <dfediuck@...> writes:
----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@...> To: "Doron Fediuck" <dfediuck@...> Cc: "Wei D Chen" <wei.d.chen@...>, "users" <users@...>, "Mei Yu" <mei.yu@...>, "Ofri Masad" <omasad@...>, "Gang Wei" <gang.wei@...> Sent: Tuesday, June 11, 2013 2:29:54 AM Subject: Re: [Users] Trusted Pools and CentOS 6 packages
On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote:
That's nice of Jimmy to assist. Are you trying out the oVirt TCP feature or will you be using OAT for something else?
Actually the need was for OpenStack environment, but I'm going to
test
oVirt node too.
Gianluca
Thanks for the info. Note that openstack and ovirt are using the same OAT infra, but implementing the logic in a different way. Let me know f you have a specific use case so I'll be able to provide additional details.
Hi,
I have an environment where the oat-server is on a Ubuntu, while the compute hosts are CentOS servers.
I have installed the packages for the oat-server from the Ubuntu repositories, and there is indeed a "ClientFiles" directory, but but it lacks installation files (just the following: endorsement.p12 install.bat lib OAT.properties OATprovisioner.properties PrivacyCA.cer TrustStore.jks)
The questions are: * are there packages for centos 6.4 available? * how can the client files be generated by the oat-server?
cheers, /Nicolae
Hi Nicolae, Adding Jimmy for RPM updates. Jimmy, are you packaging the OAT for el6 and where can it be found?
Also, some of the issues are available here: http://www.ovirt.org/Trusted_compute_pools_deployment
Doron

Hi, I've followed the recipe ( https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe) but didn't get it to run yet; I think a step is missing -- the AIK is not available is /usr/share/oat-client (it was not available in /var/lig/oat-appraiser/ClientFiles either); when I try to run provisioner.sh, I get the following: provisioner.sh: line 7: systemctl: command not found ### ecStorage = NVRAM### Performing TPM provisioning...710 DONE Successfully initialized TPM Performing HIS identity provisioning...FAILED java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215) at gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:292) at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:225) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:137) at java.io.FileInputStream.<init>(FileInputStream.java:96) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99) Failed to register identity with appraiser, error 1 Thanks, /Nicolae On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote:
Awesome, thanks!
I'll try this out in the morning
/Nicolae
On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> wrote:
Please refer to
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe .
Jimmy
-----Original Message----- From: Doron Fediuck [mailto:dfediuck@redhat.com] Sent: Sunday, October 27, 2013 11:53 PM To: Nicolae Paladi Cc: users@ovirt.org; Wei, Gang Subject: Re: [Users] Trusted Pools and CentOS 6 packages
----- Original Message -----
From: "Nicolae Paladi" <n.paladi@gmail.com> To: users@ovirt.org Sent: Friday, October 25, 2013 7:16:30 PM Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Doron Fediuck <dfediuck@...> writes:
----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@...> To: "Doron Fediuck" <dfediuck@...> Cc: "Wei D Chen" <wei.d.chen@...>, "users" <users@...>, "Mei Yu" <mei.yu@...>, "Ofri Masad" <omasad@...>, "Gang Wei" <gang.wei@...> Sent: Tuesday, June 11, 2013 2:29:54 AM Subject: Re: [Users] Trusted Pools and CentOS 6 packages
On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote:
> > That's nice of Jimmy to assist. > Are you trying out the oVirt TCP feature or will you be using
OAT
> for something else?
Actually the need was for OpenStack environment, but I'm going to test oVirt node too.
Gianluca
Thanks for the info. Note that openstack and ovirt are using the same OAT infra, but implementing the logic in a different way. Let me know f you have a specific use case so I'll be able to provide additional details.
Hi,
I have an environment where the oat-server is on a Ubuntu, while the compute hosts are CentOS servers.
I have installed the packages for the oat-server from the Ubuntu repositories, and there is indeed a "ClientFiles" directory, but but it lacks installation files (just the following: endorsement.p12 install.bat lib OAT.properties OATprovisioner.properties PrivacyCA.cer TrustStore.jks)
The questions are: * are there packages for centos 6.4 available? * how can the client files be generated by the oat-server?
cheers, /Nicolae
Hi Nicolae, Adding Jimmy for RPM updates. Jimmy, are you packaging the OAT for el6 and where can it be found?
Also, some of the issues are available here: http://www.ovirt.org/Trusted_compute_pools_deployment
Doron

------=_NextPart_000_0363_01CED725.D92F98A0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable This is indeed an issue caused by the incompatibility between OAT tpm = access code & tpm-tools(tpm_takeownership -z). It has already been fixed. = Please follow below wiki and try again. https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Reci= pe. Thanks Jimmy Nicolae Paladi wrote on=A02013-10-28:
Hi, I've followed the recipe = (https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec=
i pe) but didn't get it to run yet; I think a step is missing -- the = AIK is not available is /usr/share/oat-client (it was not available in /var/lig/oat-appraiser/ClientFiles either); when I try to run provisioner.sh, I get the following: provisioner.sh: line 7: = systemctl: command not found ### ecStorage =3D NVRAM### Performing TPM provisioning...710 DONE Successfully initialized TPM Performing HIS identity provisioning...FAILED java.util.NoSuchElementException at = java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21 5) at = gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:2= 9 2) at = gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione=
r.java: 225) Failed to receive AIC from Privacy CA, error 1 = Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:137) at java.io.FileInputStream.<init>(FileInputStream.java:96) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java= :99 )
Failed to register identity with appraiser, error 1 =20 =20 =20 Thanks, /Nicolae =20 =20 On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote: =20 =20 Awesome, thanks! =20 I'll try this out in the morning =20 /Nicolae =20 =20 On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> wrote: =20 =20 Please refer to =20
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
Recipe. =20 Jimmy
------=_NextPart_000_0363_01CED725.D92F98A0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCIX4w ggMgMIICiaADAgECAgQ13vTPMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQK EwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HhcNOTgwODIyMTY0MTUxWhcNMTgwODIyMTY0MTUxWjBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMH RXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBXbFYZwhi7qCaLR8IbZEUaJgKHv7aBG8ThGIhw9F8 zp8F4LgB8E407OKKlQRkrPFrU18Fs8tngL9CAo7+3QEJ7OEAFE/8+/AM3UO6WyvhH4BwmRVXkxbx D5dqt8JoIxzMTVkwrFEeO68r1u5jRXvF2V9Q0uNQDzqI578U/eDHuQIDAQABo4IBCTCCAQUwcAYD VR0fBGkwZzBloGOgYaRfMF0xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQL EyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwGgYD VR0QBBMwEYEPMjAxODA4MjIxNjQxNTFaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBRI5mj5K9Ky lddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUSOZo+SvSspXXR9gjIBBPM5iQn9QwDAYDVR0TBAUwAwEB /zAaBgkqhkiG9n0HQQAEDTALGwVWMy4wYwMCBsAwDQYJKoZIhvcNAQEFBQADgYEAWM4p6vz33rXO ArkXtYXRuePglcwlMQ0AppJuf7aSY55QldGab+QR3mOFbpjuqP9ayNNVsmZxV97AIes9KqcjSQEE hkJ7/O5/ohZStWdn00DbOyZYsih3Pa4Ud2HW+ipmJ6AN+qdzXOpw8ZQhZURf+vzvKWipood573nv T6wHdzgwggM9MIICpqADAgECAgMFsP8wDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAO BgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhv cml0eTAeFw0wNjAyMTYxODAxMzBaFw0xNjAyMTkxODAxMzBaMFIxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjEnMCUGA1UEAxMeSW50ZWwgRXh0ZXJuYWwgQmFzaWMgUG9s aWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaXf1zm/UFahGfJkNdONk3Ti KtwEwyLFdsQ8rd9Mi8jEeVo7brNG59wfoXvPQYjTvyz+vqxcxMJQ+eT5V/hyxiCnjTRve3asnN9B RJRFI2c02RatjeHt5FSf1wBBIADc1fL/aqe6lsMboD4H3N8/QZGKLfgon6M3sRy2/4RGY/siEglO tZEWb7kkNBNdcmC+HUYHIJSXmh6N6F+e67yHJGi7GFef9QI/kfAzNT6ZPeuV0ACrB358k+wuEudE +JVZ+Jc9+sDnTWZ/83oBtc6eNZZ6ExX0+CrilSR+ce2A9aeim4CQii6L57oxrqIargTX3VyqWZL8 +qRr/ogtR2sCXQIDAQABo4GgMIGdMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUGsYMSsRHb6jb rSvw9FYGo+03VAwwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwDwYDVR0TAQH/ BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQATEDitpFSlSJVFsC03csCfntjvjwv7kJbSthd5Ucqz 3wZ+vbTpCD+EoAyTn7McqGyKzy3u+ZAS8Pg6JtdzgQ6fxDGSWdQoJUH1VfHKPZk92mTI0hhkIjIJ CS0d4zH6/dNH12So+V3qgifiT9JhISRhHVQmPhRZZLCY1fOnw66tUDCCBDYwggMeoAMCAQICAQEw DQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYD VQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0 ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMG8xCzAJBgNVBAYT AlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQ IE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC39xoz5vIABC054E5b7R+8bA/Ntfojts7emxEzl6QpTH2Tn71K vJPtAxrjj8/lbVBa1pcplFqAsEl62y6V/bjKvzc4LR4+kUGtcFbH8E8/6DKedMrIkFTpxl8PeJ2a QDwOrGGqXhSPnoehalDc15pOrwWzpnGUnHGzUGAKxxOdOAeGAqjpqGkmGJCrTLBPI6s6T4TY386f 4Wlvu9dC12tE5Met7m1BX3JacQg3s3llpFmglDf3AC8NwpJy2tA4ctsUqEXEXSp9t7TWxO6szRNE t8kr3UMAJfphuWlqWCMRt6czj1Z1WfXNKddGtworZbbTQm8Vsrh7++/pXVPVNFonAgMBAAGjgdww gdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQG EwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3 DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n /PYmE8eAFqW/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt 7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIF UdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZg D8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEMIIE6zCCA9OgAwIBAgIQUukC yhHoRJ2UZTgvoxowuzANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRk VHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQD ExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTEzMDMxOTAwMDAwMFoXDTIwMDUzMDEwNDgz OFoweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgG A1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElz c3VpbmcgQ0EgNEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgsMyAndhJVfoD2wT6 OMfdv4XddrzrPcssq7/pa+Mh29RvGejPaqe+X1QpAjewTXNRFDGt+C+0/Rs+C3W4PAB8tzofl6qf KL7sWs+xMYJHiDAOarVaRNCA0M1dSBvvV73/qx+r5Z8IOmLxJxqCXIsJGnumH9XrRxuK0G+dkV6U oIMGHffZLoobdsB2c0YH++TzpvAOVjqiYOzr9Gx83DNBXCj8zeg+u7HrLrPIihG6V+RUQ1szT/1G vNA6XIrhblWTgQSx9baOUJXhbzdAqpFxwAohTHDar8egdU9tsROusuYTpFFn/55aWQZaX6a3HjYc 6A6ZfQFF1NGj28fvJ4GjAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g JMtUGjAdBgNVHQ4EFgQUHmkqtNwo/kcYTiELP7ysES/wmPUwDgYDVR0PAQH/BAQDAgGGMBIGA1Ud EwEB/wQIMAYBAf8CAQAwNgYDVR0lBC8wLQYIKwYBBQUHAwQGCisGAQQBgjcKAwQGCisGAQQBgjcK AwwGCSsGAQQBgjcVBTAXBgNVHSAEEDAOMAwGCiqGSIb4TQEFAWkwSQYDVR0fBEIwQDA+oDygOoY4 aHR0cDovL2NybC50cnVzdC1wcm92aWRlci5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmww OgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC50cnVzdC1wcm92aWRlci5j b20wNQYDVR0eBC4wLKAqMAuBCWludGVsLmNvbTAboBkGCisGAQQBgjcUAgOgCwwJaW50ZWwuY29t MA0GCSqGSIb3DQEBBQUAA4IBAQApws2j/ZKjUmeiLwbtblDoVI+rV+bIpbexIN/Vqa/IeSMSB3bm fswpEcYSZHHGjOI8qlyZt9dhT4nSDnrScKjmA8XvxZ3tmbNyYJybVQUV8jF/DpADX1tGlMLxswxp JISXzLf0+DBr4cQ2ag9mwzrcN1nrOIOc+pxJtx9izyp3+bl3baulerkgZVS1fotftH+FJLD/ex8B OcEuCIm2KVXJjs4YaZgoIBLYjTiK29JLVa15xdO305kPI1uXsu05sGuAwuFmSklb6k5H1/eHlUbZ Lm4qQDtOH00L0ShJx3BAIAjD5RYptJDQiyPZQUvt8cq+apYpVMv3yxHO8jex40LgMIIFijCCBHKg AwIBAgIKYSCKYgAAAAAACDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMR SW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHkludGVsIEV4dGVybmFsIEJhc2ljIFBvbGljeSBD QTAeFw0wOTA1MTUxOTI3MjZaFw0xNTA1MTUxOTM3MjZaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQK ExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWlu ZyBDQSAzQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQEM1Wn9TU9vc9C+/Tc7KB+ eiYElmrcEWE32WUdHvWG+IcQHVQsikTmMyKKojNLw2B5s6Iekc8ivDo/wCfjZzX9JyftMnc+AArc 0la87Olybzm8K9jXEfTBvTnUSFSiI9ZYefITdiUgqlAFuljFZEHYKYtLuhrRacpmQfP4mV63NKdc 2bT804HRf6YptZFa4k6YN94zlrGNrBuQQ74WFzz/jLBusbUpEkro6Mu/ZYFOFWQrV9lBhF9Ruk8y N+3N6n9fUo/qBigiF2kEn9xVh1ykl7SCGL2jBUkXx4qgV27a6Si8lRRdgrHGtN/HWnSWlLXTH5l5 75H4Lq++77OFv38CAwEAAaOCAlwwggJYMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFA7GKvdZ sggQkCVvw939imYxMCvFMAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQB gjcVAgQWBBQ5oFY2ekKQ/5Ktim+VdMeSWb4QWTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAf BgNVHSMEGDAWgBQaxgxKxEdvqNutK/D0Vgaj7TdUDDCBvQYDVR0fBIG1MIGyMIGvoIGsoIGphk5o dHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFz aWMlMjBQb2xpY3klMjBDQS5jcmyGV2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9z aXRvcnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNybDCB4wYI KwYBBQUHAQEEgdYwgdMwYwYIKwYBBQUHMAKGV2h0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRv cnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNy dDBsBggrBgEFBQcwAoZgaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9j ZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EuY3J0MA0G CSqGSIb3DQEBBQUAA4IBAQCxtQEHchVQhXyjEqtMVUMe6gkmPsIczHxSeqNbo9dsD+6xbT65JT+o YgpIAtfEsYXeUJu1cChqpb22U5bMAz7eaQcW5bzefufWvA6lg2048B8oczBj/q+5P5NpYrUO8jOm N4jTjfJq3ElZ7yFWpy7rB3Vm/aN6ATYqWfMbS/xfh+JCxmH3droUmMJI0/aZJHsLtjbjFnNsHDNr JZX1vxlM78Lb1hjskTENPmhbVbfTj5i/ZGnhv4tmI8QZPCNtcegXJrfhRl2D9bWpdTOPrWiLDUqz y1Z6KL7TcOS/PCl8RHCJXkPau/thTQCpIoDa2+c+3XA++gRTfAQ4svTO260NMIIF+zCCBOOgAwIB AgIKHtX06gABAACWPTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRSW50 ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0Eg M0IwHhcNMTIwNjA4MDgwNTExWhcNMTUwNTE1MTkzNzI2WjA3MRIwEAYDVQQDEwlXZWksIEdhbmcx ITAfBgkqhkiG9w0BCQEWEmdhbmcud2VpQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALNyfS4yC6aDo3DZ/oId96Dvi8CB5SJyDUcMhpKWZtzqPX2mMOqQNgv4qAtHUjt4 ibyPSjGZ+0EM3r63384gGcVR8+uxiuijBIOCkis6oGQ+TmBl1i28KobkE4jNnLCES0keisfNdzO8 vAOxIFbT9KxQl1f1MfvsZfyGfFYB53gHCh1VxdZ7a2XKaON+l2YYx2p5xGGZtDDb61ajXSGvdHK+ qMIfo7LMoZmY42t5NawgizwcqBPUOLR+JXOtyGGiXZx3wZPeRmZx/eCMPBhSlfewpvUrK8W0kL59 1Lv0HeUVEJye2bOmlLo1DeIp6KH9JujFB33KhHXvNsugc9IYUVMCAwEAAaOCAugwggLkMAsGA1Ud DwQEAwIHgDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiGw4x1hJnlUYP9gSiFjp9TgpHACWeB 3r05lfBDAgFkAgEIMB0GA1UdDgQWBBQYdG5bBKSgjlBUQ6dpUm2vjlkEKDAfBgNVHSMEGDAWgBQO xir3WbIIEJAlb8Pd/YpmMTArxTCBzwYDVR0fBIHHMIHEMIHBoIG+oIG7hldodHRwOi8vd3d3Lmlu dGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5n JTIwQ0ElMjAzQigxKS5jcmyGYGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRv cnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNCKDEpLmNy bDCB9QYIKwYBBQUHAQEEgegwgeUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3Jl cG9zaXRvcnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3Vpbmcl MjBDQSUyMDNCKDEpLmNydDB1BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5j b20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNz dWluZyUyMENBJTIwM0IoMSkuY3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMCkG CSsGAQQBgjcVCgQcMBowCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDDDBBBgNVHREEOjA4oCIGCisG AQQBgjcUAgOgFAwSZ2FuZy53ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZI hvcNAQEFBQADggEBAHuycX8AxjwfC5zmWDh0QpY8vDSgyLXaUDYKm2+ATDJDn5kALJgxAqaThvqG TH+oz73HQ7L8v7QxM0Yp1IQd/k5GeqMzhuXEoPM4rcORlOlvRqxBJNZUuYwxvyYaUpLU1W8EsOB2 zB31ykzdXH93b6ZpfJk78eqZuq00xHxU9mw4PXlWPnn1NDBYD1JH/ufCmpFk6sBE2bBf2u2miBEw HoRUyoH1nbu78aOs4mE6fRC9NutIriNPI2790R3FAY8dLWl3nrpXs80TrUCptat61uNRJDH06KXe 81QCtvDVlBGbZ4gqWR3PZGsnJKeOLOO38PQvFFm1Xjs4DVYiPVYyCTIwggZfMIIFR6ADAgECAgoX k5lZAAIAACHzMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIG A1UEBxMLU2FudGEgQ2xhcmExGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMSswKQYDVQQDEyJJ bnRlbCBFeHRlcm5hbCBCYXNpYyBJc3N1aW5nIENBIDRBMB4XDTEzMDgxOTAwMzYzN1oXDTE2MDgw MzAwMzYzN1owNzESMBAGA1UEAxMJV2VpLCBHYW5nMSEwHwYJKoZIhvcNAQkBFhJnYW5nLndlaUBp bnRlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5n/5H2E4IaFTN6vf/5c8e QY+u2n0X6FBqaOcJLEjHxkruNV8FYsNtngjFToTw6+1/UagW/vCKKovY9xdFN4hzbfufpgKS3qDm r4xi0b4d9hKIItaClYfbfO90qdz/GuFJByWmjqqjWmzgS1gHP8lV/7skH8ykBPXP1pdbi9zsR5qc dY1J9pv6+80W/7t6a1Hc/YcxiGPWBIoxeEcOwyIUvHkB3YCNiTF/b8Yd2XP7WOS5dTCyTQznSc4f LWh4/+9uJ2DwNJSwmA3i/E8Ypuj2nkl2sON5XhHwLgZPAubbVetnE9GhYqC2gMPAtGdanjq89qLp HooNYxSz5DBZ/qGXAgMBAAGjggMpMIIDJTALBgNVHQ8EBAMCBDAwPQYJKwYBBAGCNxUHBDAwLgYm KwYBBAGCNxUIhsOMdYSZ5VGD/YEohY6fU4KRwAlnhLnZQYeE/04CAWQCAQ0wRAYJKoZIhvcNAQkP BDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMH MB0GA1UdDgQWBBQXPB4WAJS7jGIRmmWelsAl0gdIyzAfBgNVHSMEGDAWgBQeaSq03Cj+RxhOIQs/ vKwRL/CY9TCByQYDVR0fBIHBMIG+MIG7oIG4oIG1hlRodHRwOi8vd3d3LmludGVsLmNvbS9yZXBv c2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjA0QS5j cmyGXWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIw RXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBLmNybDCB9QYIKwYBBQUHAQEEgegw geUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlmaWNh dGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBKDIpLmNydDB1 BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0 aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwNEEoMiku Y3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMEMCkGCSsGAQQBgjcVCgQcMBowCgYI KwYBBQUHAwQwDAYKKwYBBAGCNwoDBDBBBgNVHREEOjA4oCIGCisGAQQBgjcUAgOgFAwSZ2FuZy53 ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZIhvcNAQEFBQADggEBABbAGh9L zr7TdotBWnVEUR2ZohZjdhIs7vMslFWmwYvuge2PkPTUhV6sUDWEE04S7+L+XUIvm5DOMCoqY+eJ RfIDxpbqAEQOSf8Ro+xR2zsohSgbNiN7ocjh6siCW2FsPfdV2jV12eDMM4IvT5J2aAMLlQ8LSRq5 g+vaXrp0lengXNIGEUxHeQRTkQEEc/UsixV1FVBhlUjF5c6qKzSOY4xV/OMeMmxzoLf+h41zU4da TYEeXeWsed//nrtoTVOYSJ3bko6kpnP/sOVKN1dmWZWi8h2hg3MP42mTZI+fiLCgBsCqNFlbfXeC /OornRiCqKrjk1KERzICUuIKXYbqN+ExggPiMIID3gIBATBkMFYxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNz dWluZyBDQSAzQgIKHtX06gABAACWPTANBglghkgBZQMEAgEFAKCCAk8wGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMxMTAxMDkxNDM5WjAvBgkqhkiG9w0BCQQxIgQg flw93zPxu3u3LnT+wzaDjT/Qj/aGGaovWNIbjwlsAWowgZgGCSsGAQQBgjcQBDGBijCBhzB5MQsw CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQKExFJ bnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBD QSA0QQIKF5OZWQACAAAh8zCBmgYLKoZIhvcNAQkQAgsxgYqggYcweTELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRp b24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0EgNEECCheTmVkAAgAA IfMwgasGCSqGSIb3DQEJDzGBnTCBmjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAoGCCqGSIb3 DQMHMAsGCWCGSAFlAwQBAjAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICAUAw DQYIKoZIhvcNAwICASgwCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwBwYF Kw4DAhowDQYJKoZIhvcNAQEBBQAEggEAO7VCa3eW95HhVPCMgbFvLkXvWD80GI2elKE6nJkplkxM wmFZ40o9xtGGcjv37w2tqnGCoU2fO+bJ8qSwk3slIBNqZOBIYDXMTIh2esPjYHvvEBREoGzcUzM5 /Jt+HQ1t1DYt6HmHjIkXmVZwbrRl7o2jQ9+JIY5FxXXmChLYIClhTuJWDjI3KJnnSDGbLrEvp3KR Snke63/dJBRk5C+IKsYURRYu+HmNCw6BtiaXh7uynADnCYP2dXHuwYKETxGmR1f0t5twaqXUvftc 5q1+rg+l425POT77ajXxhP6M/XEwsHlzEaP6Ln06jrPa4IhZduRJkB+crf6tlsfFqQIKuwAAAAAA AA== ------=_NextPart_000_0363_01CED725.D92F98A0--

Hi, thank you for the feedback; I've gone through the steps again, but obtained the exactly same problem: 1. I removed all of the previously installed packaged related to OAT. 2. I followed the tutorial, until this command: bash provisioner.sh provisioner.sh: line 7: systemctl: command not found ### ecStorage = NVRAM### Performing TPM provisioning...FAILED javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactorySe.... It failed with: Connection refused. at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:162) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:144) at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:265) at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228) at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176) at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104) at javax.xml.ws.Service.<init>(Service.java:77) at gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebService2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryServiceService.java:42) at gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2ClientInvoker.java:32) at gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205) Caused by: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:579) at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) at sun.net.NetworkClient.doConnect(NetworkClient.java:180) at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at java.net.URL.openStream(URL.java:1037) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:804) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:262) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:129) ... 8 more Failed to initialize the TPM, error 1 Performing HIS identity provisioning...FAILED gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2() at gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594) at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:217) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at java.io.FileInputStream.<init>(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99) Failed to register identity with appraiser, error 1 Should I have updated anything else? cheers, /Nicolae. On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote:
This is indeed an issue caused by the incompatibility between OAT tpm access code & tpm-tools(tpm_takeownership -z). It has already been fixed. Please follow below wiki and try again. https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe .
Thanks Jimmy
Nicolae Paladi wrote on 2013-10-28:
Hi, I've followed the recipe ( https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec i pe) but didn't get it to run yet; I think a step is missing -- the AIK is not available is /usr/share/oat-client (it was not available in /var/lig/oat-appraiser/ClientFiles either); when I try to run provisioner.sh, I get the following: provisioner.sh: line 7: systemctl: command not found ### ecStorage = NVRAM### Performing TPM provisioning...710 DONE Successfully initialized TPM Performing HIS identity provisioning...FAILED java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21 5) at
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
2) at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione r.java: 225) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:137) at java.io.FileInputStream.<init>(FileInputStream.java:96) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 )
Failed to register identity with appraiser, error 1
Thanks, /Nicolae
On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote:
Awesome, thanks!
I'll try this out in the morning
/Nicolae
On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> wrote:
Please refer to
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
Recipe.
