Closed KINFOO closed 2 years ago
Hi @KINFOO. Try to use the pre-release 1.8.4 version. We tried to fix the problems associated with the lack of connection.
Hi,
I tried pre-release 1.8.4 version and got SEC_ERROR_BAD_DATABASE
as soon as I insert Yubikey and then application segfaults
$ /opt/Fortify/fortify
info: [application] Starting {"time":"2022-05-09T12:40:35.195Z"}
info: [application] Application info {"version":"1.8.4","versionChrome":"91.0.4472.164","versionElectron":"13.6.9","versionNode":"14.16.0"}
info: [system] System info {"type":"Linux","platform":"linux","arch":"x64","cpus":4,"version":"5.10.0-13-amd64","totalmem":11948204032,"freemem":386052096}
info: [system] Screen size {"width":1920,"height":1080}
info: [l10n] Change language {"lang":"en"}
info: [ssl-service] Get certificate status {"status":"valid"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/3lrtpgml.default\" -h \"all\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/3lrtpgml.default\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/3y8lpdvr.default-1454578991607\" -h \"all\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/3y8lpdvr.default-1454578991607\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/Crash Reports\" -h \"all\"","shell":"bash"}
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
error: [ssl-installer] SSL install error {"error":"Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/Crash Reports\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n","stack":"Error: Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/Crash Reports\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n\n at checkExecSyncError (child_process.js:625:11)\n at Object.execSync (child_process.js:661:15)\n at Object.execSync (electron/js2c/asar_bundle.js:5:12288)\n at t.NssCertUtils.run (/opt/Fortify/resources/app.asar/out/main.js:256:182457)\n at t.NssCertUtils.list (/opt/Fortify/resources/app.asar/out/main.js:256:181905)\n at t.NssCertUtils.exists (/opt/Fortify/resources/app.asar/out/main.js:256:181646)\n at t.SslCertInstaller.installFirefox (/opt/Fortify/resources/app.asar/out/main.js:256:179862)\n at g.run (/opt/Fortify/resources/app.asar/out/main.js:256:175384)\n at t.Server.init (/opt/Fortify/resources/app.asar/out/main.js:31:553306)\n at b.initServer (/opt/Fortify/resources/app.asar/out/main.js:172:90344)"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/Pending Pings\" -h \"all\"","shell":"bash"}
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
error: [ssl-installer] SSL install error {"error":"Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/Pending Pings\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n","stack":"Error: Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/Pending Pings\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n\n at checkExecSyncError (child_process.js:625:11)\n at Object.execSync (child_process.js:661:15)\n at Object.execSync (electron/js2c/asar_bundle.js:5:12288)\n at t.NssCertUtils.run (/opt/Fortify/resources/app.asar/out/main.js:256:182457)\n at t.NssCertUtils.list (/opt/Fortify/resources/app.asar/out/main.js:256:181905)\n at t.NssCertUtils.exists (/opt/Fortify/resources/app.asar/out/main.js:256:181646)\n at t.SslCertInstaller.installFirefox (/opt/Fortify/resources/app.asar/out/main.js:256:179862)\n at g.run (/opt/Fortify/resources/app.asar/out/main.js:256:175384)\n at t.Server.init (/opt/Fortify/resources/app.asar/out/main.js:31:553306)\n at b.initServer (/opt/Fortify/resources/app.asar/out/main.js:172:90344)"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/dlpnyzyi.default\" -h \"all\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/dlpnyzyi.default\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/installs.ini\" -h \"all\"","shell":"bash"}
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
error: [ssl-installer] SSL install error {"error":"Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/installs.ini\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n","stack":"Error: Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/installs.ini\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n\n at checkExecSyncError (child_process.js:625:11)\n at Object.execSync (child_process.js:661:15)\n at Object.execSync (electron/js2c/asar_bundle.js:5:12288)\n at t.NssCertUtils.run (/opt/Fortify/resources/app.asar/out/main.js:256:182457)\n at t.NssCertUtils.list (/opt/Fortify/resources/app.asar/out/main.js:256:181905)\n at t.NssCertUtils.exists (/opt/Fortify/resources/app.asar/out/main.js:256:181646)\n at t.SslCertInstaller.installFirefox (/opt/Fortify/resources/app.asar/out/main.js:256:179862)\n at g.run (/opt/Fortify/resources/app.asar/out/main.js:256:175384)\n at t.Server.init (/opt/Fortify/resources/app.asar/out/main.js:31:553306)\n at b.initServer (/opt/Fortify/resources/app.asar/out/main.js:172:90344)"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/jfrpy17b.dev-edition-default-1594911365065\" -h \"all\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/jfrpy17b.dev-edition-default-1594911365065\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/l0c1uhgo.default\" -h \"all\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/l0c1uhgo.default\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/mwad0hks.default\" -h \"all\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/mwad0hks.default\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/profiles.ini\" -h \"all\"","shell":"bash"}
