Open hendersonweb opened 3 years ago
Hi Isaac!
I cannot reproduce your error. Please attach what you did and a logfile.
This worked for me:
(this uses Tomcat into a simple docker container -- should also work with your own Tomcat, though)
mvn build
docker build -t atvapi .
docker run -p 80:8080 atvapi
... API/ATV running at http://localhost/atvpi (open http://localhost/atvapi/api/v1/ to verify)
... this also displays the log of the ATV for diagnostics in case something goes wrong.
cd src/test/python
# make sure BASE envvar is correct (e.g. BASE = 'http://localhost/atvapi')
python XAdESdemo.py
output of the python script:
OK: LIGHTest ATV 1.9.9-SNAPSHOT OK: 3 pre-checks passed! OK: TPL Interpreter initialized! OK: xades extraction successful. OK: Signer certificate: Trusted List 6 OK: eIDAS_qualified_certificate extraction successful. OK: XAdES Signature Verification successful. OK: No Trust Scheme Membership Claim found in certificate, using default: eIDAS_qualified_claim OK: Claimed Signer: test-scheme.lightest.nlnetlabs.nl OK: Trust Status List discovered & loaded. OK: Trust Status List Signature validation successful. OK: Claimed Scheme matches Trusted Scheme: eidas.lightest.nlnetlabs.nl OK: Issuer found on Trust Status List: RTR Services 4 OK: trustlist_entry extraction successful. OK: Signer Verification successful.
(reminder: this demos will stop working if @partim stops our demo DNS servers, or similar things happen.)
HTH!
Hii stefan, Thanks a lot for your immediate reply. I figured out the problem, it was a problem with jar compatibility. And now i don't get this error anymore.
But I have another doubt, I'm trying to setup the ATV from a server which is not DNSSEC protected. Will the system still work ?.
Because i have disabled DNSSEC and DANE verification in atv.properties and generated the .war file. And then I deployed it in a server, but i get the following error.
OK: LIGHTest ATV
OK: 3 pre-checks passed!
OK: TPL Interpreter initialized!
OK: xades extraction successful.
OK: Signer certificate: Trusted List 6
OK: eIDAS_qualified_certificate extraction successful.
OK: XAdES Signature Verification successful.
OK: No Trust Scheme Membership Claim found in certificate, using default: eIDAS_qualified_claim
OK: Claimed Signer: test-scheme.lightest.nlnetlabs.nl
FAILED: Error discovering Trust Scheme: No AD flag. (Host not using DNSSec?)
FAILED: Trust Scheme discovery failed for claim test-scheme.lightest.nlnetlabs.nl!
Do you know the reason for it?
PS: The server which i deployed is not DNSSEC protected.
The DNS/DNSSEC setup of the server on which you host the ATV should not matter (it also works on localhost), so I am not sure what's the issue with your attempt. If you let me know what test script this is I can run it and have a look.
Do you get the error also with dnssec_verification_enabled
etc. set to true
?
About the flags: As far as I remember the flags disable those checks; maybe we missed one (but I remember that we tested the ATV without DNSSEC in the beginning) -- you could verify that in the ATV sourcecode. By the way, I think we print the configuration to the log, so you can check if your manual change actually had an effect or if you need to re-build the ATV before re-deploying the API.
Hii stefan , Thanks for the reply. I tried deploying in the following server BASE = 'https://essif.iao.fraunhofer.de/atvapi_essif/' with PAdesdemo.py file. The following was the result
REPORT: ######
OK: LIGHTest ATV
OK: 3 pre-checks passed!
OK: TPL Interpreter initialized!
OK: pades extraction successful.
OK: Signer certificate: LATORRE ANTIN GERMAN - 25180855H
OK: eIDAS_qualified_certificate extraction successful.
OK: PAdES Signature Verification successful.
OK: No Trust Scheme Membership Claim found in certificate, using default: eIDAS_qualified_claim
OK: Claimed Signer: test-scheme.lightest.nlnetlabs.nl
FAILED: Error discovering Trust Scheme: No AD flag. (Host not using DNSSec?)
FAILED: Trust Scheme discovery failed for claim test-scheme.lightest.nlnetlabs.nl!
if I run it with my local ATV (via the Docker setup described above) I get the following:
###### REPORT: ######
OK: LIGHTest ATV 1.9.9-SNAPSHOT
OK: 3 pre-checks passed!
OK: TPL Interpreter initialized!
OK: pades extraction successful.
OK: Signer certificate: LATORRE ANTIN GERMAN - 25180855H
OK: eIDAS_qualified_certificate extraction successful.
OK: PAdES Signature Verification successful.
OK: No Trust Scheme Membership Claim found in certificate, using default: eIDAS_qualified_claim
OK: Claimed Signer: test-scheme.lightest.nlnetlabs.nl
OK: Trust Status List discovered & loaded.
OK: Trust Status List Signature validation successful.
OK: Claimed Scheme matches Trusted Scheme: eidas.lightest.nlnetlabs.nl
OK: Issuer found on Trust Status List: Qualified certificates for individuals issued by AC FNMT Usuarios
OK: trustlist_entry extraction successful.
OK: Signer Verification successful.
You could check the log of the ATV (on the server) to figure out what's wrong.
For example, it prints the config during initialization, so you can verify it's the one you expect:
Config initialized / reset done:
* dane_verification_enabled : true
* dnssec_verification_enabled : true
* dnssec_root_key : get-trust-anchor/ksk-as-dnskey.txt
* dns_nameserver : 8.8.8.8
* http_timeout : 15
* precheck.simpleHTTPCheck.url : https://c01.netztest.at/RMBTControlServer/testRequest
* tpl_main_predicate : accept(Form).
* tpl_main_predicate_variable : Form
* tpl_recordRPxTranscript : false
* tpl_recordRPxTranscript_path : /tmp/lightest_rpx
* trustscheme_claim_default : eIDAS_qualified_claim
* trustscheme_claim.eIDAS_qualified_claim: _scheme._trust.test-scheme.lightest.nlnetlabs.nl.
* trustscheme_claim.eIDAS_qualified : eidas.lightest.nlnetlabs.nl
* trustscheme_claim.eidas_qualified : eidas.lightest.nlnetlabs.nl
...
Also, can you try with dane_verification_enabled
& dnssec_verification_enabled
set to true
? since this should work for this testdata (as the used DNS records are signed).
Hallo,
I have received this error,
{"timestamp":"2021-03-09T11:56:52.740+0000","status":500,"error":"Internal Server Error","message":"eu/lightest/verifier/model/report/Report","path":"/atvapi/api/v1/addInstance"}
How can this error be rectified?. Although log files have been created.
Do we need to do instantiate something after uploading the .war files?