Jimmy

As I understand it, isn't the core issue that "/usr/share/oat-client/aik.cer" is never generated and causes the error, since it is missing? /Nicolae On 13 November 2013 12:01, Nicolae Paladi <n.paladi@gmail.com> wrote:
Hi,
thank you for the feedback; I've gone through the steps again, but obtained the exactly same problem:
1. I removed all of the previously installed packaged related to OAT.
2. I followed the tutorial, until this command:
bash provisioner.sh provisioner.sh: line 7: systemctl: command not found ### ecStorage = NVRAM### Performing TPM provisioning...FAILED javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactorySe.... It failed with: Connection refused. at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:162) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:144) at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:265) at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228) at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176) at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104) at javax.xml.ws.Service.<init>(Service.java:77) at gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebService2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryServiceService.java:42) at gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2ClientInvoker.java:32) at gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205) Caused by: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:579) at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) at sun.net.NetworkClient.doConnect(NetworkClient.java:180) at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at java.net.URL.openStream(URL.java:1037) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:804) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:262) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:129) ... 8 more Failed to initialize the TPM, error 1 Performing HIS identity provisioning...FAILED gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2() at gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594) at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:217) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at java.io.FileInputStream.<init>(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99) Failed to register identity with appraiser, error 1
Should I have updated anything else?
cheers, /Nicolae.
On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote:
This is indeed an issue caused by the incompatibility between OAT tpm access code & tpm-tools(tpm_takeownership -z). It has already been fixed. Please follow below wiki and try again.
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe .
Thanks Jimmy
Nicolae Paladi wrote on 2013-10-28:
Hi, I've followed the recipe ( https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec i pe) but didn't get it to run yet; I think a step is missing -- the AIK is not available is /usr/share/oat-client (it was not available in /var/lig/oat-appraiser/ClientFiles either); when I try to run provisioner.sh, I get the following: provisioner.sh: line 7: systemctl: command not found ### ecStorage = NVRAM### Performing TPM provisioning...710 DONE Successfully initialized TPM Performing HIS identity provisioning...FAILED java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21 5) at
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
2) at
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
r.java: 225) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:137) at java.io.FileInputStream.<init>(FileInputStream.java:96) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 )
Failed to register identity with appraiser, error 1
Thanks, /Nicolae
On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote:
Awesome, thanks!
I'll try this out in the morning
/Nicolae
On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> wrote:
Please refer to
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
Recipe.
Jimmy

------=_NextPart_000_00D6_01CEE0B9.4D8AD9C0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit This time it failed earlier. Looks like the PCA webservice2 was not listening on 8443 port. Have you replaced the port 8443 with 8442 in server side ($TOMCAT_HOME/conf/server.xml) but not change it in client side (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied by another app? Please copy the content from your current server.xml, OAT_client.sh, provisioner.sh and /etc/oat-client/* into the content of your reply for analysis. (don't attach *.sh as attachments, that will get filtered by my company's mailing system). Thanks Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 7:01 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
thank you for the feedback; I've gone through the steps again, but obtained the exactly same problem:
1. I removed all of the previously installed packaged related to OAT.
2. I followed the tutorial, until this command:
bash provisioner.sh
provisioner.sh: line 7: systemctl: command not found ### ecStorage = NVRAM### Performing TPM provisioning...FAILED javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor yService?wsdl. It failed with: Connection refused. at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP arser.java:162) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j ava:144) at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav a:265) at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228) at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176) at
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104
) at javax.xml.ws.Service.<init>(Service.java:77) at
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebSer
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryServiceServi
ce.java:42) at
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebSer
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli entInvoker.java:32) at gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205) Caused by: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339
) at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.j
ava:200) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:579) at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) at sun.net.NetworkClient.doConnect(NetworkClient.java:180) at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt tpClient(AbstractDelegateHttpsURLConnection.java:191) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec tion.java:932) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A bstractDelegateHttpsURLConnection.java:177) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn ection.java:1300) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU RLConnectionImpl.java:254) at java.net.URL.openStream(URL.java:1037) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD LParser.java:804) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL Parser.java:262) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j ava:129) ... 8 more Failed to initialize the TPM, error 1 Performing HIS identity provisioning...FAILED gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2() at gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594) at
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j ava:
217) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at java.io.FileInputStream.<init>(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 )
Failed to register identity with appraiser, error 1
Should I have updated anything else?
cheers, /Nicolae.
On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote:
This is indeed an issue caused by the incompatibility between OAT tpm access code & tpm-tools(tpm_takeownership -z). It has already been fixed. Please follow below wiki and try again.
Recipe.
Thanks Jimmy
Nicolae Paladi wrote on 2013-10-28:
Hi, I've followed the recipe
(https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
i pe) but didn't get it to run yet; I think a step is missing --
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL- the AIK
is not available is /usr/share/oat-client (it was not available in /var/lig/oat-appraiser/ClientFiles either); when I try to run provisioner.sh, I get the following: provisioner.sh: line 7:
systemctl:
command not found ### ecStorage = NVRAM### Performing TPM provisioning...710 DONE Successfully initialized TPM Performing HIS identity provisioning...FAILED java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
5) at
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
2) at
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
r.java: 225) Failed to receive AIC from Privacy CA, error 1 Registering
identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:137) at java.io.FileInputStream.<init>(FileInputStream.java:96) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
9 )
Failed to register identity with appraiser, error 1
Thanks, /Nicolae
On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote:
Awesome, thanks!
I'll try this out in the morning
/Nicolae
On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> wrote:
Please refer to
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
Recipe.
Jimmy
------=_NextPart_000_00D6_01CEE0B9.4D8AD9C0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCIX4w ggMgMIICiaADAgECAgQ13vTPMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQK EwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HhcNOTgwODIyMTY0MTUxWhcNMTgwODIyMTY0MTUxWjBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMH RXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBXbFYZwhi7qCaLR8IbZEUaJgKHv7aBG8ThGIhw9F8 zp8F4LgB8E407OKKlQRkrPFrU18Fs8tngL9CAo7+3QEJ7OEAFE/8+/AM3UO6WyvhH4BwmRVXkxbx D5dqt8JoIxzMTVkwrFEeO68r1u5jRXvF2V9Q0uNQDzqI578U/eDHuQIDAQABo4IBCTCCAQUwcAYD VR0fBGkwZzBloGOgYaRfMF0xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQL EyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwGgYD VR0QBBMwEYEPMjAxODA4MjIxNjQxNTFaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBRI5mj5K9Ky lddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUSOZo+SvSspXXR9gjIBBPM5iQn9QwDAYDVR0TBAUwAwEB /zAaBgkqhkiG9n0HQQAEDTALGwVWMy4wYwMCBsAwDQYJKoZIhvcNAQEFBQADgYEAWM4p6vz33rXO ArkXtYXRuePglcwlMQ0AppJuf7aSY55QldGab+QR3mOFbpjuqP9ayNNVsmZxV97AIes9KqcjSQEE hkJ7/O5/ohZStWdn00DbOyZYsih3Pa4Ud2HW+ipmJ6AN+qdzXOpw8ZQhZURf+vzvKWipood573nv T6wHdzgwggM9MIICpqADAgECAgMFsP8wDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAO BgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhv cml0eTAeFw0wNjAyMTYxODAxMzBaFw0xNjAyMTkxODAxMzBaMFIxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjEnMCUGA1UEAxMeSW50ZWwgRXh0ZXJuYWwgQmFzaWMgUG9s aWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaXf1zm/UFahGfJkNdONk3Ti KtwEwyLFdsQ8rd9Mi8jEeVo7brNG59wfoXvPQYjTvyz+vqxcxMJQ+eT5V/hyxiCnjTRve3asnN9B RJRFI2c02RatjeHt5FSf1wBBIADc1fL/aqe6lsMboD4H3N8/QZGKLfgon6M3sRy2/4RGY/siEglO tZEWb7kkNBNdcmC+HUYHIJSXmh6N6F+e67yHJGi7GFef9QI/kfAzNT6ZPeuV0ACrB358k+wuEudE +JVZ+Jc9+sDnTWZ/83oBtc6eNZZ6ExX0+CrilSR+ce2A9aeim4CQii6L57oxrqIargTX3VyqWZL8 +qRr/ogtR2sCXQIDAQABo4GgMIGdMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUGsYMSsRHb6jb rSvw9FYGo+03VAwwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwDwYDVR0TAQH/ BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQATEDitpFSlSJVFsC03csCfntjvjwv7kJbSthd5Ucqz 3wZ+vbTpCD+EoAyTn7McqGyKzy3u+ZAS8Pg6JtdzgQ6fxDGSWdQoJUH1VfHKPZk92mTI0hhkIjIJ CS0d4zH6/dNH12So+V3qgifiT9JhISRhHVQmPhRZZLCY1fOnw66tUDCCBDYwggMeoAMCAQICAQEw DQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYD VQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0 ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMG8xCzAJBgNVBAYT AlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQ IE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC39xoz5vIABC054E5b7R+8bA/Ntfojts7emxEzl6QpTH2Tn71K vJPtAxrjj8/lbVBa1pcplFqAsEl62y6V/bjKvzc4LR4+kUGtcFbH8E8/6DKedMrIkFTpxl8PeJ2a QDwOrGGqXhSPnoehalDc15pOrwWzpnGUnHGzUGAKxxOdOAeGAqjpqGkmGJCrTLBPI6s6T4TY386f 4Wlvu9dC12tE5Met7m1BX3JacQg3s3llpFmglDf3AC8NwpJy2tA4ctsUqEXEXSp9t7TWxO6szRNE t8kr3UMAJfphuWlqWCMRt6czj1Z1WfXNKddGtworZbbTQm8Vsrh7++/pXVPVNFonAgMBAAGjgdww gdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQG EwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3 DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n /PYmE8eAFqW/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt 7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIF UdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZg D8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEMIIE6zCCA9OgAwIBAgIQUukC yhHoRJ2UZTgvoxowuzANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRk VHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQD ExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTEzMDMxOTAwMDAwMFoXDTIwMDUzMDEwNDgz OFoweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgG A1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElz c3VpbmcgQ0EgNEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgsMyAndhJVfoD2wT6 OMfdv4XddrzrPcssq7/pa+Mh29RvGejPaqe+X1QpAjewTXNRFDGt+C+0/Rs+C3W4PAB8tzofl6qf KL7sWs+xMYJHiDAOarVaRNCA0M1dSBvvV73/qx+r5Z8IOmLxJxqCXIsJGnumH9XrRxuK0G+dkV6U oIMGHffZLoobdsB2c0YH++TzpvAOVjqiYOzr9Gx83DNBXCj8zeg+u7HrLrPIihG6V+RUQ1szT/1G vNA6XIrhblWTgQSx9baOUJXhbzdAqpFxwAohTHDar8egdU9tsROusuYTpFFn/55aWQZaX6a3HjYc 6A6ZfQFF1NGj28fvJ4GjAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g JMtUGjAdBgNVHQ4EFgQUHmkqtNwo/kcYTiELP7ysES/wmPUwDgYDVR0PAQH/BAQDAgGGMBIGA1Ud EwEB/wQIMAYBAf8CAQAwNgYDVR0lBC8wLQYIKwYBBQUHAwQGCisGAQQBgjcKAwQGCisGAQQBgjcK AwwGCSsGAQQBgjcVBTAXBgNVHSAEEDAOMAwGCiqGSIb4TQEFAWkwSQYDVR0fBEIwQDA+oDygOoY4 aHR0cDovL2NybC50cnVzdC1wcm92aWRlci5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmww OgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC50cnVzdC1wcm92aWRlci5j b20wNQYDVR0eBC4wLKAqMAuBCWludGVsLmNvbTAboBkGCisGAQQBgjcUAgOgCwwJaW50ZWwuY29t MA0GCSqGSIb3DQEBBQUAA4IBAQApws2j/ZKjUmeiLwbtblDoVI+rV+bIpbexIN/Vqa/IeSMSB3bm fswpEcYSZHHGjOI8qlyZt9dhT4nSDnrScKjmA8XvxZ3tmbNyYJybVQUV8jF/DpADX1tGlMLxswxp JISXzLf0+DBr4cQ2ag9mwzrcN1nrOIOc+pxJtx9izyp3+bl3baulerkgZVS1fotftH+FJLD/ex8B OcEuCIm2KVXJjs4YaZgoIBLYjTiK29JLVa15xdO305kPI1uXsu05sGuAwuFmSklb6k5H1/eHlUbZ Lm4qQDtOH00L0ShJx3BAIAjD5RYptJDQiyPZQUvt8cq+apYpVMv3yxHO8jex40LgMIIFijCCBHKg AwIBAgIKYSCKYgAAAAAACDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMR SW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHkludGVsIEV4dGVybmFsIEJhc2ljIFBvbGljeSBD QTAeFw0wOTA1MTUxOTI3MjZaFw0xNTA1MTUxOTM3MjZaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQK ExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWlu ZyBDQSAzQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQEM1Wn9TU9vc9C+/Tc7KB+ eiYElmrcEWE32WUdHvWG+IcQHVQsikTmMyKKojNLw2B5s6Iekc8ivDo/wCfjZzX9JyftMnc+AArc 0la87Olybzm8K9jXEfTBvTnUSFSiI9ZYefITdiUgqlAFuljFZEHYKYtLuhrRacpmQfP4mV63NKdc 2bT804HRf6YptZFa4k6YN94zlrGNrBuQQ74WFzz/jLBusbUpEkro6Mu/ZYFOFWQrV9lBhF9Ruk8y N+3N6n9fUo/qBigiF2kEn9xVh1ykl7SCGL2jBUkXx4qgV27a6Si8lRRdgrHGtN/HWnSWlLXTH5l5 75H4Lq++77OFv38CAwEAAaOCAlwwggJYMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFA7GKvdZ sggQkCVvw939imYxMCvFMAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQB gjcVAgQWBBQ5oFY2ekKQ/5Ktim+VdMeSWb4QWTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAf BgNVHSMEGDAWgBQaxgxKxEdvqNutK/D0Vgaj7TdUDDCBvQYDVR0fBIG1MIGyMIGvoIGsoIGphk5o dHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFz aWMlMjBQb2xpY3klMjBDQS5jcmyGV2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9z aXRvcnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNybDCB4wYI KwYBBQUHAQEEgdYwgdMwYwYIKwYBBQUHMAKGV2h0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRv cnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNy dDBsBggrBgEFBQcwAoZgaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9j ZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EuY3J0MA0G CSqGSIb3DQEBBQUAA4IBAQCxtQEHchVQhXyjEqtMVUMe6gkmPsIczHxSeqNbo9dsD+6xbT65JT+o YgpIAtfEsYXeUJu1cChqpb22U5bMAz7eaQcW5bzefufWvA6lg2048B8oczBj/q+5P5NpYrUO8jOm N4jTjfJq3ElZ7yFWpy7rB3Vm/aN6ATYqWfMbS/xfh+JCxmH3droUmMJI0/aZJHsLtjbjFnNsHDNr JZX1vxlM78Lb1hjskTENPmhbVbfTj5i/ZGnhv4tmI8QZPCNtcegXJrfhRl2D9bWpdTOPrWiLDUqz y1Z6KL7TcOS/PCl8RHCJXkPau/thTQCpIoDa2+c+3XA++gRTfAQ4svTO260NMIIF+zCCBOOgAwIB AgIKHtX06gABAACWPTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRSW50 ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0Eg M0IwHhcNMTIwNjA4MDgwNTExWhcNMTUwNTE1MTkzNzI2WjA3MRIwEAYDVQQDEwlXZWksIEdhbmcx ITAfBgkqhkiG9w0BCQEWEmdhbmcud2VpQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALNyfS4yC6aDo3DZ/oId96Dvi8CB5SJyDUcMhpKWZtzqPX2mMOqQNgv4qAtHUjt4 ibyPSjGZ+0EM3r63384gGcVR8+uxiuijBIOCkis6oGQ+TmBl1i28KobkE4jNnLCES0keisfNdzO8 vAOxIFbT9KxQl1f1MfvsZfyGfFYB53gHCh1VxdZ7a2XKaON+l2YYx2p5xGGZtDDb61ajXSGvdHK+ qMIfo7LMoZmY42t5NawgizwcqBPUOLR+JXOtyGGiXZx3wZPeRmZx/eCMPBhSlfewpvUrK8W0kL59 1Lv0HeUVEJye2bOmlLo1DeIp6KH9JujFB33KhHXvNsugc9IYUVMCAwEAAaOCAugwggLkMAsGA1Ud DwQEAwIHgDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiGw4x1hJnlUYP9gSiFjp9TgpHACWeB 3r05lfBDAgFkAgEIMB0GA1UdDgQWBBQYdG5bBKSgjlBUQ6dpUm2vjlkEKDAfBgNVHSMEGDAWgBQO xir3WbIIEJAlb8Pd/YpmMTArxTCBzwYDVR0fBIHHMIHEMIHBoIG+oIG7hldodHRwOi8vd3d3Lmlu dGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5n JTIwQ0ElMjAzQigxKS5jcmyGYGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRv cnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNCKDEpLmNy bDCB9QYIKwYBBQUHAQEEgegwgeUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3Jl cG9zaXRvcnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3Vpbmcl MjBDQSUyMDNCKDEpLmNydDB1BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5j b20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNz dWluZyUyMENBJTIwM0IoMSkuY3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMCkG CSsGAQQBgjcVCgQcMBowCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDDDBBBgNVHREEOjA4oCIGCisG AQQBgjcUAgOgFAwSZ2FuZy53ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZI hvcNAQEFBQADggEBAHuycX8AxjwfC5zmWDh0QpY8vDSgyLXaUDYKm2+ATDJDn5kALJgxAqaThvqG TH+oz73HQ7L8v7QxM0Yp1IQd/k5GeqMzhuXEoPM4rcORlOlvRqxBJNZUuYwxvyYaUpLU1W8EsOB2 zB31ykzdXH93b6ZpfJk78eqZuq00xHxU9mw4PXlWPnn1NDBYD1JH/ufCmpFk6sBE2bBf2u2miBEw HoRUyoH1nbu78aOs4mE6fRC9NutIriNPI2790R3FAY8dLWl3nrpXs80TrUCptat61uNRJDH06KXe 81QCtvDVlBGbZ4gqWR3PZGsnJKeOLOO38PQvFFm1Xjs4DVYiPVYyCTIwggZfMIIFR6ADAgECAgoX k5lZAAIAACHzMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIG A1UEBxMLU2FudGEgQ2xhcmExGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMSswKQYDVQQDEyJJ bnRlbCBFeHRlcm5hbCBCYXNpYyBJc3N1aW5nIENBIDRBMB4XDTEzMDgxOTAwMzYzN1oXDTE2MDgw MzAwMzYzN1owNzESMBAGA1UEAxMJV2VpLCBHYW5nMSEwHwYJKoZIhvcNAQkBFhJnYW5nLndlaUBp bnRlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5n/5H2E4IaFTN6vf/5c8e QY+u2n0X6FBqaOcJLEjHxkruNV8FYsNtngjFToTw6+1/UagW/vCKKovY9xdFN4hzbfufpgKS3qDm r4xi0b4d9hKIItaClYfbfO90qdz/GuFJByWmjqqjWmzgS1gHP8lV/7skH8ykBPXP1pdbi9zsR5qc dY1J9pv6+80W/7t6a1Hc/YcxiGPWBIoxeEcOwyIUvHkB3YCNiTF/b8Yd2XP7WOS5dTCyTQznSc4f LWh4/+9uJ2DwNJSwmA3i/E8Ypuj2nkl2sON5XhHwLgZPAubbVetnE9GhYqC2gMPAtGdanjq89qLp HooNYxSz5DBZ/qGXAgMBAAGjggMpMIIDJTALBgNVHQ8EBAMCBDAwPQYJKwYBBAGCNxUHBDAwLgYm KwYBBAGCNxUIhsOMdYSZ5VGD/YEohY6fU4KRwAlnhLnZQYeE/04CAWQCAQ0wRAYJKoZIhvcNAQkP BDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMH MB0GA1UdDgQWBBQXPB4WAJS7jGIRmmWelsAl0gdIyzAfBgNVHSMEGDAWgBQeaSq03Cj+RxhOIQs/ vKwRL/CY9TCByQYDVR0fBIHBMIG+MIG7oIG4oIG1hlRodHRwOi8vd3d3LmludGVsLmNvbS9yZXBv c2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjA0QS5j cmyGXWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIw RXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBLmNybDCB9QYIKwYBBQUHAQEEgegw geUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlmaWNh dGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBKDIpLmNydDB1 BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0 aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwNEEoMiku Y3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMEMCkGCSsGAQQBgjcVCgQcMBowCgYI KwYBBQUHAwQwDAYKKwYBBAGCNwoDBDBBBgNVHREEOjA4oCIGCisGAQQBgjcUAgOgFAwSZ2FuZy53 ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZIhvcNAQEFBQADggEBABbAGh9L zr7TdotBWnVEUR2ZohZjdhIs7vMslFWmwYvuge2PkPTUhV6sUDWEE04S7+L+XUIvm5DOMCoqY+eJ RfIDxpbqAEQOSf8Ro+xR2zsohSgbNiN7ocjh6siCW2FsPfdV2jV12eDMM4IvT5J2aAMLlQ8LSRq5 g+vaXrp0lengXNIGEUxHeQRTkQEEc/UsixV1FVBhlUjF5c6qKzSOY4xV/OMeMmxzoLf+h41zU4da TYEeXeWsed//nrtoTVOYSJ3bko6kpnP/sOVKN1dmWZWi8h2hg3MP42mTZI+fiLCgBsCqNFlbfXeC /OornRiCqKrjk1KERzICUuIKXYbqN+ExggPiMIID3gIBATBkMFYxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNz dWluZyBDQSAzQgIKHtX06gABAACWPTANBglghkgBZQMEAgEFAKCCAk8wGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMxMTEzMTM0MjUxWjAvBgkqhkiG9w0BCQQxIgQg 1kmBSrk8ujtQ2w8gnmshektD5LjtU8NSRDocr2SZAXIwgZgGCSsGAQQBgjcQBDGBijCBhzB5MQsw CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQKExFJ bnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBD QSA0QQIKF5OZWQACAAAh8zCBmgYLKoZIhvcNAQkQAgsxgYqggYcweTELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRp b24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0EgNEECCheTmVkAAgAA IfMwgasGCSqGSIb3DQEJDzGBnTCBmjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAoGCCqGSIb3 DQMHMAsGCWCGSAFlAwQBAjAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICAUAw DQYIKoZIhvcNAwICASgwCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwBwYF Kw4DAhowDQYJKoZIhvcNAQEBBQAEggEAf8NfSWny/rlScRw5rIdfKyxH86CrGVdgADX1VUvAaDbm fZGM4It39VAv8LIquvu0pw74GJKoy/Qd/Lh2bg7v/LKcZs+UiDiufc9RZla0S5D+uxmcjTohM5G7 OiskBWCpq6AI/q5OCnr0iXE3nzDRRbgPvllpuPb32q15BmmWQiIwUdY+aOvCn3nbBCycsWae6lMO n/BbNjtpcHmWnk/us4ZCkqGRZj7oLZWUH14sh6RxIRcBB7LAs35swEgGcAOfMxCtzA/iITODoYUX QAQAWvRYpQppSvQIErTUV+hoPMF35rqV6/oJtF9dJkXJTiI59DhSLLhNIeXV3TvqzXtb3wAAAAAA AA== ------=_NextPart_000_00D6_01CEE0B9.4D8AD9C0--

Hi, I am using port 8443, since no other process -- as far as I know -- is using it; below you will find all of the requested configuration files: Contents of /etc/oat_client/*: log4j.properties: http://pastebin.com/MQLM68vs OAT.properties: http://pastebin.com/LwHihxah OATprovisioner.properties: http://pastebin.com/0x5TShtZ TPMModule.properties: http://pastebin.com/hvw9gfRE server.xml: http://pastebin.com/VZ9Vk6iC OAT_client.sh: http://pastebin.com/St4yCGcF provisioner.sh: http://pastebin.com/RedqQt8V cheers, /Nicolae. On 13 November 2013 14:47, Wei, Gang <gang.wei@intel.com> wrote:
This time it failed earlier. Looks like the PCA webservice2 was not listening on 8443 port. Have you replaced the port 8443 with 8442 in server side ($TOMCAT_HOME/conf/server.xml) but not change it in client side (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied by another app?
Please copy the content from your current server.xml, OAT_client.sh, provisioner.sh and /etc/oat-client/* into the content of your reply for analysis. (don't attach *.sh as attachments, that will get filtered by my company's mailing system).
Thanks Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 7:01 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
thank you for the feedback; I've gone through the steps again, but obtained the exactly same problem:
1. I removed all of the previously installed packaged related to OAT.
2. I followed the tutorial, until this command:
bash provisioner.sh
provisioner.sh: line 7: systemctl: command not found ### ecStorage = NVRAM### Performing TPM provisioning...FAILED javax.xml.ws.WebServiceException: Failed to access the WSDL at:
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
yService?wsdl. It failed with: Connection refused. at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP arser.java:162) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j ava:144) at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav a:265) at
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
at
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
at
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104
) at javax.xml.ws.Service.<init>(Service.java:77) at
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebSer
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryServiceServi
ce.java:42) at
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebSer
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
entInvoker.java:32) at
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)
Caused by: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339
) at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.j
ava:200) at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:579) at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) at sun.net.NetworkClient.doConnect(NetworkClient.java:180) at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt tpClient(AbstractDelegateHttpsURLConnection.java:191) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec tion.java:932) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A bstractDelegateHttpsURLConnection.java:177) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn ection.java:1300) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU RLConnectionImpl.java:254) at java.net.URL.openStream(URL.java:1037) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD LParser.java:804) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL Parser.java:262) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j ava:129) ... 8 more Failed to initialize the TPM, error 1 Performing HIS identity provisioning...FAILED gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2() at gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594) at
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j ava:
217) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at java.io.FileInputStream.<init>(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 )
Failed to register identity with appraiser, error 1
Should I have updated anything else?
cheers, /Nicolae.
On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote:
This is indeed an issue caused by the incompatibility between OAT tpm access code & tpm-tools(tpm_takeownership -z). It has already been fixed. Please follow below wiki and try again.
Recipe.