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
error: [ssl-installer] SSL install error {"error":"Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/profiles.ini\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n","stack":"Error: Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/profiles.ini\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n\n at checkExecSyncError (child_process.js:625:11)\n at Object.execSync (child_process.js:661:15)\n at Object.execSync (electron/js2c/asar_bundle.js:5:12288)\n at t.NssCertUtils.run (/opt/Fortify/resources/app.asar/out/main.js:256:182457)\n at t.NssCertUtils.list (/opt/Fortify/resources/app.asar/out/main.js:256:181905)\n at t.NssCertUtils.exists (/opt/Fortify/resources/app.asar/out/main.js:256:181646)\n at t.SslCertInstaller.installFirefox (/opt/Fortify/resources/app.asar/out/main.js:256:179862)\n at g.run (/opt/Fortify/resources/app.asar/out/main.js:256:175384)\n at t.Server.init (/opt/Fortify/resources/app.asar/out/main.js:31:553306)\n at b.initServer (/opt/Fortify/resources/app.asar/out/main.js:172:90344)"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/zlj3zm6h.default\" -h \"all\"","shell":"bash"}
info: [nss] Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/zlj3zm6h.default\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [server] SSL certificate is loaded
info: [server] Comparing current version of card.json file with remote
(node:227667) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `fortify --trace-deprecation ...` to show where the warning was created)
info: [server] card.json has the latest version {"version":"1.1.7"}
info: [pcsc] Start PCSC listening
info: [update] Check for new update
info: [application] Loaded {"time":"2022-05-09T12:40:36.014Z","duration":819}
info: [server] Started {"address":"127.0.0.1:31337"}
info: [provider] PKCS#11 library information {"library":"/usr/lib/x86_64-linux-gnu/nss/libsoftokn3.so","manufacturerId":"Mozilla.org","cryptokiVersion":{"major":2,"minor":40},"libraryVersion":{"major":3,"minor":61},"firmwareVersion":{"major":0,"minor":0}}
info: [provider] Crypto provider was added to the list {"id":"48210e257b3a40392fd95249e460804a2d5fbb8a","library":"/usr/lib/x86_64-linux-gnu/nss/libsoftokn3.so","name":"Software Security Device","reader":"PSM Private Keys"}
info: [provider] PKCS#11 library information {"library":"/usr/lib/x86_64-linux-gnu/nss/libsoftokn3.so","manufacturerId":"Mozilla.org","cryptokiVersion":{"major":2,"minor":40},"libraryVersion":{"major":3,"minor":61},"firmwareVersion":{"major":0,"minor":0}}
info: [provider] Crypto provider was added to the list {"id":"48210e257b3a40392fd95249e460804a2d5fbb8a","library":"/usr/lib/x86_64-linux-gnu/nss/libsoftokn3.so","name":"Software Security Device","reader":"PSM Private Keys"}
info: [pcsc] Start PCSC listening
info: [update] New version wasn't found
info: [server] Create a new connection {"origin":"https://tools.fortifyapp.com"}
info: [server] Push session to stack {"origin":"https://tools.fortifyapp.com"}
warn: [server] Cannot parse MessageSignedProtocol
info: [server] Initialize secure session {"origin":"https://tools.fortifyapp.com","session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","authorized":true}
info: [server] Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"server/isLoggedIn"}
info: [server] Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"provider/action/info"}
info: [server] Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"provider/action/getCrypto"}
info: [server] Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"crypto/isLoggedIn","provider":"48210e257b3a40392fd95249e460804a2d5fbb8a"}
info: [server-api] crypto/isLoggedIn {"crypto":"Software Security Device"}
info: [server] Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"provider/action/getCrypto"}
info: [server] Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"crypto/isLoggedIn","provider":"48210e257b3a40392fd95249e460804a2d5fbb8a"}
info: [server-api] crypto/isLoggedIn {"crypto":"Software Security Device"}
info: [server] Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"provider/action/getCrypto"}
info: [server] Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"crypto/isLoggedIn","provider":"48210e257b3a40392fd95249e460804a2d5fbb8a"}
info: [server-api] crypto/isLoggedIn {"crypto":"Software Security Device"}