Thanks Jimmy
Nicolae Paladi wrote on 2013-10-28:
> Hi, I've followed the recipe > ( https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> i pe) but didn't get it to run yet; I think a step is missing --
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL- the AIK
> is not available is /usr/share/oat-client (it was not available
in
> /var/lig/oat-appraiser/ClientFiles either); when I try to run > provisioner.sh, I get the following: provisioner.sh: line 7:
systemctl:
> command not found ### ecStorage = NVRAM### Performing TPM > provisioning...710 DONE Successfully initialized TPM Performing
HIS
> identity provisioning...FAILED java.util.NoSuchElementException > at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) > at > gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21 > 5) > at >
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> 2) > at >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> r.java: 225) Failed to receive AIC from Privacy CA, error 1
Registering
> identity with server...FAILED java.io.FileNotFoundException: > /usr/share/oat-client/aik.cer (No such file or directory) > at java.io.FileInputStream.open(Native Method) > at
java.io.FileInputStream.<init>(FileInputStream.java:137)
> at
java.io.FileInputStream.<init>(FileInputStream.java:96)
> at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > at >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
9 ) > Failed to register identity with appraiser, error 1 > > > > Thanks, > /Nicolae > > > On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote: > > > Awesome, thanks! > > I'll try this out in the morning > > /Nicolae > > > On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> wrote: > > > Please refer to > >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> Recipe. > > Jimmy

------=_NextPart_000_0145_01CEE12C.3CE4A0B0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Can you try netstat -anp | grep 8443? Maybe it is occupied by apache. Meanwhile check whether tomcat is up. Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 10:43 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
I am using port 8443, since no other process -- as far as I know -- is using it;
below you will find all of the requested configuration files:
Contents of /etc/oat_client/*: log4j.properties: http://pastebin.com/MQLM68vs OAT.properties: http://pastebin.com/LwHihxah OATprovisioner.properties: http://pastebin.com/0x5TShtZ TPMModule.properties: http://pastebin.com/hvw9gfRE
server.xml: http://pastebin.com/VZ9Vk6iC OAT_client.sh: http://pastebin.com/St4yCGcF
provisioner.sh: http://pastebin.com/RedqQt8V
cheers, /Nicolae.
On 13 November 2013 14:47, Wei, Gang <gang.wei@intel.com> wrote:
This time it failed earlier. Looks like the PCA webservice2 was not listening on 8443 port. Have you replaced the port 8443 with 8442 in server side ($TOMCAT_HOME/conf/server.xml) but not change it in client side (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied by another app?
Please copy the content from your current server.xml, OAT_client.sh, provisioner.sh and /etc/oat-client/* into the content of your reply for analysis. (don't attach *.sh as attachments, that will get filtered by my company's mailing system).
Thanks Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 7:01 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
thank you for the feedback; I've gone through the steps again, but obtained the exactly same problem:
1. I removed all of the previously installed packaged related to OAT.
2. I followed the tutorial, until this command:
bash provisioner.sh
provisioner.sh: line 7: systemctl: command not found ### ecStorage = NVRAM### Performing TPM provisioning...FAILED javax.xml.ws.WebServiceException: Failed to access the WSDL at:
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
yService?wsdl. It failed with: Connection refused. at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP
arser.java:162) at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
ava:144) at
com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav
a:265) at
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
at
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
at
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav
a:104
) at javax.xml.ws.Service.<init>(Service.java:77) at
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe
bSer
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService
Servi
ce.java:42) at
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe
bSer
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
entInvoker.java:32) at
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)
Caused by: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav
a:339
) at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI
mpl.j
ava:200) at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at
java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579) at
sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
at
sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)
at sun.net.NetworkClient.doConnect(NetworkClient.java:180) at
sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
at
sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt
tpClient(AbstractDelegateHttpsURLConnection.java:191) at
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec
tion.java:932) at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A
bstractDelegateHttpsURLConnection.java:177) at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
ection.java:1300) at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU
RLConnectionImpl.java:254) at java.net.URL.openStream(URL.java:1037) at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD
LParser.java:804) at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL
Parser.java:262) at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
ava:129) ... 8 more Failed to initialize the TPM, error 1 Performing HIS identity provisioning...FAILED gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2() at
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
at
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
ava:
217) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at java.io.FileInputStream.<init>(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
9 )
Failed to register identity with appraiser, error 1
Should I have updated anything else?
cheers, /Nicolae.
On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote:
This is indeed an issue caused by the incompatibility between OAT tpm access code & tpm-tools(tpm_takeownership -z). It has already been fixed. Please follow below wiki and try again.
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
Recipe.
Thanks Jimmy
Nicolae Paladi wrote on 2013-10-28:
> Hi, I've followed the recipe >
(https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> i pe) but didn't get it to run yet; I think a step is
missing -- the AIK
> is not available is /usr/share/oat-client (it was not
available in
> /var/lig/oat-appraiser/ClientFiles either); when I try to
run
> provisioner.sh, I get the following: provisioner.sh: line
7: systemctl:
> command not found ### ecStorage = NVRAM### Performing
TPM
> provisioning...710 DONE Successfully initialized TPM
Performing HIS
> identity provisioning...FAILED
java.util.NoSuchElementException
> at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) > at >
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
> 5) > at >
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> 2) > at >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> r.java: 225) Failed to receive AIC from Privacy CA, error
1 Registering
> identity with server...FAILED
java.io.FileNotFoundException:
> /usr/share/oat-client/aik.cer (No such file or directory) > at java.io.FileInputStream.open(Native Method) > at
java.io.FileInputStream.<init>(FileInputStream.java:137)
> at
java.io.FileInputStream.<init>(FileInputStream.java:96)
> at
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> at >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
9 ) > Failed to register identity with appraiser, error 1 > > > > Thanks, > /Nicolae > > > On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote: > > > Awesome, thanks! > > I'll try this out in the morning > > /Nicolae > > > On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> wrote: > > > Please refer to > >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> Recipe. > > Jimmy
------=_NextPart_000_0145_01CEE12C.3CE4A0B0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCIX4w ggMgMIICiaADAgECAgQ13vTPMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQK EwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HhcNOTgwODIyMTY0MTUxWhcNMTgwODIyMTY0MTUxWjBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMH RXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBXbFYZwhi7qCaLR8IbZEUaJgKHv7aBG8ThGIhw9F8 zp8F4LgB8E407OKKlQRkrPFrU18Fs8tngL9CAo7+3QEJ7OEAFE/8+/AM3UO6WyvhH4BwmRVXkxbx D5dqt8JoIxzMTVkwrFEeO68r1u5jRXvF2V9Q0uNQDzqI578U/eDHuQIDAQABo4IBCTCCAQUwcAYD VR0fBGkwZzBloGOgYaRfMF0xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQL EyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwGgYD VR0QBBMwEYEPMjAxODA4MjIxNjQxNTFaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBRI5mj5K9Ky lddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUSOZo+SvSspXXR9gjIBBPM5iQn9QwDAYDVR0TBAUwAwEB /zAaBgkqhkiG9n0HQQAEDTALGwVWMy4wYwMCBsAwDQYJKoZIhvcNAQEFBQADgYEAWM4p6vz33rXO ArkXtYXRuePglcwlMQ0AppJuf7aSY55QldGab+QR3mOFbpjuqP9ayNNVsmZxV97AIes9KqcjSQEE hkJ7/O5/ohZStWdn00DbOyZYsih3Pa4Ud2HW+ipmJ6AN+qdzXOpw8ZQhZURf+vzvKWipood573nv T6wHdzgwggM9MIICpqADAgECAgMFsP8wDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAO BgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhv cml0eTAeFw0wNjAyMTYxODAxMzBaFw0xNjAyMTkxODAxMzBaMFIxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjEnMCUGA1UEAxMeSW50ZWwgRXh0ZXJuYWwgQmFzaWMgUG9s aWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaXf1zm/UFahGfJkNdONk3Ti KtwEwyLFdsQ8rd9Mi8jEeVo7brNG59wfoXvPQYjTvyz+vqxcxMJQ+eT5V/hyxiCnjTRve3asnN9B RJRFI2c02RatjeHt5FSf1wBBIADc1fL/aqe6lsMboD4H3N8/QZGKLfgon6M3sRy2/4RGY/siEglO tZEWb7kkNBNdcmC+HUYHIJSXmh6N6F+e67yHJGi7GFef9QI/kfAzNT6ZPeuV0ACrB358k+wuEudE +JVZ+Jc9+sDnTWZ/83oBtc6eNZZ6ExX0+CrilSR+ce2A9aeim4CQii6L57oxrqIargTX3VyqWZL8 +qRr/ogtR2sCXQIDAQABo4GgMIGdMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUGsYMSsRHb6jb rSvw9FYGo+03VAwwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwDwYDVR0TAQH/ BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQATEDitpFSlSJVFsC03csCfntjvjwv7kJbSthd5Ucqz 3wZ+vbTpCD+EoAyTn7McqGyKzy3u+ZAS8Pg6JtdzgQ6fxDGSWdQoJUH1VfHKPZk92mTI0hhkIjIJ CS0d4zH6/dNH12So+V3qgifiT9JhISRhHVQmPhRZZLCY1fOnw66tUDCCBDYwggMeoAMCAQICAQEw DQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYD VQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0 ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMG8xCzAJBgNVBAYT AlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQ IE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC39xoz5vIABC054E5b7R+8bA/Ntfojts7emxEzl6QpTH2Tn71K vJPtAxrjj8/lbVBa1pcplFqAsEl62y6V/bjKvzc4LR4+kUGtcFbH8E8/6DKedMrIkFTpxl8PeJ2a QDwOrGGqXhSPnoehalDc15pOrwWzpnGUnHGzUGAKxxOdOAeGAqjpqGkmGJCrTLBPI6s6T4TY386f 4Wlvu9dC12tE5Met7m1BX3JacQg3s3llpFmglDf3AC8NwpJy2tA4ctsUqEXEXSp9t7TWxO6szRNE t8kr3UMAJfphuWlqWCMRt6czj1Z1WfXNKddGtworZbbTQm8Vsrh7++/pXVPVNFonAgMBAAGjgdww gdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQG EwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3 DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n /PYmE8eAFqW/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt 7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIF UdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZg D8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEMIIE6zCCA9OgAwIBAgIQUukC yhHoRJ2UZTgvoxowuzANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRk VHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQD ExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTEzMDMxOTAwMDAwMFoXDTIwMDUzMDEwNDgz OFoweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgG A1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElz c3VpbmcgQ0EgNEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgsMyAndhJVfoD2wT6 OMfdv4XddrzrPcssq7/pa+Mh29RvGejPaqe+X1QpAjewTXNRFDGt+C+0/Rs+C3W4PAB8tzofl6qf KL7sWs+xMYJHiDAOarVaRNCA0M1dSBvvV73/qx+r5Z8IOmLxJxqCXIsJGnumH9XrRxuK0G+dkV6U oIMGHffZLoobdsB2c0YH++TzpvAOVjqiYOzr9Gx83DNBXCj8zeg+u7HrLrPIihG6V+RUQ1szT/1G vNA6XIrhblWTgQSx9baOUJXhbzdAqpFxwAohTHDar8egdU9tsROusuYTpFFn/55aWQZaX6a3HjYc 6A6ZfQFF1NGj28fvJ4GjAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g JMtUGjAdBgNVHQ4EFgQUHmkqtNwo/kcYTiELP7ysES/wmPUwDgYDVR0PAQH/BAQDAgGGMBIGA1Ud EwEB/wQIMAYBAf8CAQAwNgYDVR0lBC8wLQYIKwYBBQUHAwQGCisGAQQBgjcKAwQGCisGAQQBgjcK AwwGCSsGAQQBgjcVBTAXBgNVHSAEEDAOMAwGCiqGSIb4TQEFAWkwSQYDVR0fBEIwQDA+oDygOoY4 aHR0cDovL2NybC50cnVzdC1wcm92aWRlci5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmww OgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC50cnVzdC1wcm92aWRlci5j b20wNQYDVR0eBC4wLKAqMAuBCWludGVsLmNvbTAboBkGCisGAQQBgjcUAgOgCwwJaW50ZWwuY29t MA0GCSqGSIb3DQEBBQUAA4IBAQApws2j/ZKjUmeiLwbtblDoVI+rV+bIpbexIN/Vqa/IeSMSB3bm fswpEcYSZHHGjOI8qlyZt9dhT4nSDnrScKjmA8XvxZ3tmbNyYJybVQUV8jF/DpADX1tGlMLxswxp JISXzLf0+DBr4cQ2ag9mwzrcN1nrOIOc+pxJtx9izyp3+bl3baulerkgZVS1fotftH+FJLD/ex8B OcEuCIm2KVXJjs4YaZgoIBLYjTiK29JLVa15xdO305kPI1uXsu05sGuAwuFmSklb6k5H1/eHlUbZ Lm4qQDtOH00L0ShJx3BAIAjD5RYptJDQiyPZQUvt8cq+apYpVMv3yxHO8jex40LgMIIFijCCBHKg AwIBAgIKYSCKYgAAAAAACDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMR SW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHkludGVsIEV4dGVybmFsIEJhc2ljIFBvbGljeSBD QTAeFw0wOTA1MTUxOTI3MjZaFw0xNTA1MTUxOTM3MjZaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQK ExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWlu ZyBDQSAzQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQEM1Wn9TU9vc9C+/Tc7KB+ eiYElmrcEWE32WUdHvWG+IcQHVQsikTmMyKKojNLw2B5s6Iekc8ivDo/wCfjZzX9JyftMnc+AArc 0la87Olybzm8K9jXEfTBvTnUSFSiI9ZYefITdiUgqlAFuljFZEHYKYtLuhrRacpmQfP4mV63NKdc 2bT804HRf6YptZFa4k6YN94zlrGNrBuQQ74WFzz/jLBusbUpEkro6Mu/ZYFOFWQrV9lBhF9Ruk8y N+3N6n9fUo/qBigiF2kEn9xVh1ykl7SCGL2jBUkXx4qgV27a6Si8lRRdgrHGtN/HWnSWlLXTH5l5 75H4Lq++77OFv38CAwEAAaOCAlwwggJYMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFA7GKvdZ sggQkCVvw939imYxMCvFMAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQB gjcVAgQWBBQ5oFY2ekKQ/5Ktim+VdMeSWb4QWTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAf BgNVHSMEGDAWgBQaxgxKxEdvqNutK/D0Vgaj7TdUDDCBvQYDVR0fBIG1MIGyMIGvoIGsoIGphk5o dHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFz aWMlMjBQb2xpY3klMjBDQS5jcmyGV2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9z aXRvcnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNybDCB4wYI KwYBBQUHAQEEgdYwgdMwYwYIKwYBBQUHMAKGV2h0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRv cnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNy dDBsBggrBgEFBQcwAoZgaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9j ZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EuY3J0MA0G CSqGSIb3DQEBBQUAA4IBAQCxtQEHchVQhXyjEqtMVUMe6gkmPsIczHxSeqNbo9dsD+6xbT65JT+o YgpIAtfEsYXeUJu1cChqpb22U5bMAz7eaQcW5bzefufWvA6lg2048B8oczBj/q+5P5NpYrUO8jOm N4jTjfJq3ElZ7yFWpy7rB3Vm/aN6ATYqWfMbS/xfh+JCxmH3droUmMJI0/aZJHsLtjbjFnNsHDNr JZX1vxlM78Lb1hjskTENPmhbVbfTj5i/ZGnhv4tmI8QZPCNtcegXJrfhRl2D9bWpdTOPrWiLDUqz y1Z6KL7TcOS/PCl8RHCJXkPau/thTQCpIoDa2+c+3XA++gRTfAQ4svTO260NMIIF+zCCBOOgAwIB AgIKHtX06gABAACWPTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRSW50 ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0Eg M0IwHhcNMTIwNjA4MDgwNTExWhcNMTUwNTE1MTkzNzI2WjA3MRIwEAYDVQQDEwlXZWksIEdhbmcx ITAfBgkqhkiG9w0BCQEWEmdhbmcud2VpQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALNyfS4yC6aDo3DZ/oId96Dvi8CB5SJyDUcMhpKWZtzqPX2mMOqQNgv4qAtHUjt4 ibyPSjGZ+0EM3r63384gGcVR8+uxiuijBIOCkis6oGQ+TmBl1i28KobkE4jNnLCES0keisfNdzO8 vAOxIFbT9KxQl1f1MfvsZfyGfFYB53gHCh1VxdZ7a2XKaON+l2YYx2p5xGGZtDDb61ajXSGvdHK+ qMIfo7LMoZmY42t5NawgizwcqBPUOLR+JXOtyGGiXZx3wZPeRmZx/eCMPBhSlfewpvUrK8W0kL59 1Lv0HeUVEJye2bOmlLo1DeIp6KH9JujFB33KhHXvNsugc9IYUVMCAwEAAaOCAugwggLkMAsGA1Ud DwQEAwIHgDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiGw4x1hJnlUYP9gSiFjp9TgpHACWeB 3r05lfBDAgFkAgEIMB0GA1UdDgQWBBQYdG5bBKSgjlBUQ6dpUm2vjlkEKDAfBgNVHSMEGDAWgBQO xir3WbIIEJAlb8Pd/YpmMTArxTCBzwYDVR0fBIHHMIHEMIHBoIG+oIG7hldodHRwOi8vd3d3Lmlu dGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5n JTIwQ0ElMjAzQigxKS5jcmyGYGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRv cnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNCKDEpLmNy bDCB9QYIKwYBBQUHAQEEgegwgeUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3Jl cG9zaXRvcnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3Vpbmcl MjBDQSUyMDNCKDEpLmNydDB1BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5j b20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNz dWluZyUyMENBJTIwM0IoMSkuY3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMCkG CSsGAQQBgjcVCgQcMBowCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDDDBBBgNVHREEOjA4oCIGCisG AQQBgjcUAgOgFAwSZ2FuZy53ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZI hvcNAQEFBQADggEBAHuycX8AxjwfC5zmWDh0QpY8vDSgyLXaUDYKm2+ATDJDn5kALJgxAqaThvqG TH+oz73HQ7L8v7QxM0Yp1IQd/k5GeqMzhuXEoPM4rcORlOlvRqxBJNZUuYwxvyYaUpLU1W8EsOB2 zB31ykzdXH93b6ZpfJk78eqZuq00xHxU9mw4PXlWPnn1NDBYD1JH/ufCmpFk6sBE2bBf2u2miBEw HoRUyoH1nbu78aOs4mE6fRC9NutIriNPI2790R3FAY8dLWl3nrpXs80TrUCptat61uNRJDH06KXe 81QCtvDVlBGbZ4gqWR3PZGsnJKeOLOO38PQvFFm1Xjs4DVYiPVYyCTIwggZfMIIFR6ADAgECAgoX k5lZAAIAACHzMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIG A1UEBxMLU2FudGEgQ2xhcmExGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMSswKQYDVQQDEyJJ bnRlbCBFeHRlcm5hbCBCYXNpYyBJc3N1aW5nIENBIDRBMB4XDTEzMDgxOTAwMzYzN1oXDTE2MDgw MzAwMzYzN1owNzESMBAGA1UEAxMJV2VpLCBHYW5nMSEwHwYJKoZIhvcNAQkBFhJnYW5nLndlaUBp bnRlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5n/5H2E4IaFTN6vf/5c8e QY+u2n0X6FBqaOcJLEjHxkruNV8FYsNtngjFToTw6+1/UagW/vCKKovY9xdFN4hzbfufpgKS3qDm r4xi0b4d9hKIItaClYfbfO90qdz/GuFJByWmjqqjWmzgS1gHP8lV/7skH8ykBPXP1pdbi9zsR5qc dY1J9pv6+80W/7t6a1Hc/YcxiGPWBIoxeEcOwyIUvHkB3YCNiTF/b8Yd2XP7WOS5dTCyTQznSc4f LWh4/+9uJ2DwNJSwmA3i/E8Ypuj2nkl2sON5XhHwLgZPAubbVetnE9GhYqC2gMPAtGdanjq89qLp HooNYxSz5DBZ/qGXAgMBAAGjggMpMIIDJTALBgNVHQ8EBAMCBDAwPQYJKwYBBAGCNxUHBDAwLgYm KwYBBAGCNxUIhsOMdYSZ5VGD/YEohY6fU4KRwAlnhLnZQYeE/04CAWQCAQ0wRAYJKoZIhvcNAQkP BDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMH MB0GA1UdDgQWBBQXPB4WAJS7jGIRmmWelsAl0gdIyzAfBgNVHSMEGDAWgBQeaSq03Cj+RxhOIQs/ vKwRL/CY9TCByQYDVR0fBIHBMIG+MIG7oIG4oIG1hlRodHRwOi8vd3d3LmludGVsLmNvbS9yZXBv c2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjA0QS5j cmyGXWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIw RXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBLmNybDCB9QYIKwYBBQUHAQEEgegw geUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlmaWNh dGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBKDIpLmNydDB1 BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0 aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwNEEoMiku Y3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMEMCkGCSsGAQQBgjcVCgQcMBowCgYI KwYBBQUHAwQwDAYKKwYBBAGCNwoDBDBBBgNVHREEOjA4oCIGCisGAQQBgjcUAgOgFAwSZ2FuZy53 ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZIhvcNAQEFBQADggEBABbAGh9L zr7TdotBWnVEUR2ZohZjdhIs7vMslFWmwYvuge2PkPTUhV6sUDWEE04S7+L+XUIvm5DOMCoqY+eJ RfIDxpbqAEQOSf8Ro+xR2zsohSgbNiN7ocjh6siCW2FsPfdV2jV12eDMM4IvT5J2aAMLlQ8LSRq5 g+vaXrp0lengXNIGEUxHeQRTkQEEc/UsixV1FVBhlUjF5c6qKzSOY4xV/OMeMmxzoLf+h41zU4da TYEeXeWsed//nrtoTVOYSJ3bko6kpnP/sOVKN1dmWZWi8h2hg3MP42mTZI+fiLCgBsCqNFlbfXeC /OornRiCqKrjk1KERzICUuIKXYbqN+ExggPiMIID3gIBATBkMFYxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNz dWluZyBDQSAzQgIKHtX06gABAACWPTANBglghkgBZQMEAgEFAKCCAk8wGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMxMTE0MDMyNTM1WjAvBgkqhkiG9w0BCQQxIgQg plK+6M9+TE2ONZBTUwFbBhvTPL2Ds3JO4TlnzIiy3SEwgZgGCSsGAQQBgjcQBDGBijCBhzB5MQsw CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQKExFJ bnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBD QSA0QQIKF5OZWQACAAAh8zCBmgYLKoZIhvcNAQkQAgsxgYqggYcweTELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRp b24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0EgNEECCheTmVkAAgAA IfMwgasGCSqGSIb3DQEJDzGBnTCBmjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAoGCCqGSIb3 DQMHMAsGCWCGSAFlAwQBAjAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICAUAw DQYIKoZIhvcNAwICASgwCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwBwYF Kw4DAhowDQYJKoZIhvcNAQEBBQAEggEAHP411EE72kld4OtOYG7Liyxu2lOZ3p0AJGco59cN2HaH uFYDF+oM4x++I2Ck+Bs7Y313vdmGgIhEBpJbSvM3ZNdJyzHOFU8GpVHlYbrME3JFe20fgcXHL3t6 2yGsGxJxoXTkzVv0kJhWqqv5hXFBMJQwRIpExbBn6TlfcnFgbpCD2Euzq8Ms7JlX9eVpNaOYe0oK 4Izynd3D3GtyadzkQt4cDgKnYPEo4KdyCSwj7ldXgkFlo5gd8a6qMB7ThyeTk2mjKgfL6Xg7CeNS jFUjbB6bm8YcC74wFsG5JdGwEeQpuN5SIj1VWaMPIknHdcUiNj1Dj8L8C5LWnL8fSagvHgAAAAAA AA== ------=_NextPart_000_0145_01CEE12C.3CE4A0B0--

------=_NextPart_000_0179_01CEE12D.43F59930 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit And you need to copy files from server to client before you try to run provisioner.sh every time you run OAT_configure.sh again. Jimmy
-----Original Message----- From: Wei, Gang Sent: Thursday, November 14, 2013 11:26 AM To: Nicolae Paladi Cc: Doron Fediuck; users@ovirt.org; Wei, Gang Subject: RE: [Users] Trusted Pools and CentOS 6 packages
Can you try netstat -anp | grep 8443? Maybe it is occupied by apache.
Meanwhile check whether tomcat is up.
Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 10:43 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
I am using port 8443, since no other process -- as far as I know -- is using it;
below you will find all of the requested configuration files:
Contents of /etc/oat_client/*: log4j.properties: http://pastebin.com/MQLM68vs OAT.properties: http://pastebin.com/LwHihxah OATprovisioner.properties: http://pastebin.com/0x5TShtZ TPMModule.properties: http://pastebin.com/hvw9gfRE
server.xml: http://pastebin.com/VZ9Vk6iC OAT_client.sh: http://pastebin.com/St4yCGcF
provisioner.sh: http://pastebin.com/RedqQt8V
cheers, /Nicolae.
On 13 November 2013 14:47, Wei, Gang <gang.wei@intel.com> wrote:
This time it failed earlier. Looks like the PCA webservice2 was not listening on 8443 port. Have you replaced the port 8443 with 8442 in server side ($TOMCAT_HOME/conf/server.xml) but not change it in client side (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied by another app?
Please copy the content from your current server.xml, OAT_client.sh, provisioner.sh and /etc/oat-client/* into the content of your reply for analysis. (don't attach *.sh as attachments, that will get filtered by my company's mailing system).
Thanks Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 7:01 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
thank you for the feedback; I've gone through the steps again, but obtained the exactly same problem:
1. I removed all of the previously installed packaged related to OAT.
2. I followed the tutorial, until this command:
bash provisioner.sh
provisioner.sh: line 7: systemctl: command not found ### ecStorage = NVRAM### Performing TPM provisioning...FAILED javax.xml.ws.WebServiceException: Failed to access the WSDL at:
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
yService?wsdl. It failed with: Connection refused. at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP
arser.java:162) at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
ava:144) at
com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav
a:265) at
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
at
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
at
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav
a:104
) at javax.xml.ws.Service.<init>(Service.java:77) at
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe
bSer
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService
Servi
ce.java:42) at
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe
bSer
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
entInvoker.java:32) at
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)
Caused by: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav
a:339
) at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI
mpl.j
ava:200) at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at
java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579) at
sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
at
sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)
at sun.net.NetworkClient.doConnect(NetworkClient.java:180) at
sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
at
sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt
tpClient(AbstractDelegateHttpsURLConnection.java:191) at
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec
tion.java:932) at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A
bstractDelegateHttpsURLConnection.java:177) at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
ection.java:1300) at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU
RLConnectionImpl.java:254) at java.net.URL.openStream(URL.java:1037) at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD
LParser.java:804) at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL
Parser.java:262) at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
ava:129) ... 8 more Failed to initialize the TPM, error 1 Performing HIS identity provisioning...FAILED gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2() at
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
at
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
ava:
217) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at java.io.FileInputStream.<init>(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
9 )
Failed to register identity with appraiser, error 1
Should I have updated anything else?
cheers, /Nicolae.
On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote:
This is indeed an issue caused by the incompatibility between OAT tpm access code & tpm-tools(tpm_takeownership -z). It has already been fixed. Please follow below wiki and try again.
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
Recipe.
Thanks Jimmy
Nicolae Paladi wrote on 2013-10-28:
> Hi, I've followed the recipe >
(https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> i pe) but didn't get it to run yet; I think a step is
missing -- the AIK
> is not available is /usr/share/oat-client (it was not
available in
> /var/lig/oat-appraiser/ClientFiles either); when I try to
run
> provisioner.sh, I get the following: provisioner.sh: line
7: systemctl:
> command not found ### ecStorage = NVRAM### Performing
TPM
> provisioning...710 DONE Successfully initialized TPM
Performing HIS
> identity provisioning...FAILED
java.util.NoSuchElementException
> at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) > at >
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
> 5) > at >
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> 2) > at >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> r.java: 225) Failed to receive AIC from Privacy CA, error
1 Registering
> identity with server...FAILED
java.io.FileNotFoundException:
> /usr/share/oat-client/aik.cer (No such file or directory) > at java.io.FileInputStream.open(Native Method) > at
java.io.FileInputStream.<init>(FileInputStream.java:137)
> at
java.io.FileInputStream.<init>(FileInputStream.java:96)
> at
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> at >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
9 ) > Failed to register identity with appraiser, error 1 > > > > Thanks, > /Nicolae > > > On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote: > > > Awesome, thanks! > > I'll try this out in the morning > > /Nicolae > > > On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> wrote: > > > Please refer to > >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> Recipe. > > Jimmy
------=_NextPart_000_0179_01CEE12D.43F59930 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCIX4w ggMgMIICiaADAgECAgQ13vTPMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQK EwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HhcNOTgwODIyMTY0MTUxWhcNMTgwODIyMTY0MTUxWjBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMH RXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBXbFYZwhi7qCaLR8IbZEUaJgKHv7aBG8ThGIhw9F8 zp8F4LgB8E407OKKlQRkrPFrU18Fs8tngL9CAo7+3QEJ7OEAFE/8+/AM3UO6WyvhH4BwmRVXkxbx D5dqt8JoIxzMTVkwrFEeO68r1u5jRXvF2V9Q0uNQDzqI578U/eDHuQIDAQABo4IBCTCCAQUwcAYD VR0fBGkwZzBloGOgYaRfMF0xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQL EyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwGgYD VR0QBBMwEYEPMjAxODA4MjIxNjQxNTFaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBRI5mj5K9Ky lddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUSOZo+SvSspXXR9gjIBBPM5iQn9QwDAYDVR0TBAUwAwEB /zAaBgkqhkiG9n0HQQAEDTALGwVWMy4wYwMCBsAwDQYJKoZIhvcNAQEFBQADgYEAWM4p6vz33rXO ArkXtYXRuePglcwlMQ0AppJuf7aSY55QldGab+QR3mOFbpjuqP9ayNNVsmZxV97AIes9KqcjSQEE hkJ7/O5/ohZStWdn00DbOyZYsih3Pa4Ud2HW+ipmJ6AN+qdzXOpw8ZQhZURf+vzvKWipood573nv T6wHdzgwggM9MIICpqADAgECAgMFsP8wDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAO BgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhv cml0eTAeFw0wNjAyMTYxODAxMzBaFw0xNjAyMTkxODAxMzBaMFIxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjEnMCUGA1UEAxMeSW50ZWwgRXh0ZXJuYWwgQmFzaWMgUG9s aWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaXf1zm/UFahGfJkNdONk3Ti KtwEwyLFdsQ8rd9Mi8jEeVo7brNG59wfoXvPQYjTvyz+vqxcxMJQ+eT5V/hyxiCnjTRve3asnN9B RJRFI2c02RatjeHt5FSf1wBBIADc1fL/aqe6lsMboD4H3N8/QZGKLfgon6M3sRy2/4RGY/siEglO tZEWb7kkNBNdcmC+HUYHIJSXmh6N6F+e67yHJGi7GFef9QI/kfAzNT6ZPeuV0ACrB358k+wuEudE +JVZ+Jc9+sDnTWZ/83oBtc6eNZZ6ExX0+CrilSR+ce2A9aeim4CQii6L57oxrqIargTX3VyqWZL8 +qRr/ogtR2sCXQIDAQABo4GgMIGdMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUGsYMSsRHb6jb rSvw9FYGo+03VAwwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwDwYDVR0TAQH/ BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQATEDitpFSlSJVFsC03csCfntjvjwv7kJbSthd5Ucqz 3wZ+vbTpCD+EoAyTn7McqGyKzy3u+ZAS8Pg6JtdzgQ6fxDGSWdQoJUH1VfHKPZk92mTI0hhkIjIJ CS0d4zH6/dNH12So+V3qgifiT9JhISRhHVQmPhRZZLCY1fOnw66tUDCCBDYwggMeoAMCAQICAQEw DQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYD VQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0 ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMG8xCzAJBgNVBAYT AlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQ IE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC39xoz5vIABC054E5b7R+8bA/Ntfojts7emxEzl6QpTH2Tn71K vJPtAxrjj8/lbVBa1pcplFqAsEl62y6V/bjKvzc4LR4+kUGtcFbH8E8/6DKedMrIkFTpxl8PeJ2a QDwOrGGqXhSPnoehalDc15pOrwWzpnGUnHGzUGAKxxOdOAeGAqjpqGkmGJCrTLBPI6s6T4TY386f 4Wlvu9dC12tE5Met7m1BX3JacQg3s3llpFmglDf3AC8NwpJy2tA4ctsUqEXEXSp9t7TWxO6szRNE t8kr3UMAJfphuWlqWCMRt6czj1Z1WfXNKddGtworZbbTQm8Vsrh7++/pXVPVNFonAgMBAAGjgdww gdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQG EwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3 DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n /PYmE8eAFqW/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt 7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIF UdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZg D8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEMIIE6zCCA9OgAwIBAgIQUukC yhHoRJ2UZTgvoxowuzANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRk VHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQD ExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTEzMDMxOTAwMDAwMFoXDTIwMDUzMDEwNDgz OFoweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgG A1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElz c3VpbmcgQ0EgNEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgsMyAndhJVfoD2wT6 OMfdv4XddrzrPcssq7/pa+Mh29RvGejPaqe+X1QpAjewTXNRFDGt+C+0/Rs+C3W4PAB8tzofl6qf KL7sWs+xMYJHiDAOarVaRNCA0M1dSBvvV73/qx+r5Z8IOmLxJxqCXIsJGnumH9XrRxuK0G+dkV6U oIMGHffZLoobdsB2c0YH++TzpvAOVjqiYOzr9Gx83DNBXCj8zeg+u7HrLrPIihG6V+RUQ1szT/1G vNA6XIrhblWTgQSx9baOUJXhbzdAqpFxwAohTHDar8egdU9tsROusuYTpFFn/55aWQZaX6a3HjYc 6A6ZfQFF1NGj28fvJ4GjAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g JMtUGjAdBgNVHQ4EFgQUHmkqtNwo/kcYTiELP7ysES/wmPUwDgYDVR0PAQH/BAQDAgGGMBIGA1Ud EwEB/wQIMAYBAf8CAQAwNgYDVR0lBC8wLQYIKwYBBQUHAwQGCisGAQQBgjcKAwQGCisGAQQBgjcK AwwGCSsGAQQBgjcVBTAXBgNVHSAEEDAOMAwGCiqGSIb4TQEFAWkwSQYDVR0fBEIwQDA+oDygOoY4 aHR0cDovL2NybC50cnVzdC1wcm92aWRlci5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmww OgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC50cnVzdC1wcm92aWRlci5j b20wNQYDVR0eBC4wLKAqMAuBCWludGVsLmNvbTAboBkGCisGAQQBgjcUAgOgCwwJaW50ZWwuY29t MA0GCSqGSIb3DQEBBQUAA4IBAQApws2j/ZKjUmeiLwbtblDoVI+rV+bIpbexIN/Vqa/IeSMSB3bm fswpEcYSZHHGjOI8qlyZt9dhT4nSDnrScKjmA8XvxZ3tmbNyYJybVQUV8jF/DpADX1tGlMLxswxp JISXzLf0+DBr4cQ2ag9mwzrcN1nrOIOc+pxJtx9izyp3+bl3baulerkgZVS1fotftH+FJLD/ex8B OcEuCIm2KVXJjs4YaZgoIBLYjTiK29JLVa15xdO305kPI1uXsu05sGuAwuFmSklb6k5H1/eHlUbZ Lm4qQDtOH00L0ShJx3BAIAjD5RYptJDQiyPZQUvt8cq+apYpVMv3yxHO8jex40LgMIIFijCCBHKg AwIBAgIKYSCKYgAAAAAACDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMR SW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHkludGVsIEV4dGVybmFsIEJhc2ljIFBvbGljeSBD QTAeFw0wOTA1MTUxOTI3MjZaFw0xNTA1MTUxOTM3MjZaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQK ExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWlu ZyBDQSAzQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQEM1Wn9TU9vc9C+/Tc7KB+ eiYElmrcEWE32WUdHvWG+IcQHVQsikTmMyKKojNLw2B5s6Iekc8ivDo/wCfjZzX9JyftMnc+AArc 0la87Olybzm8K9jXEfTBvTnUSFSiI9ZYefITdiUgqlAFuljFZEHYKYtLuhrRacpmQfP4mV63NKdc 2bT804HRf6YptZFa4k6YN94zlrGNrBuQQ74WFzz/jLBusbUpEkro6Mu/ZYFOFWQrV9lBhF9Ruk8y N+3N6n9fUo/qBigiF2kEn9xVh1ykl7SCGL2jBUkXx4qgV27a6Si8lRRdgrHGtN/HWnSWlLXTH5l5 75H4Lq++77OFv38CAwEAAaOCAlwwggJYMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFA7GKvdZ sggQkCVvw939imYxMCvFMAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQB gjcVAgQWBBQ5oFY2ekKQ/5Ktim+VdMeSWb4QWTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAf BgNVHSMEGDAWgBQaxgxKxEdvqNutK/D0Vgaj7TdUDDCBvQYDVR0fBIG1MIGyMIGvoIGsoIGphk5o dHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFz aWMlMjBQb2xpY3klMjBDQS5jcmyGV2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9z aXRvcnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNybDCB4wYI KwYBBQUHAQEEgdYwgdMwYwYIKwYBBQUHMAKGV2h0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRv cnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNy dDBsBggrBgEFBQcwAoZgaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9j ZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EuY3J0MA0G CSqGSIb3DQEBBQUAA4IBAQCxtQEHchVQhXyjEqtMVUMe6gkmPsIczHxSeqNbo9dsD+6xbT65JT+o YgpIAtfEsYXeUJu1cChqpb22U5bMAz7eaQcW5bzefufWvA6lg2048B8oczBj/q+5P5NpYrUO8jOm N4jTjfJq3ElZ7yFWpy7rB3Vm/aN6ATYqWfMbS/xfh+JCxmH3droUmMJI0/aZJHsLtjbjFnNsHDNr JZX1vxlM78Lb1hjskTENPmhbVbfTj5i/ZGnhv4tmI8QZPCNtcegXJrfhRl2D9bWpdTOPrWiLDUqz y1Z6KL7TcOS/PCl8RHCJXkPau/thTQCpIoDa2+c+3XA++gRTfAQ4svTO260NMIIF+zCCBOOgAwIB AgIKHtX06gABAACWPTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRSW50 ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0Eg M0IwHhcNMTIwNjA4MDgwNTExWhcNMTUwNTE1MTkzNzI2WjA3MRIwEAYDVQQDEwlXZWksIEdhbmcx ITAfBgkqhkiG9w0BCQEWEmdhbmcud2VpQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALNyfS4yC6aDo3DZ/oId96Dvi8CB5SJyDUcMhpKWZtzqPX2mMOqQNgv4qAtHUjt4 ibyPSjGZ+0EM3r63384gGcVR8+uxiuijBIOCkis6oGQ+TmBl1i28KobkE4jNnLCES0keisfNdzO8 vAOxIFbT9KxQl1f1MfvsZfyGfFYB53gHCh1VxdZ7a2XKaON+l2YYx2p5xGGZtDDb61ajXSGvdHK+ qMIfo7LMoZmY42t5NawgizwcqBPUOLR+JXOtyGGiXZx3wZPeRmZx/eCMPBhSlfewpvUrK8W0kL59 1Lv0HeUVEJye2bOmlLo1DeIp6KH9JujFB33KhHXvNsugc9IYUVMCAwEAAaOCAugwggLkMAsGA1Ud DwQEAwIHgDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiGw4x1hJnlUYP9gSiFjp9TgpHACWeB 3r05lfBDAgFkAgEIMB0GA1UdDgQWBBQYdG5bBKSgjlBUQ6dpUm2vjlkEKDAfBgNVHSMEGDAWgBQO xir3WbIIEJAlb8Pd/YpmMTArxTCBzwYDVR0fBIHHMIHEMIHBoIG+oIG7hldodHRwOi8vd3d3Lmlu dGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5n JTIwQ0ElMjAzQigxKS5jcmyGYGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRv cnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNCKDEpLmNy bDCB9QYIKwYBBQUHAQEEgegwgeUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3Jl cG9zaXRvcnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3Vpbmcl MjBDQSUyMDNCKDEpLmNydDB1BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5j b20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNz dWluZyUyMENBJTIwM0IoMSkuY3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMCkG CSsGAQQBgjcVCgQcMBowCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDDDBBBgNVHREEOjA4oCIGCisG AQQBgjcUAgOgFAwSZ2FuZy53ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZI hvcNAQEFBQADggEBAHuycX8AxjwfC5zmWDh0QpY8vDSgyLXaUDYKm2+ATDJDn5kALJgxAqaThvqG TH+oz73HQ7L8v7QxM0Yp1IQd/k5GeqMzhuXEoPM4rcORlOlvRqxBJNZUuYwxvyYaUpLU1W8EsOB2 zB31ykzdXH93b6ZpfJk78eqZuq00xHxU9mw4PXlWPnn1NDBYD1JH/ufCmpFk6sBE2bBf2u2miBEw HoRUyoH1nbu78aOs4mE6fRC9NutIriNPI2790R3FAY8dLWl3nrpXs80TrUCptat61uNRJDH06KXe 81QCtvDVlBGbZ4gqWR3PZGsnJKeOLOO38PQvFFm1Xjs4DVYiPVYyCTIwggZfMIIFR6ADAgECAgoX k5lZAAIAACHzMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIG A1UEBxMLU2FudGEgQ2xhcmExGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMSswKQYDVQQDEyJJ bnRlbCBFeHRlcm5hbCBCYXNpYyBJc3N1aW5nIENBIDRBMB4XDTEzMDgxOTAwMzYzN1oXDTE2MDgw MzAwMzYzN1owNzESMBAGA1UEAxMJV2VpLCBHYW5nMSEwHwYJKoZIhvcNAQkBFhJnYW5nLndlaUBp bnRlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5n/5H2E4IaFTN6vf/5c8e QY+u2n0X6FBqaOcJLEjHxkruNV8FYsNtngjFToTw6+1/UagW/vCKKovY9xdFN4hzbfufpgKS3qDm r4xi0b4d9hKIItaClYfbfO90qdz/GuFJByWmjqqjWmzgS1gHP8lV/7skH8ykBPXP1pdbi9zsR5qc dY1J9pv6+80W/7t6a1Hc/YcxiGPWBIoxeEcOwyIUvHkB3YCNiTF/b8Yd2XP7WOS5dTCyTQznSc4f LWh4/+9uJ2DwNJSwmA3i/E8Ypuj2nkl2sON5XhHwLgZPAubbVetnE9GhYqC2gMPAtGdanjq89qLp HooNYxSz5DBZ/qGXAgMBAAGjggMpMIIDJTALBgNVHQ8EBAMCBDAwPQYJKwYBBAGCNxUHBDAwLgYm KwYBBAGCNxUIhsOMdYSZ5VGD/YEohY6fU4KRwAlnhLnZQYeE/04CAWQCAQ0wRAYJKoZIhvcNAQkP BDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMH MB0GA1UdDgQWBBQXPB4WAJS7jGIRmmWelsAl0gdIyzAfBgNVHSMEGDAWgBQeaSq03Cj+RxhOIQs/ vKwRL/CY9TCByQYDVR0fBIHBMIG+MIG7oIG4oIG1hlRodHRwOi8vd3d3LmludGVsLmNvbS9yZXBv c2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjA0QS5j cmyGXWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIw RXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBLmNybDCB9QYIKwYBBQUHAQEEgegw geUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlmaWNh dGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBKDIpLmNydDB1 BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0 aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwNEEoMiku Y3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMEMCkGCSsGAQQBgjcVCgQcMBowCgYI KwYBBQUHAwQwDAYKKwYBBAGCNwoDBDBBBgNVHREEOjA4oCIGCisGAQQBgjcUAgOgFAwSZ2FuZy53 ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZIhvcNAQEFBQADggEBABbAGh9L zr7TdotBWnVEUR2ZohZjdhIs7vMslFWmwYvuge2PkPTUhV6sUDWEE04S7+L+XUIvm5DOMCoqY+eJ RfIDxpbqAEQOSf8Ro+xR2zsohSgbNiN7ocjh6siCW2FsPfdV2jV12eDMM4IvT5J2aAMLlQ8LSRq5 g+vaXrp0lengXNIGEUxHeQRTkQEEc/UsixV1FVBhlUjF5c6qKzSOY4xV/OMeMmxzoLf+h41zU4da TYEeXeWsed//nrtoTVOYSJ3bko6kpnP/sOVKN1dmWZWi8h2hg3MP42mTZI+fiLCgBsCqNFlbfXeC /OornRiCqKrjk1KERzICUuIKXYbqN+ExggPiMIID3gIBATBkMFYxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNz dWluZyBDQSAzQgIKHtX06gABAACWPTANBglghkgBZQMEAgEFAKCCAk8wGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMxMTE0MDMzMjU3WjAvBgkqhkiG9w0BCQQxIgQg XUuiZEbgSjX2nSgZ6Euk4dEoXbELtJaFeL32fQU0+TowgZgGCSsGAQQBgjcQBDGBijCBhzB5MQsw CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQKExFJ bnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBD QSA0QQIKF5OZWQACAAAh8zCBmgYLKoZIhvcNAQkQAgsxgYqggYcweTELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRp b24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0EgNEECCheTmVkAAgAA IfMwgasGCSqGSIb3DQEJDzGBnTCBmjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAoGCCqGSIb3 DQMHMAsGCWCGSAFlAwQBAjAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICAUAw DQYIKoZIhvcNAwICASgwCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwBwYF Kw4DAhowDQYJKoZIhvcNAQEBBQAEggEAmdlumGv1h01TVXAHfMwYI6HD4Dt230gAX11I2cEnlMbF qfkEDANoxPwV9A+cj+VGBC651Zz2HmvCazpZzTPrLGiX5KHwPEF35VbSTTHXwlWW9fMDOic0uXhb askkUxz2qTQYZQ7YYvmfbnw9H5uMqqJTiJZpkpWmcIrIOD2W4IXUPGL9V+76WdVOMX9AKDTH1ag3 VUsIl8qqRBAN3GXQkiHx43jWxAwdttxu30E6cSsgk2y3pgCJzZa+4lukKBz/ks/hf1/JjN7PBa6X +TK6NRPgY6cD0GE6fTNGsSBDf8FgSRQDUtdFyeR2XzlnhsyPQGy9JyhIOPs5dd9+v+/TjwAAAAAA AA== ------=_NextPart_000_0179_01CEE12D.43F59930--

Hi, As far as I see, port 8443 is not occupied and tomcat6 is running: root@host /usr/share/oat-client/script # netstat -anp | grep 8443 root@host /usr/share/oat-client/script # service tomcat6 status tomcat6 (pid 30950) is running... [ OK ] Also, just in case, I've checked if disabling iptables helps, and it doesn't; In the error trace, there is a line: *java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory)* and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; when is it supposed to be generated? cheers, /Nicolae On 14 November 2013 04:32, Wei, Gang <gang.wei@intel.com> wrote:
And you need to copy files from server to client before you try to run provisioner.sh every time you run OAT_configure.sh again.
Jimmy
-----Original Message----- From: Wei, Gang Sent: Thursday, November 14, 2013 11:26 AM To: Nicolae Paladi Cc: Doron Fediuck; users@ovirt.org; Wei, Gang Subject: RE: [Users] Trusted Pools and CentOS 6 packages
Can you try netstat -anp | grep 8443? Maybe it is occupied by apache.
Meanwhile check whether tomcat is up.
Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 10:43 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
I am using port 8443, since no other process -- as far as I know -- is using it;
below you will find all of the requested configuration files:
Contents of /etc/oat_client/*: log4j.properties: http://pastebin.com/MQLM68vs OAT.properties: http://pastebin.com/LwHihxah OATprovisioner.properties: http://pastebin.com/0x5TShtZ TPMModule.properties: http://pastebin.com/hvw9gfRE
server.xml: http://pastebin.com/VZ9Vk6iC OAT_client.sh: http://pastebin.com/St4yCGcF
provisioner.sh: http://pastebin.com/RedqQt8V
cheers, /Nicolae.
On 13 November 2013 14:47, Wei, Gang <gang.wei@intel.com> wrote:
This time it failed earlier. Looks like the PCA webservice2 was not listening on 8443 port. Have you replaced the port 8443 with 8442 in server side ($TOMCAT_HOME/conf/server.xml) but not change it in client side (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied by another app?
Please copy the content from your current server.xml, OAT_client.sh, provisioner.sh and /etc/oat-client/* into the content of your reply for analysis. (don't attach *.sh as attachments, that will get filtered by my company's mailing system).
Thanks Jimmy
> -----Original Message----- > From: Nicolae Paladi [mailto:n.paladi@gmail.com] > Sent: Wednesday, November 13, 2013 7:01 PM > To: Wei, Gang > Cc: Doron Fediuck; users@ovirt.org > Subject: Re: [Users] Trusted Pools and CentOS 6 packages >
> Hi, > > thank you for the feedback; > I've gone through the steps again, but obtained the exactly same problem: > > 1. I removed all of the previously installed packaged related to OAT. > > 2. I followed the tutorial, until this command: > > bash provisioner.sh > > provisioner.sh: line 7: systemctl: command not found > ### ecStorage = NVRAM### > Performing TPM provisioning...FAILED > javax.xml.ws.WebServiceException: Failed to access the WSDL at: >
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
> yService?wsdl. It failed with: > Connection refused. > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP
> arser.java:162) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:144) > at >
com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav
> a:265) > at >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
> at >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
> at >
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav
a:104 > ) > at javax.xml.ws.Service.<init>(Service.java:77) > at >
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe
bSer >
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService
Servi > ce.java:42) > at >
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe
bSer >
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
> entInvoker.java:32) > at >
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)
> Caused by: java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native Method) > at >
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav
a:339 > ) > at >
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI
mpl.j > ava:200) > at >
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > at java.net.Socket.connect(Socket.java:579) > at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) > at > sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) > at
sun.net.NetworkClient.doConnect(NetworkClient.java:180)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) > at >
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
> at > sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) > at >
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt
> tpClient(AbstractDelegateHttpsURLConnection.java:191) > at >
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec
> tion.java:932) > at >
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A
> bstractDelegateHttpsURLConnection.java:177) > at >
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
> ection.java:1300) > at >
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU
> RLConnectionImpl.java:254) > at java.net.URL.openStream(URL.java:1037) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD
> LParser.java:804) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL
> Parser.java:262) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:129) > ... 8 more > Failed to initialize the TPM, error 1 > Performing HIS identity provisioning...FAILED > gov.niarl.his.privacyca.TpmModule$TpmModuleException: > TpmModule.getCredential returned nonzero error: 2() > at >
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
> at >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
ava: > 217) > Failed to receive AIC from Privacy CA, error 1 > Registering identity with server...FAILED > java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No
such file
or > directory) > at java.io.FileInputStream.open(Native Method) > at
java.io.FileInputStream.<init>(FileInputStream.java:146)
> at
java.io.FileInputStream.<init>(FileInputStream.java:101)
> at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > at >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
9 ) > Failed to register identity with appraiser, error 1 >
> Should I have updated anything else? > > cheers, > /Nicolae. > > > > On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote: > > > This is indeed an issue caused by the incompatibility between OAT tpm > access > code & tpm-tools(tpm_takeownership -z). It has already been fixed. > Please > follow below wiki and try again. >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> Recipe. > > Thanks > Jimmy > > Nicolae Paladi wrote on 2013-10-28: > > > Hi, I've followed the recipe > > >
( https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> > > i pe) but didn't get it to run yet; I think a step is
missing --
the AIK > > > is not available is /usr/share/oat-client (it was not
available in
> > /var/lig/oat-appraiser/ClientFiles either); when I try to
run
> > provisioner.sh, I get the following: provisioner.sh: line
7:
systemctl: > > command not found ### ecStorage = NVRAM### Performing TPM > > provisioning...710 DONE Successfully initialized TPM Performing HIS > > identity provisioning...FAILED java.util.NoSuchElementException > > at > java.util.StringTokenizer.nextToken(StringTokenizer.java:349) > > at > > >
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
> > 5) > > at > > >
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> > 2) > > at > >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> > > r.java: 225) Failed to receive AIC from Privacy CA, error
1
Registering > > > identity with server...FAILED
java.io.FileNotFoundException:
> > /usr/share/oat-client/aik.cer (No such file or directory) > > at java.io.FileInputStream.open(Native Method) > > at java.io.FileInputStream.<init>(FileInputStream.java:137) > > at java.io.FileInputStream.<init>(FileInputStream.java:96) > > at >
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> > at > > >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> 9 > ) > > Failed to register identity with appraiser, error 1 > > > > > > > > Thanks, > > /Nicolae > > > > > > On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote: > > > > > > Awesome, thanks! > > > > I'll try this out in the morning > > > > /Nicolae > > > > > > On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> > wrote: > > > > > > Please refer to > > > > >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> > Recipe. > > > > Jimmy > >

------=_NextPart_000_02D1_01CEE1EC.B38C9770 Content-Type: multipart/alternative; boundary="----=_NextPart_001_02D2_01CEE1EC.B38C9770" ------=_NextPart_001_02D2_01CEE1EC.B38C9770 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit So, just as what I suggested in last mail, please copy the files from server to client again and run provisioner.sh: 1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to client. Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer to :/usr/share/oat-client/ Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks to :/usr/share/oat-client/ Notes: please repeat above steps in case you have re-deployed your oat appraiser. Thanks Jimmy From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Thursday, November 14, 2013 6:30 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages Hi, As far as I see, port 8443 is not occupied and tomcat6 is running: root@host /usr/share/oat-client/script # netstat -anp | grep 8443 root@host /usr/share/oat-client/script # service tomcat6 status tomcat6 (pid 30950) is running... [ OK ] Also, just in case, I've checked if disabling iptables helps, and it doesn't; In the error trace, there is a line: java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; when is it supposed to be generated? cheers, /Nicolae On 14 November 2013 04:32, Wei, Gang <gang.wei@intel.com> wrote: And you need to copy files from server to client before you try to run provisioner.sh every time you run OAT_configure.sh again. Jimmy
-----Original Message----- From: Wei, Gang Sent: Thursday, November 14, 2013 11:26 AM To: Nicolae Paladi Cc: Doron Fediuck; users@ovirt.org; Wei, Gang Subject: RE: [Users] Trusted Pools and CentOS 6 packages
Can you try netstat -anp | grep 8443? Maybe it is occupied by apache.