info: [server] Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"crypto/keyStorage/keys","provider":"48210e257b3a40392fd95249e460804a2d5fbb8a"}
info: [server-api] keyStorage/keys {"crypto":"Software Security Device"}
info: [server] Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"crypto/certificateStorage/keys","provider":"48210e257b3a40392fd95249e460804a2d5fbb8a"}
info: [server-api] certStorage/keys {"crypto":"Software Security Device"}
info: [server] Create a new connection {"origin":"127.0.0.1"}
info: [server] Push session to stack {"origin":"127.0.0.1"}
warn: [server] Cannot parse MessageSignedProtocol
info: [server] Initialize secure session {"origin":"127.0.0.1","session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","authorized":true}
info: [server] Run action {"session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","action":"server/isLoggedIn"}
info: [server] Run action {"session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","action":"provider/action/info"}
info: [pcsc] Initialize new reader {"reader":"Yubico YubiKey OTP+FIDO+CCID 00 00"}
info: [pcsc] New token was added to the reader {"reader":"Yubico YubiKey OTP+FIDO+CCID 00 00","atr":"3bfd1300008131fe158073c021c057597562694b657940"}
info: [pcsc] Initialize new reader {"reader":"Yubico YubiKey OTP+FIDO+CCID 00 00"}
info: [pcsc] New token was added to the reader {"reader":"Yubico YubiKey OTP+FIDO+CCID 00 00","atr":"3bfd1300008131fe158073c021c057597562694b657940"}
info: [server-api] cardReader/insert {"atr":"3bfd1300008131fe158073c021c057597562694b657940","reader":"Yubico YubiKey OTP+FIDO+CCID 00 00"}
info: [server-api] cardReader/insert {"atr":"3bfd1300008131fe158073c021c057597562694b657940","reader":"Yubico YubiKey OTP+FIDO+CCID 00 00"}
info: [provider] Token was added to the reader {"reader":"Yubico YubiKey OTP+FIDO+CCID 00 00","name":"Yubico Yubikey 4 OTP+U2F+CCID","atr":"3bfd1300008131fe158073c021c057597562694b657940"}
info: [provider] Loading PKCS#11 library {"library":"/usr/local/lib/libykcs11.so"}
info: [provider] Looking for slot {"slots":1}
info: [provider] Use ConfigTemplateBuilder
info: [provider] PKCS#11 library information {"library":"/usr/local/lib/libykcs11.so","manufacturerId":"Yubico (www.yubico.com)","cryptokiVersion":{"major":2,"minor":40},"libraryVersion":{"major":2,"minor":20},"firmwareVersion":{"major":1,"minor":0}}
info: [provider] Crypto provider was added to the list {"id":"3c8aee3baec2fa2f668129aba3a3e537ae36a187529eb4f725814f5e337c7861","library":"/usr/local/lib/libykcs11.so","name":"Yubico Yubikey 4 OTP+U2F+CCID","reader":"Yubico YubiKey OTP+FIDO+CCID 00 00"}
info: [provider-service] Amount of tokens was changed {"added":1,"removed":0}
info: [server] Run action {"session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","action":"provider/action/info"}
info: [server] Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"provider/action/getCrypto"}
info: [server] Run action {"session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","action":"provider/action/getCrypto"}
info: [server] Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"crypto/isLoggedIn","provider":"3c8aee3baec2fa2f668129aba3a3e537ae36a187529eb4f725814f5e337c7861"}
info: [server-api] crypto/isLoggedIn {"crypto":"Yubico Yubikey 4 OTP+U2F+CCID"}
info: [server] Run action {"session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","action":"crypto/isLoggedIn","provider":"3c8aee3baec2fa2f668129aba3a3e537ae36a187529eb4f725814f5e337c7861"}
info: [server-api] crypto/isLoggedIn {"crypto":"Yubico Yubikey 4 OTP+U2F+CCID"}
info: [server] Run action {"session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","action":"crypto/login","provider":"3c8aee3baec2fa2f668129aba3a3e537ae36a187529eb4f725814f5e337c7861"}
info: [server-api] crypto/login {"crypto":"Yubico Yubikey 4 OTP+U2F+CCID"}
info: [windows] Create window {"name":"p11-pin"}
[227667:0509/144105.020037:FATAL:nss_util.cc(129)] nss_error=-8018, os_error=0
[1] 227667 trace trap /opt/Fortify/fortify
I also tried pre-release 1.8.4 version on Windows 10 and got my initial Socket connection is not open
error
The example above eagerly unmounted the PeculiarFortifyCertificates
component during the onContinue
callback execution. Thus there is no particular bug.
As a suggestion though, it would be interesting to extract the logic that lists certificates and selects one so that it becomes UI library/framework agnostic and therefore easier to test/integrate.
/cc @donskov
Configuration
Fortify:
1.8.3
Firefox:78.15.0esr
OS: Debian GNU/Linux 11 YubiKey 5 NFCContext
I manage to sign text using example https://fortifyapp.com/examples/signing I want to integrate this in a react application using fortify-webcomponents-react
0.2.37
I get aSocket connection is not open
running this codeError is raised by this line
What am I doing wrong? It is a subset of the code provided by example...