Meanwhile check whether tomcat is up.
Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 10:43 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
I am using port 8443, since no other process -- as far as I know -- is using it;
below you will find all of the requested configuration files:
Contents of /etc/oat_client/*: log4j.properties: http://pastebin.com/MQLM68vs OAT.properties: http://pastebin.com/LwHihxah OATprovisioner.properties: http://pastebin.com/0x5TShtZ TPMModule.properties: http://pastebin.com/hvw9gfRE
server.xml: http://pastebin.com/VZ9Vk6iC OAT_client.sh: http://pastebin.com/St4yCGcF
provisioner.sh: http://pastebin.com/RedqQt8V
cheers, /Nicolae.
On 13 November 2013 14:47, Wei, Gang <gang.wei@intel.com> wrote:
This time it failed earlier. Looks like the PCA webservice2 was not listening on 8443 port. Have you replaced the port 8443 with 8442 in server side ($TOMCAT_HOME/conf/server.xml) but not change it in client side (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied by another app?
Please copy the content from your current server.xml, OAT_client.sh, provisioner.sh and /etc/oat-client/* into the content of your reply for analysis. (don't attach *.sh as attachments, that will get filtered by my company's mailing system).
Thanks Jimmy
> -----Original Message----- > From: Nicolae Paladi [mailto:n.paladi@gmail.com] > Sent: Wednesday, November 13, 2013 7:01 PM > To: Wei, Gang > Cc: Doron Fediuck; users@ovirt.org > Subject: Re: [Users] Trusted Pools and CentOS 6 packages >
> Hi, > > thank you for the feedback; > I've gone through the steps again, but obtained the exactly same problem: > > 1. I removed all of the previously installed packaged related to OAT. > > 2. I followed the tutorial, until this command: > > bash provisioner.sh > > provisioner.sh: line 7: systemctl: command not found > ### ecStorage = NVRAM### > Performing TPM provisioning...FAILED > javax.xml.ws.WebServiceException: Failed to access the WSDL at: >
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
> yService?wsdl. It failed with: > Connection refused. > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP
> arser.java:162) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:144) > at >
com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav
> a:265) > at >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
> at >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
> at >
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav
a:104 > ) > at javax.xml.ws.Service.<init>(Service.java:77) > at >
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe
bSer >
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService
Servi > ce.java:42) > at >
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe
bSer >
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
> entInvoker.java:32) > at >
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)
> Caused by: java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native Method) > at >
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav
a:339 > ) > at >
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI
mpl.j > ava:200) > at >
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > at java.net.Socket.connect(Socket.java:579) > at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) > at > sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) > at sun.net.NetworkClient.doConnect(NetworkClient.java:180) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) > at >
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
> at > sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) > at >
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt
> tpClient(AbstractDelegateHttpsURLConnection.java:191) > at >
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec
> tion.java:932) > at >
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A
> bstractDelegateHttpsURLConnection.java:177) > at >
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
> ection.java:1300) > at >
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU
> RLConnectionImpl.java:254) > at java.net.URL.openStream(URL.java:1037) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD
> LParser.java:804) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL
> Parser.java:262) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:129) > ... 8 more > Failed to initialize the TPM, error 1 > Performing HIS identity provisioning...FAILED > gov.niarl.his.privacyca.TpmModule$TpmModuleException: > TpmModule.getCredential returned nonzero error: 2() > at >
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
> at >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
ava: > 217) > Failed to receive AIC from Privacy CA, error 1 > Registering identity with server...FAILED > java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No
such file
or > directory) > at java.io.FileInputStream.open(Native Method) > at
java.io.FileInputStream.<init>(FileInputStream.java:146)
> at
java.io.FileInputStream.<init>(FileInputStream.java:101)
> at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > at >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
9 ) > Failed to register identity with appraiser, error 1 >
> Should I have updated anything else? > > cheers, > /Nicolae. > > > > On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote: > > > This is indeed an issue caused by the incompatibility between OAT tpm > access > code & tpm-tools(tpm_takeownership -z). It has already been fixed. > Please > follow below wiki and try again. >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> Recipe. > > Thanks > Jimmy > > Nicolae Paladi wrote on 2013-10-28: > > > Hi, I've followed the recipe > > >
(https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> > > i pe) but didn't get it to run yet; I think a step is
missing --
the AIK > > > is not available is /usr/share/oat-client (it was not
available in
> > /var/lig/oat-appraiser/ClientFiles either); when I try to
run
> > provisioner.sh, I get the following: provisioner.sh: line
7:
systemctl: > > command not found ### ecStorage = NVRAM### Performing TPM > > provisioning...710 DONE Successfully initialized TPM Performing HIS > > identity provisioning...FAILED java.util.NoSuchElementException > > at > java.util.StringTokenizer.nextToken(StringTokenizer.java:349) > > at > > >
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
> > 5) > > at > > >
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> > 2) > > at > >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> > > r.java: 225) Failed to receive AIC from Privacy CA, error
1
Registering > > > identity with server...FAILED
java.io.FileNotFoundException:
> > /usr/share/oat-client/aik.cer (No such file or directory) > > at java.io.FileInputStream.open(Native Method) > > at java.io.FileInputStream.<init>(FileInputStream.java:137) > > at java.io.FileInputStream.<init>(FileInputStream.java:96) > > at >
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> > at > > >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> 9 > ) > > Failed to register identity with appraiser, error 1 > > > > > > > > Thanks, > > /Nicolae > > > > > > On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote: > > > > > > Awesome, thanks! > > > > I'll try this out in the morning > > > > /Nicolae > > > > > > On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> > wrote: > > > > > > Please refer to > > > > >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> > Recipe. > > > > Jimmy > >
> > > ava:144)<br>> > > = at<br>> > ><br>> = ><br>> = com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav<b= r>> > > a:265)<br>> > > = at<br>> > ><br>> = ><br>> = com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.ja= va:228)<br>> > > = at<br>> > ><br>> ><br>> = com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.ja= va:176)<br>> > > = at<br>> > ><br>> ><br>> = com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav<br= > > a:104<br>> > > )<br>> > = > at = javax.xml.ws.Service.<init>(Service.java:77)<br>> > = > at<br>> > = ><br>> ><br>> = gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe<b= r>> > bSer<br>> > ><br>> ><br>> = vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactorySer= vice<br>> > Servi<br>> > > = ce.java:42)<br>> > > = at<br>> > ><br>> ><br>> = gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe<b= r>> > bSer<br>> > ><br>> ><br>> = vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cl= i<br>> > > entInvoker.java:32)<br>> > = > at<br>> > = ><br>> = ><br>gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.= java:205)<br>> > > Caused by: = java.net.ConnectException: Connection refused<br>> > = > at = java.net.PlainSocketImpl.socketConnect(Native Method)<br>> > = > at<br>> > = ><br>> ><br>> = java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav<br= > > a:339<br>> > > )<br>> > = > at<br>> > = ><br>> ><br>> = java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI<br= > > mpl.j<br>> > > ava:200)<br>> > = > at<br>> > = ><br>> = ><br>java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.= java:182)<br>> > > = at<br>> > = java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)<br>> > = > at = java.net.Socket.connect(Socket.java:579)<br>> > > = at<br>> > = sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)<br>> = > > at<br>> > = ><br>> > = sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)<br= > > > at = sun.net.NetworkClient.doConnect(NetworkClient.java:180)<br>> > = > at<br>> > = sun.net.www.http.HttpClient.openServer(HttpClient.java:432)<br>> > = > at<br>> > = sun.net.www.http.HttpClient.openServer(HttpClient.java:527)<br>> > = > at<br>> > = ><br>> = sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)= <br>> > > at<br>> = > > = sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)<br>> = > > at<br>> > = ><br>> ><br>> = sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt<br= > > > = tpClient(AbstractDelegateHttpsURLConnection.java:191)<br>> > = > at<br>> > = ><br>> ><br>> = sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec<br= > > > tion.java:932)<br>> > = > at<br>> > = ><br>> ><br>> = sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A<b= r>> > > = bstractDelegateHttpsURLConnection.java:177)<br>> > = > at<br>> > = ><br>> ><br>> = sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn<br= > > > ection.java:1300)<br>> > = > at<br>> > = ><br>> ><br>> = sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU<b= r>> > > RLConnectionImpl.java:254)<br>> > = > at = java.net.URL.openStream(URL.java:1037)<br>> > > = at<br>> > ><br>> = ><br>> = com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD<br>&= gt; > > LParser.java:804)<br>> > = > at<br>> > = ><br>> ><br>> = com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL<br>&= gt; > > Parser.java:262)<br>> > = > at<br>> > = ><br>> ><br>> = com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br= > > > ava:129)<br>> > > = ... 8 more<br>> > > = Failed to initialize the TPM, error 1<br>> > > = Performing HIS identity provisioning...FAILED<br>> > = > gov.niarl.his.privacyca.TpmModule$TpmModuleException:<br>> > = > TpmModule.getCredential returned nonzero error: = 2()<br>> > > = at<br>> > ><br>> = gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)<br>&g= t; > > at<br>> > = ><br>> = ><br>><br>gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisId= entityProvisioner.j<br>> > ava:<br>> > = > 217)<br>> > > Failed to receive AIC = from Privacy CA, error 1<br>> > > Registering = identity with server...FAILED<br>> > > = java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No<br>> = such file<br>> > or<br>> > > =
> > > > 5)<br>> > = > > = at<br>> > > ><br>> = > ><br>> ><br>> = gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:2= 9<br>> > > > 2)<br>> = > > > = at<br>> > > = ><br>> ><br>> = gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione= <br>> > ><br>> > > = > r.java: 225) Failed to receive AIC from Privacy CA, = error<br>> 1<br>> > Registering<br>> > = ><br>> > > = > identity with server...FAILED<br>> = java.io.FileNotFoundException:<br>> > > = > /usr/share/oat-client/aik.cer (No such file or =
------=_NextPart_001_02D2_01CEE1EC.B38C9770 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" = xmlns=3D"http://www.w3.org/TR/REC-html40"><head><META = HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 14 = (filtered medium)"><style><!-- /* Font Definitions */ @font-face {font-family:Helvetica; panose-1:2 11 6 4 2 2 2 2 2 4;} @font-face {font-family:SimSun; panose-1:2 1 6 0 3 1 1 1 1 1;} @font-face {font-family:SimSun; panose-1:2 1 6 0 3 1 1 1 1 1;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:SimSun; panose-1:2 1 6 0 3 1 1 1 1 1;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman","serif";} h3 {mso-style-priority:9; mso-style-link:"Heading 3 Char"; mso-margin-top-alt:auto; margin-right:0cm; mso-margin-bottom-alt:auto; margin-left:0cm; font-size:13.5pt; font-family:SimSun; font-weight:bold;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0cm; mso-margin-bottom-alt:auto; margin-left:0cm; font-size:12.0pt; font-family:SimSun;} span.EmailStyle17 {mso-style-type:personal-reply; font-family:"Calibri","sans-serif"; color:#1F497D;} span.Heading3Char {mso-style-name:"Heading 3 Char"; mso-style-priority:9; mso-style-link:"Heading 3"; font-family:SimSun; font-weight:bold;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri","sans-serif";} @page WordSection1 {size:612.0pt 792.0pt; margin:72.0pt 90.0pt 72.0pt 90.0pt;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--></head><body lang=3DZH-CN link=3Dblue = vlink=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><span = lang=3DEN-US = style=3D'font-size:10.5pt;font-family:"Calibri","sans-serif";color:#1F497= D'>So, just as what I suggested in last mail, please copy the files from = server to client again and run provisioner.sh:<o:p></o:p></span></p><p = class=3DMsoNormal><span lang=3DEN-US = style=3D'font-size:10.5pt;font-family:"Calibri","sans-serif";color:#1F497= D'><o:p> </o:p></span></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:12.0pt;margin-right:0cm;margin-bottom:11.25pt= ;margin-left:0cm;background:white'><b><span lang=3DEN-US = style=3D'font-size:18.0pt;font-family:"Helvetica","sans-serif";color:#333= 333'>1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to = client.<o:p></o:p></span></b></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:11.25pt;margin-right:0cm;margin-bottom:11.25p= t;margin-left:0cm;line-height:18.75pt;background:white'><span = lang=3DEN-US = style=3D'font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333= 333'>Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer to = :/usr/share/oat-client/<o:p></o:p></span></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:11.25pt;margin-right:0cm;margin-bottom:11.25p= t;margin-left:0cm;line-height:18.75pt;background:white'><span = lang=3DEN-US = style=3D'font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333= 333'>Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks to = :/usr/share/oat-client/<o:p></o:p></span></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:11.25pt;margin-right:0cm;margin-bottom:11.25p= t;margin-left:0cm;line-height:18.75pt;background:white'><b><i><span = lang=3DEN-US = style=3D'font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333= 333'>Notes: please repeat above steps in case you have re-deployed your = oat appraiser.</span></i></b><span lang=3DEN-US = style=3D'font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333= 333'><o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN = style=3D'font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o= :p></span></p><p class=3DMsoNormal><span lang=3DEN = style=3D'font-family:"Calibri","sans-serif";color:#1F497D'>Thanks<o:p></o= :p></span></p><p class=3DMsoNormal><span lang=3DEN = style=3D'font-family:"Calibri","sans-serif";color:#1F497D'>Jimmy<o:p></o:= p></span></p><p class=3DMsoNormal><span lang=3DEN-US = style=3D'font-size:10.5pt;font-family:"Calibri","sans-serif";color:#1F497= D'><o:p> </o:p></span></p><div = style=3D'border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm = 4.0pt'><div><div style=3D'border:none;border-top:solid #B5C4DF = 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=3DMsoNormal><b><span = lang=3DEN-US = style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span>= </b><span lang=3DEN-US = style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Nicolae = Paladi [mailto:n.paladi@gmail.com] <br><b>Sent:</b> Thursday, November = 14, 2013 6:30 PM<br><b>To:</b> Wei, Gang<br><b>Cc:</b> Doron Fediuck; = users@ovirt.org<br><b>Subject:</b> Re: [Users] Trusted Pools and CentOS = 6 packages<o:p></o:p></span></p></div></div><p class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p><div><p class=3DMsoNormal><span = lang=3DEN-US>Hi, <o:p></o:p></span></p><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span lang=3DEN-US>As far as I see, port 8443 is not = occupied and tomcat6 is running:<o:p></o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><div><p = class=3DMsoNormal><span lang=3DEN-US>root@host = /usr/share/oat-client/script # netstat -anp | grep = 8443<o:p></o:p></span></p></div><div><p class=3DMsoNormal><span = lang=3DEN-US>root@host /usr/share/oat-client/script # service tomcat6 = status<o:p></o:p></span></p></div><div><p class=3DMsoNormal><span = lang=3DEN-US>tomcat6 (pid 30950) is running... = [ = OK ]<o:p></o:p></span></p></div></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span lang=3DEN-US>Also, just in case, I've checked if = disabling iptables helps, and it = doesn't;<o:p></o:p></span></p></div><div><p class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span lang=3DEN-US>In the error trace, there is a = line: <o:p></o:p></span></p></div><div><p = class=3DMsoNormal><b><span lang=3DEN-US>java.io.FileNotFoundException: = /usr/share/oat-client/aik.cer (No such file or = directory)</span></b><span = lang=3DEN-US><o:p></o:p></span></p></div><div><p class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span lang=3DEN-US>and indeed, there is not file = aik.cer at /usr/share/oat-client/aik.cer; when is it supposed = to<o:p></o:p></span></p></div><div><p class=3DMsoNormal><span = lang=3DEN-US>be generated?<o:p></o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US>cheers,<o:p></o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US>/Nicolae<o:p></o:p></span></p></div><div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div></div><div><p = class=3DMsoNormal style=3D'margin-bottom:12.0pt'><span = lang=3DEN-US><o:p> </o:p></span></p><div><p class=3DMsoNormal><span = lang=3DEN-US>On 14 November 2013 04:32, Wei, Gang <<a = href=3D"mailto:gang.wei@intel.com" = target=3D"_blank">gang.wei@intel.com</a>> = wrote:<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US>And = you need to copy files from server to client before you try to = run<br>provisioner.sh every time you run OAT_configure.sh = again.<br><br>Jimmy<o:p></o:p></span></p><div><div><p class=3DMsoNormal = style=3D'margin-bottom:12.0pt'><span lang=3DEN-US><br><br>> = -----Original Message-----<br>> From: Wei, Gang<br>> Sent: = Thursday, November 14, 2013 11:26 AM<br>> To: Nicolae Paladi<br>> = Cc: Doron Fediuck; <a = href=3D"mailto:users@ovirt.org">users@ovirt.org</a>; Wei, Gang<br>> = Subject: RE: [Users] Trusted Pools and CentOS 6 packages<br>><br>> = Can you try netstat -anp | grep 8443? Maybe it is occupied by = apache.<br>><br>> Meanwhile check whether tomcat is = up.<br>><br>> Jimmy<br>><br>><br>> > -----Original = Message-----<br>> > From: Nicolae Paladi [mailto:<a = href=3D"mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>]<br>> > = Sent: Wednesday, November 13, 2013 10:43 PM<br>> > To: Wei, = Gang<br>> > Cc: Doron Fediuck; <a = href=3D"mailto:users@ovirt.org">users@ovirt.org</a><br>> > = Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>> = ><br>> > Hi,<br>> ><br>> > I am using port 8443, = since no other process -- as far as I know -- is<br>> using = it;<br>> ><br>> > below you will find all of the requested = configuration files:<br>> ><br>> > Contents of = /etc/oat_client/*:<br>> > log4j.properties: <a = href=3D"http://pastebin.com/MQLM68vs" = target=3D"_blank">http://pastebin.com/MQLM68vs</a><br>> > = OAT.properties: <a href=3D"http://pastebin.com/LwHihxah" = target=3D"_blank">http://pastebin.com/LwHihxah</a><br>> > = OATprovisioner.properties: <a href=3D"http://pastebin.com/0x5TShtZ" = target=3D"_blank">http://pastebin.com/0x5TShtZ</a><br>> > = TPMModule.properties: <a href=3D"http://pastebin.com/hvw9gfRE" = target=3D"_blank">http://pastebin.com/hvw9gfRE</a><br>> ><br>> = ><br>> > server.xml: <a href=3D"http://pastebin.com/VZ9Vk6iC" = target=3D"_blank">http://pastebin.com/VZ9Vk6iC</a><br>> > = OAT_client.sh: <a href=3D"http://pastebin.com/St4yCGcF" = target=3D"_blank">http://pastebin.com/St4yCGcF</a><br>> ><br>> = > provisioner.sh: <a href=3D"http://pastebin.com/RedqQt8V" = target=3D"_blank">http://pastebin.com/RedqQt8V</a><br>> ><br>> = ><br>> > cheers,<br>> > /Nicolae.<br>> ><br>> = ><br>> > On 13 November 2013 14:47, Wei, Gang <<a = href=3D"mailto:gang.wei@intel.com">gang.wei@intel.com</a>> = wrote:<br>> ><br>> ><br>> > This time it = failed earlier. Looks like the PCA webservice2 was not<br>> > = listening on 8443 port. Have you replaced the port 8443 = with 8442 in<br>> > server<br>> > side = ($TOMCAT_HOME/conf/server.xml) but not change it in client side<br>> = > (/usr/share/oat-client/script/OAT_client.sh)? Or the = 8443 port is<br>> occupied<br>> > by another = app?<br>> ><br>> > Please copy the content = from your current server.xml, OAT_client.sh,<br>> > = provisioner.sh and /etc/oat-client/* into the content of your = reply<br>> for<br>> > analysis. (don't attach = *.sh as attachments, that will get filtered<br>> by my<br>> > = company's mailing system).<br>> ><br>> > = Thanks<br>> > Jimmy<br>> = ><br>> ><br>> ><br>> > > = -----Original Message-----<br>> > > From: Nicolae = Paladi [mailto:<a = href=3D"mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>]<br>> > = > Sent: Wednesday, November 13, 2013 7:01 PM<br>> = > > To: Wei, Gang<br>> > > = Cc: Doron Fediuck; <a = href=3D"mailto:users@ovirt.org">users@ovirt.org</a><br>> > = > Subject: Re: [Users] Trusted Pools and CentOS 6 = packages<br>> > ><br>> ><br>> > = > Hi,<br>> > ><br>> > = > thank you for the feedback;<br>> > = > I've gone through the steps again, but obtained the exactly = same<br>> > problem:<br>> > ><br>> > = > 1. I removed all of the previously installed packaged = related to<br>> OAT.<br>> > ><br>> > = > 2. I followed the tutorial, until this = command:<br>> > ><br>> > > = bash provisioner.sh<br>> > ><br>> > = > provisioner.sh: line 7: systemctl: command not found<br>> = > > ### ecStorage =3D NVRAM###<br>> > = > Performing TPM provisioning...FAILED<br>> > = > javax.xml.ws.WebServiceException: Failed to access the WSDL = at:<br>> > ><br>> ><br>> <a = href=3D"https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebServic= e2Factor" = target=3D"_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyC= AWebService2Factor</a><br>> > > yService?wsdl. It = failed with:<br>> > > = Connection refused.<br>> > > = at<br>> > ><br>> ><br>> = com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP<br>&= gt; > > arser.java:162)<br>> > = > at<br>> > = ><br>> ><br>> = com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br= directory)<br>> > > = at java.io.FileInputStream.open(Native Method)<br>> > = > at<br>> = java.io.FileInputStream.<init>(FileInputStream.java:146)<br>> = > > at<br>> = java.io.FileInputStream.<init>(FileInputStream.java:101)<br>> = > > at<br>> > = = gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>> = > > at<br>> > = ><br>> ><br>> = ><br>><br>gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegis= terIdentity.java:9<br>> > 9<br>> > )<br>> = > > Failed to register identity with appraiser, = error 1<br>> > ><br>> ><br>> > = > Should I have updated anything else?<br>> > = ><br>> > > cheers,<br>> > = > /Nicolae.<br>> > ><br>> > = ><br>> > ><br>> > = > On 1 November 2013 10:14, Wei, Gang <<a = href=3D"mailto:gang.wei@intel.com">gang.wei@intel.com</a>> = wrote:<br>> > ><br>> > = ><br>> > > This is indeed = an issue caused by the incompatibility<br>> between<br>> > = OAT<br>> > tpm<br>> > > = access<br>> > > code & = tpm-tools(tpm_takeownership -z). It has already been<br>> > = fixed.<br>> > > Please<br>> > = > follow below wiki and try again.<br>> > = ><br>> ><br>> <a = href=3D"https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-R= HEL-" = target=3D"_blank">https://github.com/OpenAttestation/OpenAttestation/wiki= /OAT-for-RHEL-</a><br>> > > Recipe.<br>> > = ><br>> > > = Thanks<br>> > > = Jimmy<br>> > ><br>> > > = Nicolae Paladi wrote on 2013-10-28:<br>> > = ><br>> > > = > Hi, I've followed the recipe<br>> > > = ><br>> > ><br>> ><br>> = (<a = href=3D"https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-R= HEL-Rec" = target=3D"_blank">https://github.com/OpenAttestation/OpenAttestation/wiki= /OAT-for-RHEL-Rec</a><br>> > ><br>> > = > > i pe) but didn't get it to = run yet; I think a step is<br>> missing --<br>> > = the AIK<br>> > ><br>> > > = > is not available is /usr/share/oat-client (it = was not<br>> available in<br>> > > = > /var/lig/oat-appraiser/ClientFiles either); when I = try to<br>> run<br>> > > = > provisioner.sh, I get the following: provisioner.sh: line<br>> = 7:<br>> > systemctl:<br>> > > = > command not found ### ecStorage =3D NVRAM### = Performing<br>> > TPM<br>> > > = > provisioning...710 DONE Successfully initialized = TPM<br>> > Performing<br>> > HIS<br>> > = > > identity = provisioning...FAILED<br>> > = java.util.NoSuchElementException<br>> > > = > at<br>> > = > = java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>> = > > > = at<br>> > > = ><br>> > ><br>> ><br>> = gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21<br= directory)<br>> > > > = at java.io.FileInputStream.open(Native = Method)<br>> > > > = at<br>> > = java.io.FileInputStream.<init>(FileInputStream.java:137)<br>> = > > > = at<br>> > = java.io.FileInputStream.<init>(FileInputStream.java:96)<br>> = > > > = at<br>> > ><br>> = gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>> = > > > = at<br>> > > = ><br>> > ><br>> = ><br>><br>gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegis= terIdentity.java:9<br>> > > 9<br>> > = > )<br>> > > = > Failed to register identity with appraiser, = error 1<br>> > > = ><br>> > > ><br>> = > > ><br>> > = > > Thanks,<br>> > = > > /Nicolae<br>> > > = ><br>> > > = ><br>> > > > On = 27 October 2013 22:55, Nicolae Paladi<br>> > <<a = href=3D"mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>><br>> = > wrote:<br>> > > = ><br>> > > = ><br>> > > > = Awesome, thanks!<br>> > > = ><br>> > > = > I'll try this out in the morning<br>> > = > ><br>> > = > > /Nicolae<br>> = > > ><br>> > = > ><br>> > > = > On 27 October 2013 17:03, = Wei, Gang<br>> > <<a = href=3D"mailto:gang.wei@intel.com">gang.wei@intel.com</a>><br>> = > > wrote:<br>> > > = ><br>> > > = ><br>> > > > = Please refer to<br>> > = > ><br>> > = > ><br>> > ><br>> = ><br>> <a = href=3D"https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-R= HEL-" = target=3D"_blank">https://github.com/OpenAttestation/OpenAttestation/wiki= /OAT-for-RHEL-</a><br>> > > = > Recipe.<br>> > > = ><br>> > > > = Jimmy<br>> > = ><br>> > ><br>> ><br>> = ><br>> ><o:p></o:p></span></p></div></div></div><p = class=3DMsoNormal><span = lang=3DEN-US><o:p> </o:p></span></p></div></div></div></body></html> ------=_NextPart_001_02D2_01CEE1EC.B38C9770-- ------=_NextPart_000_02D1_01CEE1EC.B38C9770 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCIX4w ggMgMIICiaADAgECAgQ13vTPMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQK EwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw HhcNOTgwODIyMTY0MTUxWhcNMTgwODIyMTY0MTUxWjBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMH RXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBXbFYZwhi7qCaLR8IbZEUaJgKHv7aBG8ThGIhw9F8 zp8F4LgB8E407OKKlQRkrPFrU18Fs8tngL9CAo7+3QEJ7OEAFE/8+/AM3UO6WyvhH4BwmRVXkxbx D5dqt8JoIxzMTVkwrFEeO68r1u5jRXvF2V9Q0uNQDzqI578U/eDHuQIDAQABo4IBCTCCAQUwcAYD VR0fBGkwZzBloGOgYaRfMF0xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQL EyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwGgYD VR0QBBMwEYEPMjAxODA4MjIxNjQxNTFaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBRI5mj5K9Ky lddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUSOZo+SvSspXXR9gjIBBPM5iQn9QwDAYDVR0TBAUwAwEB /zAaBgkqhkiG9n0HQQAEDTALGwVWMy4wYwMCBsAwDQYJKoZIhvcNAQEFBQADgYEAWM4p6vz33rXO ArkXtYXRuePglcwlMQ0AppJuf7aSY55QldGab+QR3mOFbpjuqP9ayNNVsmZxV97AIes9KqcjSQEE hkJ7/O5/ohZStWdn00DbOyZYsih3Pa4Ud2HW+ipmJ6AN+qdzXOpw8ZQhZURf+vzvKWipood573nv T6wHdzgwggM9MIICpqADAgECAgMFsP8wDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAO BgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhv cml0eTAeFw0wNjAyMTYxODAxMzBaFw0xNjAyMTkxODAxMzBaMFIxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjEnMCUGA1UEAxMeSW50ZWwgRXh0ZXJuYWwgQmFzaWMgUG9s aWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaXf1zm/UFahGfJkNdONk3Ti KtwEwyLFdsQ8rd9Mi8jEeVo7brNG59wfoXvPQYjTvyz+vqxcxMJQ+eT5V/hyxiCnjTRve3asnN9B RJRFI2c02RatjeHt5FSf1wBBIADc1fL/aqe6lsMboD4H3N8/QZGKLfgon6M3sRy2/4RGY/siEglO tZEWb7kkNBNdcmC+HUYHIJSXmh6N6F+e67yHJGi7GFef9QI/kfAzNT6ZPeuV0ACrB358k+wuEudE +JVZ+Jc9+sDnTWZ/83oBtc6eNZZ6ExX0+CrilSR+ce2A9aeim4CQii6L57oxrqIargTX3VyqWZL8 +qRr/ogtR2sCXQIDAQABo4GgMIGdMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUGsYMSsRHb6jb rSvw9FYGo+03VAwwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwDwYDVR0TAQH/ BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQATEDitpFSlSJVFsC03csCfntjvjwv7kJbSthd5Ucqz 3wZ+vbTpCD+EoAyTn7McqGyKzy3u+ZAS8Pg6JtdzgQ6fxDGSWdQoJUH1VfHKPZk92mTI0hhkIjIJ CS0d4zH6/dNH12So+V3qgifiT9JhISRhHVQmPhRZZLCY1fOnw66tUDCCBDYwggMeoAMCAQICAQEw DQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYD VQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0 ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMG8xCzAJBgNVBAYT AlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQ IE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC39xoz5vIABC054E5b7R+8bA/Ntfojts7emxEzl6QpTH2Tn71K vJPtAxrjj8/lbVBa1pcplFqAsEl62y6V/bjKvzc4LR4+kUGtcFbH8E8/6DKedMrIkFTpxl8PeJ2a QDwOrGGqXhSPnoehalDc15pOrwWzpnGUnHGzUGAKxxOdOAeGAqjpqGkmGJCrTLBPI6s6T4TY386f 4Wlvu9dC12tE5Met7m1BX3JacQg3s3llpFmglDf3AC8NwpJy2tA4ctsUqEXEXSp9t7TWxO6szRNE t8kr3UMAJfphuWlqWCMRt6czj1Z1WfXNKddGtworZbbTQm8Vsrh7++/pXVPVNFonAgMBAAGjgdww gdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQG EwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3 DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n /PYmE8eAFqW/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt 7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIF UdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZg D8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEMIIE6zCCA9OgAwIBAgIQUukC yhHoRJ2UZTgvoxowuzANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRk VHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQD ExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTEzMDMxOTAwMDAwMFoXDTIwMDUzMDEwNDgz OFoweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgG A1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElz c3VpbmcgQ0EgNEEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgsMyAndhJVfoD2wT6 OMfdv4XddrzrPcssq7/pa+Mh29RvGejPaqe+X1QpAjewTXNRFDGt+C+0/Rs+C3W4PAB8tzofl6qf KL7sWs+xMYJHiDAOarVaRNCA0M1dSBvvV73/qx+r5Z8IOmLxJxqCXIsJGnumH9XrRxuK0G+dkV6U oIMGHffZLoobdsB2c0YH++TzpvAOVjqiYOzr9Gx83DNBXCj8zeg+u7HrLrPIihG6V+RUQ1szT/1G vNA6XIrhblWTgQSx9baOUJXhbzdAqpFxwAohTHDar8egdU9tsROusuYTpFFn/55aWQZaX6a3HjYc 6A6ZfQFF1NGj28fvJ4GjAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g JMtUGjAdBgNVHQ4EFgQUHmkqtNwo/kcYTiELP7ysES/wmPUwDgYDVR0PAQH/BAQDAgGGMBIGA1Ud EwEB/wQIMAYBAf8CAQAwNgYDVR0lBC8wLQYIKwYBBQUHAwQGCisGAQQBgjcKAwQGCisGAQQBgjcK AwwGCSsGAQQBgjcVBTAXBgNVHSAEEDAOMAwGCiqGSIb4TQEFAWkwSQYDVR0fBEIwQDA+oDygOoY4 aHR0cDovL2NybC50cnVzdC1wcm92aWRlci5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmww OgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC50cnVzdC1wcm92aWRlci5j b20wNQYDVR0eBC4wLKAqMAuBCWludGVsLmNvbTAboBkGCisGAQQBgjcUAgOgCwwJaW50ZWwuY29t MA0GCSqGSIb3DQEBBQUAA4IBAQApws2j/ZKjUmeiLwbtblDoVI+rV+bIpbexIN/Vqa/IeSMSB3bm fswpEcYSZHHGjOI8qlyZt9dhT4nSDnrScKjmA8XvxZ3tmbNyYJybVQUV8jF/DpADX1tGlMLxswxp JISXzLf0+DBr4cQ2ag9mwzrcN1nrOIOc+pxJtx9izyp3+bl3baulerkgZVS1fotftH+FJLD/ex8B OcEuCIm2KVXJjs4YaZgoIBLYjTiK29JLVa15xdO305kPI1uXsu05sGuAwuFmSklb6k5H1/eHlUbZ Lm4qQDtOH00L0ShJx3BAIAjD5RYptJDQiyPZQUvt8cq+apYpVMv3yxHO8jex40LgMIIFijCCBHKg AwIBAgIKYSCKYgAAAAAACDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMR SW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHkludGVsIEV4dGVybmFsIEJhc2ljIFBvbGljeSBD QTAeFw0wOTA1MTUxOTI3MjZaFw0xNTA1MTUxOTM3MjZaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQK ExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWlu ZyBDQSAzQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQEM1Wn9TU9vc9C+/Tc7KB+ eiYElmrcEWE32WUdHvWG+IcQHVQsikTmMyKKojNLw2B5s6Iekc8ivDo/wCfjZzX9JyftMnc+AArc 0la87Olybzm8K9jXEfTBvTnUSFSiI9ZYefITdiUgqlAFuljFZEHYKYtLuhrRacpmQfP4mV63NKdc 2bT804HRf6YptZFa4k6YN94zlrGNrBuQQ74WFzz/jLBusbUpEkro6Mu/ZYFOFWQrV9lBhF9Ruk8y N+3N6n9fUo/qBigiF2kEn9xVh1ykl7SCGL2jBUkXx4qgV27a6Si8lRRdgrHGtN/HWnSWlLXTH5l5 75H4Lq++77OFv38CAwEAAaOCAlwwggJYMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFA7GKvdZ sggQkCVvw939imYxMCvFMAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQB gjcVAgQWBBQ5oFY2ekKQ/5Ktim+VdMeSWb4QWTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAf BgNVHSMEGDAWgBQaxgxKxEdvqNutK/D0Vgaj7TdUDDCBvQYDVR0fBIG1MIGyMIGvoIGsoIGphk5o dHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFz aWMlMjBQb2xpY3klMjBDQS5jcmyGV2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9z aXRvcnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNybDCB4wYI KwYBBQUHAQEEgdYwgdMwYwYIKwYBBQUHMAKGV2h0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRv cnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMFBvbGljeSUyMENBLmNy dDBsBggrBgEFBQcwAoZgaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9j ZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EuY3J0MA0G CSqGSIb3DQEBBQUAA4IBAQCxtQEHchVQhXyjEqtMVUMe6gkmPsIczHxSeqNbo9dsD+6xbT65JT+o YgpIAtfEsYXeUJu1cChqpb22U5bMAz7eaQcW5bzefufWvA6lg2048B8oczBj/q+5P5NpYrUO8jOm N4jTjfJq3ElZ7yFWpy7rB3Vm/aN6ATYqWfMbS/xfh+JCxmH3droUmMJI0/aZJHsLtjbjFnNsHDNr JZX1vxlM78Lb1hjskTENPmhbVbfTj5i/ZGnhv4tmI8QZPCNtcegXJrfhRl2D9bWpdTOPrWiLDUqz y1Z6KL7TcOS/PCl8RHCJXkPau/thTQCpIoDa2+c+3XA++gRTfAQ4svTO260NMIIF+zCCBOOgAwIB AgIKHtX06gABAACWPTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRSW50 ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0Eg M0IwHhcNMTIwNjA4MDgwNTExWhcNMTUwNTE1MTkzNzI2WjA3MRIwEAYDVQQDEwlXZWksIEdhbmcx ITAfBgkqhkiG9w0BCQEWEmdhbmcud2VpQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALNyfS4yC6aDo3DZ/oId96Dvi8CB5SJyDUcMhpKWZtzqPX2mMOqQNgv4qAtHUjt4 ibyPSjGZ+0EM3r63384gGcVR8+uxiuijBIOCkis6oGQ+TmBl1i28KobkE4jNnLCES0keisfNdzO8 vAOxIFbT9KxQl1f1MfvsZfyGfFYB53gHCh1VxdZ7a2XKaON+l2YYx2p5xGGZtDDb61ajXSGvdHK+ qMIfo7LMoZmY42t5NawgizwcqBPUOLR+JXOtyGGiXZx3wZPeRmZx/eCMPBhSlfewpvUrK8W0kL59 1Lv0HeUVEJye2bOmlLo1DeIp6KH9JujFB33KhHXvNsugc9IYUVMCAwEAAaOCAugwggLkMAsGA1Ud DwQEAwIHgDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiGw4x1hJnlUYP9gSiFjp9TgpHACWeB 3r05lfBDAgFkAgEIMB0GA1UdDgQWBBQYdG5bBKSgjlBUQ6dpUm2vjlkEKDAfBgNVHSMEGDAWgBQO xir3WbIIEJAlb8Pd/YpmMTArxTCBzwYDVR0fBIHHMIHEMIHBoIG+oIG7hldodHRwOi8vd3d3Lmlu dGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5n JTIwQ0ElMjAzQigxKS5jcmyGYGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRv cnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNCKDEpLmNy bDCB9QYIKwYBBQUHAQEEgegwgeUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3Jl cG9zaXRvcnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3Vpbmcl MjBDQSUyMDNCKDEpLmNydDB1BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5j b20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNz dWluZyUyMENBJTIwM0IoMSkuY3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMCkG CSsGAQQBgjcVCgQcMBowCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDDDBBBgNVHREEOjA4oCIGCisG AQQBgjcUAgOgFAwSZ2FuZy53ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZI hvcNAQEFBQADggEBAHuycX8AxjwfC5zmWDh0QpY8vDSgyLXaUDYKm2+ATDJDn5kALJgxAqaThvqG TH+oz73HQ7L8v7QxM0Yp1IQd/k5GeqMzhuXEoPM4rcORlOlvRqxBJNZUuYwxvyYaUpLU1W8EsOB2 zB31ykzdXH93b6ZpfJk78eqZuq00xHxU9mw4PXlWPnn1NDBYD1JH/ufCmpFk6sBE2bBf2u2miBEw HoRUyoH1nbu78aOs4mE6fRC9NutIriNPI2790R3FAY8dLWl3nrpXs80TrUCptat61uNRJDH06KXe 81QCtvDVlBGbZ4gqWR3PZGsnJKeOLOO38PQvFFm1Xjs4DVYiPVYyCTIwggZfMIIFR6ADAgECAgoX k5lZAAIAACHzMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIG A1UEBxMLU2FudGEgQ2xhcmExGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMSswKQYDVQQDEyJJ bnRlbCBFeHRlcm5hbCBCYXNpYyBJc3N1aW5nIENBIDRBMB4XDTEzMDgxOTAwMzYzN1oXDTE2MDgw MzAwMzYzN1owNzESMBAGA1UEAxMJV2VpLCBHYW5nMSEwHwYJKoZIhvcNAQkBFhJnYW5nLndlaUBp bnRlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5n/5H2E4IaFTN6vf/5c8e QY+u2n0X6FBqaOcJLEjHxkruNV8FYsNtngjFToTw6+1/UagW/vCKKovY9xdFN4hzbfufpgKS3qDm r4xi0b4d9hKIItaClYfbfO90qdz/GuFJByWmjqqjWmzgS1gHP8lV/7skH8ykBPXP1pdbi9zsR5qc dY1J9pv6+80W/7t6a1Hc/YcxiGPWBIoxeEcOwyIUvHkB3YCNiTF/b8Yd2XP7WOS5dTCyTQznSc4f LWh4/+9uJ2DwNJSwmA3i/E8Ypuj2nkl2sON5XhHwLgZPAubbVetnE9GhYqC2gMPAtGdanjq89qLp HooNYxSz5DBZ/qGXAgMBAAGjggMpMIIDJTALBgNVHQ8EBAMCBDAwPQYJKwYBBAGCNxUHBDAwLgYm KwYBBAGCNxUIhsOMdYSZ5VGD/YEohY6fU4KRwAlnhLnZQYeE/04CAWQCAQ0wRAYJKoZIhvcNAQkP BDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMH MB0GA1UdDgQWBBQXPB4WAJS7jGIRmmWelsAl0gdIyzAfBgNVHSMEGDAWgBQeaSq03Cj+RxhOIQs/ vKwRL/CY9TCByQYDVR0fBIHBMIG+MIG7oIG4oIG1hlRodHRwOi8vd3d3LmludGVsLmNvbS9yZXBv c2l0b3J5L0NSTC9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjA0QS5j cmyGXWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIw RXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBLmNybDCB9QYIKwYBBQUHAQEEgegw geUwbAYIKwYBBQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlmaWNh dGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBKDIpLmNydDB1 BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0 aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwNEEoMiku Y3J0MB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMEMCkGCSsGAQQBgjcVCgQcMBowCgYI KwYBBQUHAwQwDAYKKwYBBAGCNwoDBDBBBgNVHREEOjA4oCIGCisGAQQBgjcUAgOgFAwSZ2FuZy53 ZWlAaW50ZWwuY29tgRJnYW5nLndlaUBpbnRlbC5jb20wDQYJKoZIhvcNAQEFBQADggEBABbAGh9L zr7TdotBWnVEUR2ZohZjdhIs7vMslFWmwYvuge2PkPTUhV6sUDWEE04S7+L+XUIvm5DOMCoqY+eJ RfIDxpbqAEQOSf8Ro+xR2zsohSgbNiN7ocjh6siCW2FsPfdV2jV12eDMM4IvT5J2aAMLlQ8LSRq5 g+vaXrp0lengXNIGEUxHeQRTkQEEc/UsixV1FVBhlUjF5c6qKzSOY4xV/OMeMmxzoLf+h41zU4da TYEeXeWsed//nrtoTVOYSJ3bko6kpnP/sOVKN1dmWZWi8h2hg3MP42mTZI+fiLCgBsCqNFlbfXeC /OornRiCqKrjk1KERzICUuIKXYbqN+ExggPiMIID3gIBATBkMFYxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNz dWluZyBDQSAzQgIKHtX06gABAACWPTANBglghkgBZQMEAgEFAKCCAk8wGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMxMTE1MDIyMzE4WjAvBgkqhkiG9w0BCQQxIgQg javldfz4mHkCM7kSk1fiRRn2SH5U1glA+205tbvdWK4wgZgGCSsGAQQBgjcQBDGBijCBhzB5MQsw CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQKExFJ bnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBD QSA0QQIKF5OZWQACAAAh8zCBmgYLKoZIhvcNAQkQAgsxgYqggYcweTELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRp b24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0EgNEECCheTmVkAAgAA IfMwgasGCSqGSIb3DQEJDzGBnTCBmjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAoGCCqGSIb3 DQMHMAsGCWCGSAFlAwQBAjAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICAUAw DQYIKoZIhvcNAwICASgwCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwBwYF Kw4DAhowDQYJKoZIhvcNAQEBBQAEggEAE8lqq5vFOulvfb/7lWpEEUYnHxRcQDXuqU+zGEeTYpwD zC/z0wbrVG+z9+6i8y+ONVrZqYa3UhJ6+izeGZDaN7PKCcwgFtW6aLMA4sIYhCChF/k8m6mBIL1I HWKcbrW4qDPvn5Tdha5T27VoNuKnh6RwJMp76pLVV6cCJ65L2IqitcDU4LWUCDPoIU1aMAq/vRu0 7M5SpFDj6l8xY/xXmnNWWsnNXy891KbB3BcM7zq0n6IsChVV9PxhjZ4l67te/5NM8fIjV3JCglbU x59A4rodI6clbciHsNGwRV77u13lQ3nZOC596n3B+yYAYlPliAWU+is7aUbSDVp3ktSNGQAAAAAA AA== ------=_NextPart_000_02D1_01CEE1EC.B38C9770--

Hi, I have done that and reran provisioner.sh with the same result. As I understand, I am copying the files _PrivacyCA.cer_ and _TrustStore.jks_ to /usr/share/oat-client, while the java error complains about the missing file _aik.cer_, as follows: *java.io.FileNotFoundException: /usr/share/oat-client/aik.cer* (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at java.io.FileInputStream.<init>(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99) is the file _aik.cer_ supposed to be generated at some point here? Just to clarify, I am using CentOS 6.4, TruSerS and tpm-tools. Cheers, /Nicolae. On 15 November 2013 03:23, Wei, Gang <gang.wei@intel.com> wrote:
So, just as what I suggested in last mail, please copy the files from server to client again and run provisioner.sh:
*1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to client.*
Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer to :/usr/share/oat-client/
Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks to :/usr/share/oat-client/
*Notes: please repeat above steps in case you have re-deployed your oat appraiser.*
Thanks
Jimmy
*From:* Nicolae Paladi [mailto:n.paladi@gmail.com] *Sent:* Thursday, November 14, 2013 6:30 PM
*To:* Wei, Gang *Cc:* Doron Fediuck; users@ovirt.org *Subject:* Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
As far as I see, port 8443 is not occupied and tomcat6 is running:
root@host /usr/share/oat-client/script # netstat -anp | grep 8443
root@host /usr/share/oat-client/script # service tomcat6 status
tomcat6 (pid 30950) is running... [ OK ]
Also, just in case, I've checked if disabling iptables helps, and it doesn't;
In the error trace, there is a line:
*java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory)*
and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; when is it supposed to
be generated?
cheers,
/Nicolae
On 14 November 2013 04:32, Wei, Gang <gang.wei@intel.com> wrote:
And you need to copy files from server to client before you try to run provisioner.sh every time you run OAT_configure.sh again.
Jimmy
-----Original Message----- From: Wei, Gang Sent: Thursday, November 14, 2013 11:26 AM To: Nicolae Paladi Cc: Doron Fediuck; users@ovirt.org; Wei, Gang Subject: RE: [Users] Trusted Pools and CentOS 6 packages
Can you try netstat -anp | grep 8443? Maybe it is occupied by apache.
Meanwhile check whether tomcat is up.
Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 10:43 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
I am using port 8443, since no other process -- as far as I know -- is using it;
below you will find all of the requested configuration files:
Contents of /etc/oat_client/*: log4j.properties: http://pastebin.com/MQLM68vs OAT.properties: http://pastebin.com/LwHihxah OATprovisioner.properties: http://pastebin.com/0x5TShtZ TPMModule.properties: http://pastebin.com/hvw9gfRE
server.xml: http://pastebin.com/VZ9Vk6iC OAT_client.sh: http://pastebin.com/St4yCGcF
provisioner.sh: http://pastebin.com/RedqQt8V
cheers, /Nicolae.
On 13 November 2013 14:47, Wei, Gang <gang.wei@intel.com> wrote:
This time it failed earlier. Looks like the PCA webservice2 was not listening on 8443 port. Have you replaced the port 8443 with 8442 in server side ($TOMCAT_HOME/conf/server.xml) but not change it in client side (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied by another app?
Please copy the content from your current server.xml, OAT_client.sh, provisioner.sh and /etc/oat-client/* into the content of your reply for analysis. (don't attach *.sh as attachments, that will get filtered by my company's mailing system).
Thanks Jimmy
> -----Original Message----- > From: Nicolae Paladi [mailto:n.paladi@gmail.com] > Sent: Wednesday, November 13, 2013 7:01 PM > To: Wei, Gang > Cc: Doron Fediuck; users@ovirt.org > Subject: Re: [Users] Trusted Pools and CentOS 6 packages >
> Hi, > > thank you for the feedback; > I've gone through the steps again, but obtained the exactly same problem: > > 1. I removed all of the previously installed packaged related to OAT. > > 2. I followed the tutorial, until this command: > > bash provisioner.sh > > provisioner.sh: line 7: systemctl: command not found > ### ecStorage = NVRAM### > Performing TPM provisioning...FAILED > javax.xml.ws.WebServiceException: Failed to access the WSDL at: >
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
> yService?wsdl. It failed with: > Connection refused. > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP
> arser.java:162) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:144) > at >
com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav
> a:265) > at >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
> at >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
> at >
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav
a:104 > ) > at javax.xml.ws.Service.<init>(Service.java:77) > at >
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe
bSer >
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService
Servi > ce.java:42) > at >
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe
bSer >
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
> entInvoker.java:32) > at >
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)
> Caused by: java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native Method) > at >
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav
a:339 > ) > at >
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI
mpl.j > ava:200) > at >
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > at java.net.Socket.connect(Socket.java:579) > at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) > at > sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) > at
sun.net.NetworkClient.doConnect(NetworkClient.java:180)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) > at >
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
> at > sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) > at >
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt
> tpClient(AbstractDelegateHttpsURLConnection.java:191) > at >
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec
> tion.java:932) > at >
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A
> bstractDelegateHttpsURLConnection.java:177) > at >
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
> ection.java:1300) > at >
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU
> RLConnectionImpl.java:254) > at java.net.URL.openStream(URL.java:1037) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD
> LParser.java:804) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL
> Parser.java:262) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:129) > ... 8 more > Failed to initialize the TPM, error 1 > Performing HIS identity provisioning...FAILED > gov.niarl.his.privacyca.TpmModule$TpmModuleException: > TpmModule.getCredential returned nonzero error: 2() > at >
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
> at >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
ava: > 217) > Failed to receive AIC from Privacy CA, error 1 > Registering identity with server...FAILED > java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No
such file
or > directory) > at java.io.FileInputStream.open(Native Method) > at
java.io.FileInputStream.<init>(FileInputStream.java:146)
> at
java.io.FileInputStream.<init>(FileInputStream.java:101)
> at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > at >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
9 ) > Failed to register identity with appraiser, error 1 >
> Should I have updated anything else? > > cheers, > /Nicolae. > > > > On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote: > > > This is indeed an issue caused by the incompatibility between OAT tpm > access > code & tpm-tools(tpm_takeownership -z). It has already been fixed. > Please > follow below wiki and try again. >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> Recipe. > > Thanks > Jimmy > > Nicolae Paladi wrote on 2013-10-28: > > > Hi, I've followed the recipe > > >
( https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> > > i pe) but didn't get it to run yet; I think a step is
missing --
the AIK > > > is not available is /usr/share/oat-client (it was not
available in
> > /var/lig/oat-appraiser/ClientFiles either); when I try to
run
> > provisioner.sh, I get the following: provisioner.sh: line
7:
systemctl: > > command not found ### ecStorage = NVRAM### Performing TPM > > provisioning...710 DONE Successfully initialized TPM Performing HIS > > identity provisioning...FAILED java.util.NoSuchElementException > > at > java.util.StringTokenizer.nextToken(StringTokenizer.java:349) > > at > > >
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
> > 5) > > at > > >
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> > 2) > > at > >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> > > r.java: 225) Failed to receive AIC from Privacy CA, error
1
Registering > > > identity with server...FAILED
java.io.FileNotFoundException:
> > /usr/share/oat-client/aik.cer (No such file or directory) > > at java.io.FileInputStream.open(Native Method) > > at java.io.FileInputStream.<init>(FileInputStream.java:137) > > at java.io.FileInputStream.<init>(FileInputStream.java:96) > > at >
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> > at > > >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> 9 > ) > > Failed to register identity with appraiser, error 1 > > > > > > > > Thanks, > > /Nicolae > > > > > > On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote: > > > > > > Awesome, thanks! > > > > I'll try this out in the morning > > > > /Nicolae > > > > > > On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> > wrote: > > > > > > Please refer to > > > > >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> > Recipe. > > > > Jimmy > >

-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Friday, November 15, 2013 4:08 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
I have done that and reran provisioner.sh with the same result.
As I understand, I am copying the files _PrivacyCA.cer_ and _TrustStore.jks_ to /usr/share/oat-client, while the java error complains about the missing file _aik.cer_, as follows:
java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at java.io.FileInputStream.<init>(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 )
is the file _aik.cer_ supposed to be generated at some point here?
Just to clarify, I am using CentOS 6.4, TruSerS and tpm-tools.
Cheers, /Nicolae.
On 15 November 2013 03:23, Wei, Gang <gang.wei@intel.com> wrote:
So, just as what I suggested in last mail, please copy the files from server to client again and run provisioner.sh:
1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to client.
Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer to :/usr/share/oat-client/
Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks to :/usr/share/oat-client/
Notes: please repeat above steps in case you have re-deployed your oat appraiser.
Thanks
Jimmy
From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Thursday, November 14, 2013 6:30 PM
To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
As far as I see, port 8443 is not occupied and tomcat6 is running:
root@host /usr/share/oat-client/script # netstat -anp | grep 8443
root@host /usr/share/oat-client/script # service tomcat6 status
tomcat6 (pid 30950) is running... [ OK ]
Also, just in case, I've checked if disabling iptables helps, and it doesn't;
In the error trace, there is a line:
java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory)
and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; when is it supposed to
be generated?
cheers,
/Nicolae
On 14 November 2013 04:32, Wei, Gang <gang.wei@intel.com> wrote:
And you need to copy files from server to client before you try to run provisioner.sh every time you run OAT_configure.sh again.
Jimmy
-----Original Message----- From: Wei, Gang Sent: Thursday, November 14, 2013 11:26 AM To: Nicolae Paladi Cc: Doron Fediuck; users@ovirt.org; Wei, Gang Subject: RE: [Users] Trusted Pools and CentOS 6 packages
Can you try netstat -anp | grep 8443? Maybe it is occupied by apache.
Meanwhile check whether tomcat is up.
Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 10:43 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
I am using port 8443, since no other process -- as far as I know -- is using it;
below you will find all of the requested configuration files:
Contents of /etc/oat_client/*: log4j.properties: http://pastebin.com/MQLM68vs OAT.properties: http://pastebin.com/LwHihxah OATprovisioner.properties: http://pastebin.com/0x5TShtZ TPMModule.properties: http://pastebin.com/hvw9gfRE
server.xml: http://pastebin.com/VZ9Vk6iC OAT_client.sh: http://pastebin.com/St4yCGcF
provisioner.sh: http://pastebin.com/RedqQt8V
cheers, /Nicolae.
On 13 November 2013 14:47, Wei, Gang <gang.wei@intel.com> wrote:
This time it failed earlier. Looks like the PCA webservice2 was not listening on 8443 port. Have you replaced the port 8443 with 8442 in server side ($TOMCAT_HOME/conf/server.xml) but not change it in client side (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443
------=_NextPart_000_03D5_01CEE22A.7310D5B0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit So you will not see below error after copying the .cer & .jks again, right? ### ecStorage = NVRAM### Performing TPM provisioning...FAILED javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactorySe rvice?wsdl. It failed with: Connection refused. As to below errors: Performing HIS identity provisioning...FAILED java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215) at gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:292) at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j ava:225) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:137) at java.io.FileInputStream.<init>(FileInputStream.java:96) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 ) Failed to register identity with appraiser, error 1 Missing of aik.cer is the subsequence of HIS identity provisioning failure. The key is: java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215) Which is mostly caused by incorrect tpm owner auth. This is actually the issue occurred in your first try. So I doubt the oat-client rpm you reinstalled is still the old one in your local cache. Please try to uninstall oat-client, yum clean, then yum install oat-client, and then try again. Thanks Jimmy port is
occupied
by another app?
Please copy the content from your current server.xml,
OAT_client.sh,
provisioner.sh and /etc/oat-client/* into the content of
your reply for
analysis. (don't attach *.sh as attachments, that will get
filtered by my
company's mailing system).
Thanks Jimmy
> -----Original Message----- > From: Nicolae Paladi [mailto:n.paladi@gmail.com] > Sent: Wednesday, November 13, 2013 7:01 PM > To: Wei, Gang > Cc: Doron Fediuck; users@ovirt.org > Subject: Re: [Users] Trusted Pools and CentOS 6 packages >
> Hi, > > thank you for the feedback; > I've gone through the steps again, but obtained the
exactly same
problem: > > 1. I removed all of the previously installed packaged related to OAT. > > 2. I followed the tutorial, until this command: > > bash provisioner.sh > > provisioner.sh: line 7: systemctl: command not found > ### ecStorage = NVRAM### > Performing TPM provisioning...FAILED > javax.xml.ws.WebServiceException: Failed to access the WSDL at: >
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
> yService?wsdl. It failed with: > Connection refused. > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP
> arser.java:162) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:144) > at >
com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav
> a:265) > at >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
> at >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
> at >
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav
a:104 > ) > at javax.xml.ws.Service.<init>(Service.java:77) > at >
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe
bSer >
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService
Servi > ce.java:42) > at >
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe
bSer >
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
> entInvoker.java:32) > at >
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:20
5)
> Caused by: java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native
Method)
> at >
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav
a:339 > ) > at >
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI
mpl.j > ava:200) > at >
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:1
82)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > at java.net.Socket.connect(Socket.java:579) > at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) > at >
sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)
> at
sun.net.NetworkClient.doConnect(NetworkClient.java:180)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) > at >
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
> at >
sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)
> at >
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt
> tpClient(AbstractDelegateHttpsURLConnection.java:191) > at >
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec
> tion.java:932) > at >
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A
> bstractDelegateHttpsURLConnection.java:177) > at >
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
> ection.java:1300) > at >
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU
> RLConnectionImpl.java:254) > at java.net.URL.openStream(URL.java:1037) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD
> LParser.java:804) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL
> Parser.java:262) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:129) > ... 8 more > Failed to initialize the TPM, error 1 > Performing HIS identity provisioning...FAILED > gov.niarl.his.privacyca.TpmModule$TpmModuleException: > TpmModule.getCredential returned nonzero error: 2() > at >
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
> at >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
ava: > 217) > Failed to receive AIC from Privacy CA, error 1 > Registering identity with server...FAILED > java.io.FileNotFoundException:
/usr/share/oat-client/aik.cer (No such file
or > directory) > at java.io.FileInputStream.open(Native Method) > at
java.io.FileInputStream.<init>(FileInputStream.java:146)
> at
java.io.FileInputStream.<init>(FileInputStream.java:101)
> at
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> at >
9 ) > Failed to register identity with appraiser, error 1 >
> Should I have updated anything else? > > cheers, > /Nicolae. > > > > On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote: > > > This is indeed an issue caused by the incompatibility between OAT tpm > access > code & tpm-tools(tpm_takeownership -z). It has already been fixed. > Please > follow below wiki and try again. >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> Recipe. > > Thanks > Jimmy > > Nicolae Paladi wrote on 2013-10-28: > > > Hi, I've followed the recipe > > >
(https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> > > i pe) but didn't get it to run yet; I think a step
is missing --
the AIK > > > is not available is /usr/share/oat-client (it was
not available in
> > /var/lig/oat-appraiser/ClientFiles either); when I
to
run
> > provisioner.sh, I get the following:
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9 try provisioner.sh: line
7:
systemctl: > > command not found ### ecStorage = NVRAM###
Performing
TPM > > provisioning...710 DONE Successfully initialized TPM Performing HIS > > identity provisioning...FAILED java.util.NoSuchElementException > > at > java.util.StringTokenizer.nextToken(StringTokenizer.java:349) > > at > > >
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
> > 5) > > at > > >
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> > 2) > > at > >
> > > r.java: 225) Failed to receive AIC from Privacy
CA, error 1
Registering > > > identity with server...FAILED
java.io.FileNotFoundException:
> > /usr/share/oat-client/aik.cer (No such file or
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione directory)
> > at java.io.FileInputStream.open(Native
Method)
> > at java.io.FileInputStream.<init>(FileInputStream.java:137) > > at java.io.FileInputStream.<init>(FileInputStream.java:96) > > at >
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> > at > > >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> 9 > ) > > Failed to register identity with appraiser, error
1
> > > > > > > > Thanks, > > /Nicolae > > > > > > On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote: > > > > > > Awesome, thanks! > > > > I'll try this out in the morning > > > > /Nicolae > > > > > > On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> > wrote: > > > > > > Please refer to > > > > >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> > Recipe. > > > > Jimmy > >
------=_NextPart_000_03D5_01CEE22A.7310D5B0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIhfjCCAyAw ggKJoAMCAQICBDXe9M8wDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0Vx dWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw05 ODA4MjIxNjQxNTFaFw0xODA4MjIxNjQxNTFaME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVp ZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwgZ8wDQYJ KoZIhvcNAQEBBQADgY0AMIGJAoGBAMFdsVhnCGLuoJotHwhtkRRomAoe/toEbxOEYiHD0XzOnwXg uAHwTjTs4oqVBGSs8WtTXwWzy2eAv0ICjv7dAQns4QAUT/z78AzdQ7pbK+EfgHCZFVeTFvEPl2q3 wmgjHMxNWTCsUR47ryvW7mNFe8XZX1DS41APOojnvxT94Me5AgMBAAGjggEJMIIBBTBwBgNVHR8E aTBnMGWgY6BhpF8wXTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTENMAsGA1UEAxMEQ1JMMTAaBgNVHRAE EzARgQ8yMDE4MDgyMjE2NDE1MVowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fY IyAQTzOYkJ/UMB0GA1UdDgQWBBRI5mj5K9KylddH2CMgEE8zmJCf1DAMBgNVHRMEBTADAQH/MBoG CSqGSIb2fQdBAAQNMAsbBVYzLjBjAwIGwDANBgkqhkiG9w0BAQUFAAOBgQBYzinq/Pfetc4CuRe1 hdG54+CVzCUxDQCmkm5/tpJjnlCV0Zpv5BHeY4VumO6o/1rI01WyZnFX3sAh6z0qpyNJAQSGQnv8 7n+iFlK1Z2fTQNs7JliyKHc9rhR3Ydb6KmYnoA36p3Nc6nDxlCFlRF/6/O8paKmih3nvee9PrAd3 ODCCAz0wggKmoAMCAQICAwWw/zANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 MB4XDTA2MDIxNjE4MDEzMFoXDTE2MDIxOTE4MDEzMFowUjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT EUludGVsIENvcnBvcmF0aW9uMScwJQYDVQQDEx5JbnRlbCBFeHRlcm5hbCBCYXNpYyBQb2xpY3kg Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBpd/XOb9QVqEZ8mQ1042TdOIq3ATD IsV2xDyt30yLyMR5Wjtus0bn3B+he89BiNO/LP6+rFzEwlD55PlX+HLGIKeNNG97dqyc30FElEUj ZzTZFq2N4e3kVJ/XAEEgANzV8v9qp7qWwxugPgfc3z9BkYot+CifozexHLb/hEZj+yISCU61kRZv uSQ0E11yYL4dRgcglJeaHo3oX57rvIckaLsYV5/1Aj+R8DM1Ppk965XQAKsHfnyT7C4S50T4lVn4 lz36wOdNZn/zegG1zp41lnoTFfT4KuKVJH5x7YD1p6KbgJCKLovnujGuohquBNfdXKpZkvz6pGv+ iC1HawJdAgMBAAGjgaAwgZ0wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQaxgxKxEdvqNutK/D0 Vgaj7TdUDDA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3Nl Y3VyZWNhLmNybDAfBgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAPBgNVHRMBAf8EBTAD AQH/MA0GCSqGSIb3DQEBBQUAA4GBABMQOK2kVKVIlUWwLTdywJ+e2O+PC/uQltK2F3lRyrPfBn69 tOkIP4SgDJOfsxyobIrPLe75kBLw+Dom13OBDp/EMZJZ1CglQfVV8co9mT3aZMjSGGQiMgkJLR3j Mfr900fXZKj5XeqCJ+JP0mEhJGEdVCY+FFlksJjV86fDrq1QMIIENjCCAx6gAwIBAgIBATANBgkq hkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsT HUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5h bCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0 d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvtH7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0D GuOPz+VtUFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6s YapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+7 10LXa0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzNE0S3ySvd QwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0WicCAwEAAaOB3DCB2TAd BgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMB Af8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNF MRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5l dHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEF BQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxHYINRsPkyPef89iYT x4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw56wwCURQtjr0W4MHfRnXnJK3s9EK0 hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvCNr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1 n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9 F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQwggTrMIID06ADAgECAhBS6QLKEehE nZRlOC+jGjC7MA0GCSqGSIb3DQEBBQUAMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVz dCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFk ZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcNMTMwMzE5MDAwMDAwWhcNMjAwNTMwMTA0ODM4WjB5 MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQK ExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWlu ZyBDQSA0QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOCwzICd2ElV+gPbBPo4x92/ hd12vOs9yyyrv+lr4yHb1G8Z6M9qp75fVCkCN7BNc1EUMa34L7T9Gz4Ldbg8AHy3Oh+Xqp8ovuxa z7ExgkeIMA5qtVpE0IDQzV1IG+9Xvf+rH6vlnwg6YvEnGoJciwkae6Yf1etHG4rQb52RXpSggwYd 99kuiht2wHZzRgf75POm8A5WOqJg7Ov0bHzcM0FcKPzN6D67sesus8iKEbpX5FRDWzNP/Ua80Dpc iuFuVZOBBLH1to5QleFvN0CqkXHACiFMcNqvx6B1T22xE66y5hOkUWf/nlpZBlpfprceNhzoDpl9 AUXU0aPbx+8ngaMCAwEAAaOCAXcwggFzMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1Qa MB0GA1UdDgQWBBQeaSq03Cj+RxhOIQs/vKwRL/CY9TAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/ BAgwBgEB/wIBADA2BgNVHSUELzAtBggrBgEFBQcDBAYKKwYBBAGCNwoDBAYKKwYBBAGCNwoDDAYJ KwYBBAGCNxUFMBcGA1UdIAQQMA4wDAYKKoZIhvhNAQUBaTBJBgNVHR8EQjBAMD6gPKA6hjhodHRw Oi8vY3JsLnRydXN0LXByb3ZpZGVyLmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA6Bggr BgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0dHA6Ly9vY3NwLnRydXN0LXByb3ZpZGVyLmNvbTA1 BgNVHR4ELjAsoCowC4EJaW50ZWwuY29tMBugGQYKKwYBBAGCNxQCA6ALDAlpbnRlbC5jb20wDQYJ KoZIhvcNAQEFBQADggEBACnCzaP9kqNSZ6IvBu1uUOhUj6tX5silt7Eg39Wpr8h5IxIHduZ+zCkR xhJkccaM4jyqXJm312FPidIOetJwqOYDxe/Fne2Zs3JgnJtVBRXyMX8OkANfW0aUwvGzDGkkhJfM t/T4MGvhxDZqD2bDOtw3Wes4g5z6nEm3H2LPKnf5uXdtq6V6uSBlVLV+i1+0f4UksP97HwE5wS4I ibYpVcmOzhhpmCggEtiNOIrb0ktVrXnF07fTmQ8jW5ey7Tmwa4DC4WZKSVvqTkfX94eVRtkubipA O04fTQvRKEnHcEAgCMPlFim0kNCLI9lBS+3xyr5qlilUy/fLEc7yN7HjQuAwggWKMIIEcqADAgEC AgphIIpiAAAAAAAIMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRl bCBDb3Jwb3JhdGlvbjEnMCUGA1UEAxMeSW50ZWwgRXh0ZXJuYWwgQmFzaWMgUG9saWN5IENBMB4X DTA5MDUxNTE5MjcyNloXDTE1MDUxNTE5MzcyNlowVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEUlu dGVsIENvcnBvcmF0aW9uMSswKQYDVQQDEyJJbnRlbCBFeHRlcm5hbCBCYXNpYyBJc3N1aW5nIENB IDNCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAQzVaf1NT29z0L79NzsoH56JgSW atwRYTfZZR0e9Yb4hxAdVCyKROYzIoqiM0vDYHmzoh6RzyK8Oj/AJ+NnNf0nJ+0ydz4ACtzSVrzs 6XJvObwr2NcR9MG9OdRIVKIj1lh58hN2JSCqUAW6WMVkQdgpi0u6GtFpymZB8/iZXrc0p1zZtPzT gdF/pim1kVriTpg33jOWsY2sG5BDvhYXPP+MsG6xtSkSSujoy79lgU4VZCtX2UGEX1G6TzI37c3q f19Sj+oGKCIXaQSf3FWHXKSXtIIYvaMFSRfHiqBXbtrpKLyVFF2Csca038dadJaUtdMfmXnvkfgu r77vs4W/fwIDAQABo4ICXDCCAlgwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUDsYq91myCBCQ JW/D3f2KZjEwK8UwCwYDVR0PBAQDAgGGMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUC BBYEFDmgVjZ6QpD/kq2Kb5V0x5JZvhBZMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMB8GA1Ud IwQYMBaAFBrGDErER2+o260r8PRWBqPtN1QMMIG9BgNVHR8EgbUwgbIwga+ggayggamGTmh0dHA6 Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUy MFBvbGljeSUyMENBLmNybIZXaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9y eS9DUkwvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EuY3JsMIHjBggrBgEF BQcBAQSB1jCB0zBjBggrBgEFBQcwAoZXaHR0cDovL3d3dy5pbnRlbC5jb20vcmVwb3NpdG9yeS9j ZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EuY3J0MGwG CCsGAQUFBzAChmBodHRwOi8vY2VydGlmaWNhdGVzLmludGVsLmNvbS9yZXBvc2l0b3J5L2NlcnRp ZmljYXRlcy9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBQb2xpY3klMjBDQS5jcnQwDQYJKoZI hvcNAQEFBQADggEBALG1AQdyFVCFfKMSq0xVQx7qCSY+whzMfFJ6o1uj12wP7rFtPrklP6hiCkgC 18Sxhd5Qm7VwKGqlvbZTlswDPt5pBxblvN5+59a8DqWDbTjwHyhzMGP+r7k/k2litQ7yM6Y3iNON 8mrcSVnvIVanLusHdWb9o3oBNipZ8xtL/F+H4kLGYfd2uhSYwkjT9pkkewu2NuMWc2wcM2sllfW/ GUzvwtvWGOyRMQ0+aFtVt9OPmL9kaeG/i2YjxBk8I21x6Bcmt+FGXYP1tal1M4+taIsNSrPLVnoo vtNw5L88KXxEcIleQ9q7+2FNAKkigNrb5z7dcD76BFN8BDiy9M7brQ0wggX7MIIE46ADAgECAgoe 1fTqAAEAAJY9MA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBD b3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBDQSAzQjAe Fw0xMjA2MDgwODA1MTFaFw0xNTA1MTUxOTM3MjZaMDcxEjAQBgNVBAMTCVdlaSwgR2FuZzEhMB8G CSqGSIb3DQEJARYSZ2FuZy53ZWlAaW50ZWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAs3J9LjILpoOjcNn+gh33oO+LwIHlInINRwyGkpZm3Oo9faYw6pA2C/ioC0dSO3iJvI9K MZn7QQzevrffziAZxVHz67GK6KMEg4KSKzqgZD5OYGXWLbwqhuQTiM2csIRLSR6Kx813M7y8A7Eg VtP0rFCXV/Ux++xl/IZ8VgHneAcKHVXF1ntrZcpo436XZhjHannEYZm0MNvrVqNdIa90cr6owh+j ssyhmZjja3k1rCCLPByoE9Q4tH4lc63IYaJdnHfBk95GZnH94Iw8GFKV97Cm9SsrxbSQvn3Uu/Qd 5RUQnJ7Zs6aUujUN4inoof0m6MUHfcqEde82y6Bz0hhRUwIDAQABo4IC6DCCAuQwCwYDVR0PBAQD AgeAMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIbDjHWEmeVRg/2BKIWOn1OCkcAJZ4HevTmV 8EMCAWQCAQgwHQYDVR0OBBYEFBh0blsEpKCOUFRDp2lSba+OWQQoMB8GA1UdIwQYMBaAFA7GKvdZ sggQkCVvw939imYxMCvFMIHPBgNVHR8EgccwgcQwgcGggb6ggbuGV2h0dHA6Ly93d3cuaW50ZWwu Y29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBD QSUyMDNCKDEpLmNybIZgaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9D UkwvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwM0IoMSkuY3JsMIH1 BggrBgEFBQcBAQSB6DCB5TBsBggrBgEFBQcwAoZgaHR0cDovL3d3dy5pbnRlbC5jb20vcmVwb3Np dG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENB JTIwM0IoMSkuY3J0MHUGCCsGAQUFBzAChmlodHRwOi8vY2VydGlmaWNhdGVzLmludGVsLmNvbS9y ZXBvc2l0b3J5L2NlcnRpZmljYXRlcy9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5n JTIwQ0ElMjAzQigxKS5jcnQwHwYDVR0lBBgwFgYIKwYBBQUHAwQGCisGAQQBgjcKAwwwKQYJKwYB BAGCNxUKBBwwGjAKBggrBgEFBQcDBDAMBgorBgEEAYI3CgMMMEEGA1UdEQQ6MDigIgYKKwYBBAGC NxQCA6AUDBJnYW5nLndlaUBpbnRlbC5jb22BEmdhbmcud2VpQGludGVsLmNvbTANBgkqhkiG9w0B AQUFAAOCAQEAe7JxfwDGPB8LnOZYOHRCljy8NKDItdpQNgqbb4BMMkOfmQAsmDECppOG+oZMf6jP vcdDsvy/tDEzRinUhB3+TkZ6ozOG5cSg8zitw5GU6W9GrEEk1lS5jDG/JhpSktTVbwSw4HbMHfXK TN1cf3dvpml8mTvx6pm6rTTEfFT2bDg9eVY+efU0MFgPUkf+58KakWTqwETZsF/a7aaIETAehFTK gfWdu7vxo6ziYTp9EL0260iuI08jbv3RHcUBjx0taXeeulezzROtQKm1q3rW41EkMfTopd7zVAK2 8NWUEZtniCpZHc9kayckp44s47fw9C8UWbVeOzgNViI9VjIJMjCCBl8wggVHoAMCAQICCheTmVkA AgAAIfMwDQYJKoZIhvcNAQEFBQAweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQH EwtTYW50YSBDbGFyYTEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVs IEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0EgNEEwHhcNMTMwODE5MDAzNjM3WhcNMTYwODAzMDAz NjM3WjA3MRIwEAYDVQQDEwlXZWksIEdhbmcxITAfBgkqhkiG9w0BCQEWEmdhbmcud2VpQGludGVs LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmf/kfYTghoVM3q9//lzx5Bj67a fRfoUGpo5wksSMfGSu41XwViw22eCMVOhPDr7X9RqBb+8Ioqi9j3F0U3iHNt+5+mApLeoOavjGLR vh32Eogi1oKVh9t873Sp3P8a4UkHJaaOqqNabOBLWAc/yVX/uyQfzKQE9c/Wl1uL3OxHmpx1jUn2 m/r7zRb/u3prUdz9hzGIY9YEijF4Rw7DIhS8eQHdgI2JMX9vxh3Zc/tY5Ll1MLJNDOdJzh8taHj/ 724nYPA0lLCYDeL8Txim6PaeSXaw43leEfAuBk8C5ttV62cT0aFioLaAw8C0Z1qeOrz2oukeig1j FLPkMFn+oZcCAwEAAaOCAykwggMlMAsGA1UdDwQEAwIEMDA9BgkrBgEEAYI3FQcEMDAuBiYrBgEE AYI3FQiGw4x1hJnlUYP9gSiFjp9TgpHACWeEudlBh4T/TgIBZAIBDTBEBgkqhkiG9w0BCQ8ENzA1 MA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwBwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYD VR0OBBYEFBc8HhYAlLuMYhGaZZ6WwCXSB0jLMB8GA1UdIwQYMBaAFB5pKrTcKP5HGE4hCz+8rBEv 8Jj1MIHJBgNVHR8EgcEwgb4wgbuggbiggbWGVGh0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRv cnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDRBLmNybIZd aHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9DUkwvSW50ZWwlMjBFeHRl cm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwNEEuY3JsMIH1BggrBgEFBQcBAQSB6DCB5TBs BggrBgEFBQcwAoZgaHR0cDovL3d3dy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMv SW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwNEEoMikuY3J0MHUGCCsG AQUFBzAChmlodHRwOi8vY2VydGlmaWNhdGVzLmludGVsLmNvbS9yZXBvc2l0b3J5L2NlcnRpZmlj YXRlcy9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjA0QSgyKS5jcnQw HwYDVR0lBBgwFgYIKwYBBQUHAwQGCisGAQQBgjcKAwQwKQYJKwYBBAGCNxUKBBwwGjAKBggrBgEF BQcDBDAMBgorBgEEAYI3CgMEMEEGA1UdEQQ6MDigIgYKKwYBBAGCNxQCA6AUDBJnYW5nLndlaUBp bnRlbC5jb22BEmdhbmcud2VpQGludGVsLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAFsAaH0vOvtN2 i0FadURRHZmiFmN2Eizu8yyUVabBi+6B7Y+Q9NSFXqxQNYQTThLv4v5dQi+bkM4wKipj54lF8gPG luoARA5J/xGj7FHbOyiFKBs2I3uhyOHqyIJbYWw991XaNXXZ4Mwzgi9PknZoAwuVDwtJGrmD69pe unSV6eBc0gYRTEd5BFORAQRz9SyLFXUVUGGVSMXlzqorNI5jjFX84x4ybHOgt/6HjXNTh1pNgR5d 5ax53/+eu2hNU5hInduSjqSmc/+w5Uo3V2ZZlaLyHaGDcw/jaZNkj5+IsKAGwKo0WVt9d4L86iud GIKoquOTUoRHMgJS4gpdhuo34TGCA5gwggOUAgEBMGQwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT EUludGVsIENvcnBvcmF0aW9uMSswKQYDVQQDEyJJbnRlbCBFeHRlcm5hbCBCYXNpYyBJc3N1aW5n IENBIDNCAgoe1fTqAAEAAJY9MAkGBSsOAwIaBQCgggIJMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTEzMTExNTA5NDUxOFowIwYJKoZIhvcNAQkEMRYEFOzGFD1dYXr1 XhxNREc9q7ht0YJAMHIGCSqGSIb3DQEJDzFlMGMwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAK BggqhkiG9w0DBzALBglghkgBZQMEAQIwBwYFKw4DAhowCwYJYIZIAWUDBAIDMAsGCWCGSAFlAwQC AjALBglghkgBZQMEAgEwgZgGCSsGAQQBgjcQBDGBijCBhzB5MQswCQYDVQQGEwJVUzELMAkGA1UE CBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQKExFJbnRlbCBDb3Jwb3JhdGlvbjEr MCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWluZyBDQSA0QQIKF5OZWQACAAAh8zCB mgYLKoZIhvcNAQkQAgsxgYqggYcweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQH EwtTYW50YSBDbGFyYTEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVs IEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0EgNEECCheTmVkAAgAAIfMwDQYJKoZIhvcNAQEBBQAE ggEAnzALcYgJ+xyooGcsnvu+FRx5cbEZUJs6IKhNRW6t44Lf1MRJu0KA+ko36CVLVpSxJc1pygNX xpqT5s16yJxNx4rK9e30PUHkwr4gYqXrlhmJrT4bxvkWk+AlLzHcDKftosyOBcMWSqvhW6burZCw Xo9VD9wg7pKyATpkny9ryeNplc6KctLoJSmcp7HDhcmJ+Ci9XLYyRrsBGN4UYHAxdb/oya5zpAZY H2T+JXTt+C/kEd9oqmfhze2DPdT/5WgoTz2JDSexqa6XSJrRFCI7dAXV0ti4LpCZMBV7551GOEPn XCvcx1L+NV0EYGJaubiPgXjHZrP2vCsMRIWcpnduVQAAAAAAAA== ------=_NextPart_000_03D5_01CEE22A.7310D5B0--

Hi, ok I understand that this may seem really strange now, but I have deployed this on a different, clear host with CentOS which has not had oat installed earlier; again both appraiser and client are on the same host. The only think in the tomcat6 log is: before invoke........................ Here's the error trace: oat client attestation config ...ok oat client provisioner config ...ok oat client installation ...ok oat appraiser hostname: beijing.sics.se ### ecStorage = NVRAM### Performing TPM provisioning...Error getting PubEK: gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.setCredential returned nonzero error: 2() DONE Successfully initialized TPM Performing HIS identity provisioning...FAILED gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2() at gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594) at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:217) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:140) at java.io.FileInputStream.<init>(FileInputStream.java:96) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99) Failed to register identity with appraiser, error 1 Any ideas?.. Cheers, /Nicolae On 15 November 2013 10:45, Wei, Gang <gang.wei@intel.com> wrote:
So you will not see below error after copying the .cer & .jks again, right?
### ecStorage = NVRAM### Performing TPM provisioning...FAILED javax.xml.ws.WebServiceException: Failed to access the WSDL at:
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactorySe rvice?wsdl. It failed with: Connection refused.
As to below errors:
Performing HIS identity provisioning...FAILED java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215) at
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:292) at
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j ava:225) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:137) at java.io.FileInputStream.<init>(FileInputStream.java:96) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 ) Failed to register identity with appraiser, error 1
Missing of aik.cer is the subsequence of HIS identity provisioning failure. The key is: java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215)
Which is mostly caused by incorrect tpm owner auth. This is actually the issue occurred in your first try. So I doubt the oat-client rpm you reinstalled is still the old one in your local cache.
Please try to uninstall oat-client, yum clean, then yum install oat-client, and then try again.
Thanks Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Friday, November 15, 2013 4:08 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
I have done that and reran provisioner.sh with the same result.
As I understand, I am copying the files _PrivacyCA.cer_ and _TrustStore.jks_ to /usr/share/oat-client, while the java error complains about the missing file _aik.cer_, as follows:
java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at java.io.FileInputStream.<init>(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 )
is the file _aik.cer_ supposed to be generated at some point here?
Just to clarify, I am using CentOS 6.4, TruSerS and tpm-tools.
Cheers, /Nicolae.
On 15 November 2013 03:23, Wei, Gang <gang.wei@intel.com> wrote:
So, just as what I suggested in last mail, please copy the files
to client again and run provisioner.sh:
1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to client.
Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer to :/usr/share/oat-client/
Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks to :/usr/share/oat-client/
Notes: please repeat above steps in case you have re-deployed your oat appraiser.
Thanks
Jimmy
From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Thursday, November 14, 2013 6:30 PM
To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
As far as I see, port 8443 is not occupied and tomcat6 is running:
root@host /usr/share/oat-client/script # netstat -anp | grep 8443
root@host /usr/share/oat-client/script # service tomcat6 status
tomcat6 (pid 30950) is running... [ OK ]
Also, just in case, I've checked if disabling iptables helps, and it doesn't;
In the error trace, there is a line:
java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory)
and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; when is it supposed to
be generated?
cheers,
/Nicolae
On 14 November 2013 04:32, Wei, Gang <gang.wei@intel.com> wrote:
And you need to copy files from server to client before you try to run provisioner.sh every time you run OAT_configure.sh again.
Jimmy
> -----Original Message----- > From: Wei, Gang > Sent: Thursday, November 14, 2013 11:26 AM > To: Nicolae Paladi > Cc: Doron Fediuck; users@ovirt.org; Wei, Gang > Subject: RE: [Users] Trusted Pools and CentOS 6 packages > > Can you try netstat -anp | grep 8443? Maybe it is occupied by apache. > > Meanwhile check whether tomcat is up. > > Jimmy > > > > -----Original Message----- > > From: Nicolae Paladi [mailto:n.paladi@gmail.com] > > Sent: Wednesday, November 13, 2013 10:43 PM > > To: Wei, Gang > > Cc: Doron Fediuck; users@ovirt.org > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > Hi, > > > > I am using port 8443, since no other process -- as far as I know -- is > using it; > > > > below you will find all of the requested configuration files: > > > > Contents of /etc/oat_client/*: > > log4j.properties: http://pastebin.com/MQLM68vs > > OAT.properties: http://pastebin.com/LwHihxah > > OATprovisioner.properties: http://pastebin.com/0x5TShtZ > > TPMModule.properties: http://pastebin.com/hvw9gfRE > > > > > > server.xml: http://pastebin.com/VZ9Vk6iC > > OAT_client.sh: http://pastebin.com/St4yCGcF > > > > provisioner.sh: http://pastebin.com/RedqQt8V > > > > > > cheers, > > /Nicolae. > > > > > > On 13 November 2013 14:47, Wei, Gang <gang.wei@intel.com> wrote: > > > > > > This time it failed earlier. Looks like the PCA webservice2 was not > > listening on 8443 port. Have you replaced the port 8443 with 8442 in > > server > > side ($TOMCAT_HOME/conf/server.xml) but not change it in client side > > (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443
from server port is
> occupied > > by another app? > > > > Please copy the content from your current server.xml, OAT_client.sh, > > provisioner.sh and /etc/oat-client/* into the content of
your reply
> for > > analysis. (don't attach *.sh as attachments, that will get
filtered
> by my > > company's mailing system). > > > > Thanks > > Jimmy > > > > > > > > > -----Original Message----- > > > From: Nicolae Paladi [mailto:n.paladi@gmail.com] > > > Sent: Wednesday, November 13, 2013 7:01 PM > > > To: Wei, Gang > > > Cc: Doron Fediuck; users@ovirt.org > > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > > > > Hi, > > > > > > thank you for the feedback; > > > I've gone through the steps again, but obtained the
exactly
same > > problem: > > > > > > 1. I removed all of the previously installed packaged related to > OAT. > > > > > > 2. I followed the tutorial, until this command: > > > > > > bash provisioner.sh > > > > > > provisioner.sh: line 7: systemctl: command not found > > > ### ecStorage = NVRAM### > > > Performing TPM provisioning...FAILED > > > javax.xml.ws.WebServiceException: Failed to access the WSDL at: > > > > > >
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
> > > yService?wsdl. It failed with: > > > Connection refused. > > > at > > > > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP > > > arser.java:162) > > > at > > > > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j > > > ava:144) > > > at > > > > > > com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav > > > a:265) > > > at > > > > > >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
> > > at > > > > > >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
> > > at > > > > > > com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav > > a:104 > > > ) > > > at javax.xml.ws.Service.<init>(Service.java:77) > > > at > > > > > > gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe > > bSer > > > > > > vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService > > Servi > > > ce.java:42) > > > at > > > > > > gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe > > bSer > > > > > >
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
> > > entInvoker.java:32) > > > at > > > > >
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:20
5) > > > Caused by: java.net.ConnectException: Connection refused > > > at java.net.PlainSocketImpl.socketConnect(Native Method) > > > at > > > > > > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav > > a:339 > > > ) > > > at > > > > > > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI > > mpl.j > > > ava:200) > > > at > > > > >
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:1
82) > > > at > > java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > > > at java.net.Socket.connect(Socket.java:579) > > > at > > sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) > > > at > > > > > sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) > > > at sun.net.NetworkClient.doConnect(NetworkClient.java:180) > > > at > > sun.net.www.http.HttpClient.openServer(HttpClient.java:432) > > > at > > sun.net.www.http.HttpClient.openServer(HttpClient.java:527) > > > at > > > > sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275) > > > at > > > sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) > > > at > > > > > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt > > > tpClient(AbstractDelegateHttpsURLConnection.java:191) > > > at > > > > > > sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec > > > tion.java:932) > > > at > > > > > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A > > > bstractDelegateHttpsURLConnection.java:177) > > > at > > > > > > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn > > > ection.java:1300) > > > at > > > > > > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU > > > RLConnectionImpl.java:254) > > > at java.net.URL.openStream(URL.java:1037) > > > at > > > > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD > > > LParser.java:804) > > > at > > > > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL > > > Parser.java:262) > > > at > > > > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j > > > ava:129) > > > ... 8 more > > > Failed to initialize the TPM, error 1 > > > Performing HIS identity provisioning...FAILED > > > gov.niarl.his.privacyca.TpmModule$TpmModuleException: > > > TpmModule.getCredential returned nonzero error: 2() > > > at > > > > gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594) > > > at > > > > > >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
> > ava: > > > 217) > > > Failed to receive AIC from Privacy CA, error 1 > > > Registering identity with server...FAILED > > > java.io.FileNotFoundException:
/usr/share/oat-client/aik.cer
(No > such file > > or > > > directory) > > > at java.io.FileInputStream.open(Native Method) > > > at > java.io.FileInputStream.<init>(FileInputStream.java:146) > > > at > java.io.FileInputStream.<init>(FileInputStream.java:101) > > > at > > gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > > > at > > > > > > > >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> > 9 > > ) > > > Failed to register identity with appraiser, error 1 > > > > > > > > Should I have updated anything else? > > > > > > cheers, > > > /Nicolae. > > > > > > > > > > > > On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote: > > > > > > > > > This is indeed an issue caused by the
incompatibility
> between > > OAT > > tpm > > > access > > > code & tpm-tools(tpm_takeownership -z). It has already been > > fixed. > > > Please > > > follow below wiki and try again. > > > > > > https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL- > > > Recipe. > > > > > > Thanks > > > Jimmy > > > > > > Nicolae Paladi wrote on 2013-10-28: > > > > > > > Hi, I've followed the recipe > > > > > > > > > > (
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> > > > > > > i pe) but didn't get it to run yet; I think a
step is
> missing -- > > the AIK > > > > > > > is not available is /usr/share/oat-client (it was
not
> available in > > > > /var/lig/oat-appraiser/ClientFiles either); when
to > run > > > > provisioner.sh, I get the following:
I try provisioner.sh: line
> 7: > > systemctl: > > > > command not found ### ecStorage = NVRAM### Performing > > TPM > > > > provisioning...710 DONE Successfully initialized
TPM
> > Performing > > HIS > > > > identity provisioning...FAILED > > java.util.NoSuchElementException > > > > at > > >
java.util.StringTokenizer.nextToken(StringTokenizer.java:349)
> > > > at > > > > > > > > > > gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21 > > > > 5) > > > > at > > > > > > > > > >
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> > > > 2) > > > > at > > > > > > >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> > > > > > > r.java: 225) Failed to receive AIC from Privacy
CA,
error > 1 > > Registering > > > > > > > identity with server...FAILED > java.io.FileNotFoundException: > > > > /usr/share/oat-client/aik.cer (No such file or directory) > > > > at java.io.FileInputStream.open(Native Method) > > > > at > > java.io.FileInputStream.<init>(FileInputStream.java:137) > > > > at > > java.io.FileInputStream.<init>(FileInputStream.java:96) > > > > at > > > > gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > > > > at > > > > > > > > > >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> > > 9 > > > ) > > > > Failed to register identity with appraiser, error
1
> > > > > > > > > > > > > > > > Thanks, > > > > /Nicolae > > > > > > > > > > > > On 27 October 2013 22:55, Nicolae Paladi > > <n.paladi@gmail.com> > > wrote: > > > > > > > > > > > > Awesome, thanks! > > > > > > > > I'll try this out in the morning > > > > > > > > /Nicolae > > > > > > > > > > > > On 27 October 2013 17:03, Wei, Gang > > <gang.wei@intel.com> > > > wrote: > > > > > > > > > > > > Please refer to > > > > > > > > > > > > > > https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL- > > > > Recipe. > > > > > > > > Jimmy > > > > > > > > > > > >

Hi, just FYI, another detail: I was trying to build the latest version on a different host using the instructions from https://github.com/OpenAttestation/OpenAttestation/wiki/Build-and-Install-Op... and also had some trouble there; right now the issue is that the TPM I have does not have an endorsement credential; could this be an issue with the RHEL packages as well? /Nicolae. On 15 November 2013 16:31, Nicolae Paladi <n.paladi@gmail.com> wrote:
Hi,
ok I understand that this may seem really strange now, but I have deployed this on a different, clear host with CentOS which has not had oat installed earlier; again both appraiser and client are on the same host.
The only think in the tomcat6 log is:
before invoke........................
Here's the error trace:
oat client attestation config ...ok oat client provisioner config ...ok oat client installation ...ok oat appraiser hostname: beijing.sics.se ### ecStorage = NVRAM### Performing TPM provisioning...Error getting PubEK: gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.setCredential returned nonzero error: 2() DONE Successfully initialized TPM Performing HIS identity provisioning...FAILED gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2() at gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594) at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:217) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:140) at java.io.FileInputStream.<init>(FileInputStream.java:96) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99) Failed to register identity with appraiser, error 1
Any ideas?..
Cheers, /Nicolae
On 15 November 2013 10:45, Wei, Gang <gang.wei@intel.com> wrote:
So you will not see below error after copying the .cer & .jks again, right?
### ecStorage = NVRAM### Performing TPM provisioning...FAILED javax.xml.ws.WebServiceException: Failed to access the WSDL at:
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactorySe rvice?wsdl<https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactoryService?wsdl>. It failed with: Connection refused.
As to below errors:
Performing HIS identity provisioning...FAILED java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215) at
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:292) at
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j ava:225) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:137) at java.io.FileInputStream.<init>(FileInputStream.java:96) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 ) Failed to register identity with appraiser, error 1
Missing of aik.cer is the subsequence of HIS identity provisioning failure. The key is: java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215)
Which is mostly caused by incorrect tpm owner auth. This is actually the issue occurred in your first try. So I doubt the oat-client rpm you reinstalled is still the old one in your local cache.
Please try to uninstall oat-client, yum clean, then yum install oat-client, and then try again.
Thanks Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Friday, November 15, 2013 4:08 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
I have done that and reran provisioner.sh with the same result.
As I understand, I am copying the files _PrivacyCA.cer_ and _TrustStore.jks_ to /usr/share/oat-client, while the java error complains about the missing file _aik.cer_, as follows:
java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at java.io.FileInputStream.<init>(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 )
is the file _aik.cer_ supposed to be generated at some point here?
Just to clarify, I am using CentOS 6.4, TruSerS and tpm-tools.
Cheers, /Nicolae.
On 15 November 2013 03:23, Wei, Gang <gang.wei@intel.com> wrote:
So, just as what I suggested in last mail, please copy the files
to client again and run provisioner.sh:
1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to client.
Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer to :/usr/share/oat-client/
Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks to :/usr/share/oat-client/
Notes: please repeat above steps in case you have re-deployed your oat appraiser.
Thanks
Jimmy
From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Thursday, November 14, 2013 6:30 PM
To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
As far as I see, port 8443 is not occupied and tomcat6 is running:
root@host /usr/share/oat-client/script # netstat -anp | grep 8443
root@host /usr/share/oat-client/script # service tomcat6 status
tomcat6 (pid 30950) is running... [ OK ]
Also, just in case, I've checked if disabling iptables helps, and it doesn't;
In the error trace, there is a line:
java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory)
and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; when is it supposed to
be generated?
cheers,
/Nicolae
On 14 November 2013 04:32, Wei, Gang <gang.wei@intel.com> wrote:
And you need to copy files from server to client before you try to run provisioner.sh every time you run OAT_configure.sh again.
Jimmy
> -----Original Message----- > From: Wei, Gang > Sent: Thursday, November 14, 2013 11:26 AM > To: Nicolae Paladi > Cc: Doron Fediuck; users@ovirt.org; Wei, Gang > Subject: RE: [Users] Trusted Pools and CentOS 6 packages > > Can you try netstat -anp | grep 8443? Maybe it is occupied by apache. > > Meanwhile check whether tomcat is up. > > Jimmy > > > > -----Original Message----- > > From: Nicolae Paladi [mailto:n.paladi@gmail.com] > > Sent: Wednesday, November 13, 2013 10:43 PM > > To: Wei, Gang > > Cc: Doron Fediuck; users@ovirt.org > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > Hi, > > > > I am using port 8443, since no other process -- as far as I know -- is > using it; > > > > below you will find all of the requested configuration files: > > > > Contents of /etc/oat_client/*: > > log4j.properties: http://pastebin.com/MQLM68vs > > OAT.properties: http://pastebin.com/LwHihxah > > OATprovisioner.properties: http://pastebin.com/0x5TShtZ > > TPMModule.properties: http://pastebin.com/hvw9gfRE > > > > > > server.xml: http://pastebin.com/VZ9Vk6iC > > OAT_client.sh: http://pastebin.com/St4yCGcF > > > > provisioner.sh: http://pastebin.com/RedqQt8V > > > > > > cheers, > > /Nicolae. > > > > > > On 13 November 2013 14:47, Wei, Gang <gang.wei@intel.com> wrote: > > > > > > This time it failed earlier. Looks like the PCA webservice2 was not > > listening on 8443 port. Have you replaced the port 8443 with 8442 in > > server > > side ($TOMCAT_HOME/conf/server.xml) but not change it in client side > > (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443
from server port is
> occupied > > by another app? > > > > Please copy the content from your current server.xml, OAT_client.sh, > > provisioner.sh and /etc/oat-client/* into the content of
your reply
> for > > analysis. (don't attach *.sh as attachments, that will get
filtered
> by my > > company's mailing system). > > > > Thanks > > Jimmy > > > > > > > > > -----Original Message----- > > > From: Nicolae Paladi [mailto:n.paladi@gmail.com] > > > Sent: Wednesday, November 13, 2013 7:01 PM > > > To: Wei, Gang > > > Cc: Doron Fediuck; users@ovirt.org > > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > > > > Hi, > > > > > > thank you for the feedback; > > > I've gone through the steps again, but obtained the
exactly
same > > problem: > > > > > > 1. I removed all of the previously installed packaged related to > OAT. > > > > > > 2. I followed the tutorial, until this command: > > > > > > bash provisioner.sh > > > > > > provisioner.sh: line 7: systemctl: command not found > > > ### ecStorage = NVRAM### > > > Performing TPM provisioning...FAILED > > > javax.xml.ws.WebServiceException: Failed to access the WSDL at: > > > > > >
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
> > > yService?wsdl. It failed with: > > > Connection refused. > > > at > > > > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP > > > arser.java:162) > > > at > > > > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j > > > ava:144) > > > at > > > > > > com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav > > > a:265) > > > at > > > > > >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
> > > at > > > > > >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
> > > at > > > > > > com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav > > a:104 > > > ) > > > at javax.xml.ws.Service.<init>(Service.java:77) > > > at > > > > > > gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe > > bSer > > > > > > vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService > > Servi > > > ce.java:42) > > > at > > > > > > gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe > > bSer > > > > > >
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
> > > entInvoker.java:32) > > > at > > > > >
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:20
5) > > > Caused by: java.net.ConnectException: Connection refused > > > at java.net.PlainSocketImpl.socketConnect(Native Method) > > > at > > > > > > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav > > a:339 > > > ) > > > at > > > > > > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI > > mpl.j > > > ava:200) > > > at > > > > >
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:1
82) > > > at > > java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > > > at java.net.Socket.connect(Socket.java:579) > > > at > > sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) > > > at > > > > > sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) > > > at sun.net.NetworkClient.doConnect(NetworkClient.java:180) > > > at > > sun.net.www.http.HttpClient.openServer(HttpClient.java:432) > > > at > > sun.net.www.http.HttpClient.openServer(HttpClient.java:527) > > > at > > > > sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275) > > > at > > > sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) > > > at > > > > > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt > > > tpClient(AbstractDelegateHttpsURLConnection.java:191) > > > at > > > > > > sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec > > > tion.java:932) > > > at > > > > > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A > > > bstractDelegateHttpsURLConnection.java:177) > > > at > > > > > > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn > > > ection.java:1300) > > > at > > > > > > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU > > > RLConnectionImpl.java:254) > > > at java.net.URL.openStream(URL.java:1037) > > > at > > > > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD > > > LParser.java:804) > > > at > > > > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL > > > Parser.java:262) > > > at > > > > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j > > > ava:129) > > > ... 8 more > > > Failed to initialize the TPM, error 1 > > > Performing HIS identity provisioning...FAILED > > > gov.niarl.his.privacyca.TpmModule$TpmModuleException: > > > TpmModule.getCredential returned nonzero error: 2() > > > at > > > > gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594) > > > at > > > > > >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
> > ava: > > > 217) > > > Failed to receive AIC from Privacy CA, error 1 > > > Registering identity with server...FAILED > > > java.io.FileNotFoundException:
/usr/share/oat-client/aik.cer
(No > such file > > or > > > directory) > > > at java.io.FileInputStream.open(Native Method) > > > at > java.io.FileInputStream.<init>(FileInputStream.java:146) > > > at > java.io.FileInputStream.<init>(FileInputStream.java:101) > > > at > > gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > > > at > > > > > > > >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> > 9 > > ) > > > Failed to register identity with appraiser, error 1 > > > > > > > > Should I have updated anything else? > > > > > > cheers, > > > /Nicolae. > > > > > > > > > > > > On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com
wrote: > > > > > > > > > This is indeed an issue caused by the
incompatibility
> between > > OAT > > tpm > > > access > > > code & tpm-tools(tpm_takeownership -z). It has already been > > fixed. > > > Please > > > follow below wiki and try again. > > > > > > https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL- > > > Recipe. > > > > > > Thanks > > > Jimmy > > > > > > Nicolae Paladi wrote on 2013-10-28: > > > > > > > Hi, I've followed the recipe > > > > > > > > > > (
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> > > > > > > i pe) but didn't get it to run yet; I think a
step is
> missing -- > > the AIK > > > > > > > is not available is /usr/share/oat-client (it
was not
> available in > > > > /var/lig/oat-appraiser/ClientFiles either);
to > run > > > > provisioner.sh, I get the following:
when I try provisioner.sh: line
> 7: > > systemctl: > > > > command not found ### ecStorage = NVRAM### Performing > > TPM > > > > provisioning...710 DONE Successfully initialized
TPM
> > Performing > > HIS > > > > identity provisioning...FAILED > > java.util.NoSuchElementException > > > > at > > >
java.util.StringTokenizer.nextToken(StringTokenizer.java:349)
> > > > at > > > > > > > > > > gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21 > > > > 5) > > > > at > > > > > > > > > >
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> > > > 2) > > > > at > > > > > > >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> > > > > > > r.java: 225) Failed to receive AIC from Privacy
CA,
error > 1 > > Registering > > > > > > > identity with server...FAILED > java.io.FileNotFoundException: > > > > /usr/share/oat-client/aik.cer (No such file or directory) > > > > at java.io.FileInputStream.open(Native Method) > > > > at > > java.io.FileInputStream.<init>(FileInputStream.java:137) > > > > at > > java.io.FileInputStream.<init>(FileInputStream.java:96) > > > > at > > > > gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > > > > at > > > > > > > > > >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> > > 9 > > > ) > > > > Failed to register identity with appraiser,
error 1
> > > > > > > > > > > > > > > > Thanks, > > > > /Nicolae > > > > > > > > > > > > On 27 October 2013 22:55, Nicolae Paladi > > <n.paladi@gmail.com> > > wrote: > > > > > > > > > > > > Awesome, thanks! > > > > > > > > I'll try this out in the morning > > > > > > > > /Nicolae > > > > > > > > > > > > On 27 October 2013 17:03, Wei, Gang > > <gang.wei@intel.com> > > > wrote: > > > > > > > > > > > > Please refer to > > > > > > > > > > > > > > https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL- > > > > Recipe. > > > > > > > > Jimmy > > > > > > > > > > > >
participants (4)
-
Doron Fediuck
-
Gianluca Cecchi
-
Nicolae Paladi
-
Wei, Gang