search

PeculiarVentures / fortify

Fortify enables web applications to use smart cards, local certificate stores and do certificate enrollment. This is the desktop application repository.
https://fortifyapp.com
Other
114 stars 32 forks source link

Socket connection is not open #488

Closed KINFOO closed 2 years ago

KINFOO commented 2 years ago

Configuration

Fortify: 1.8.3 Firefox: 78.15.0esr OS: Debian GNU/Linux 11 YubiKey 5 NFC

Context

I manage to sign text using example https://fortifyapp.com/examples/signing I want to integrate this in a react application using fortify-webcomponents-react 0.2.37 I get a Socket connection is not open running this code

const OperationsAuthorizeContainer = () => {
  const classes = useStyles();
  const [text, setText] = useState('');
  const [authorized, setAuthorized] = useState(false);
  const handleContinue = async (event: any) => {
    setAuthorized(true);
    setText(event.detail.providerId);
    try {
      let provider = await event.detail.server.getCrypto(event.detail.providerId);
      provider.sign = provider.subtle.sign.bind(provider.subtle);
    } catch (error) {
      console.error(error);
    }
  };

  return (
    <>
      <Grid container spacing={4} alignItems="stretch" className={classes.container}>
        {!authorized ? (
          <>
            <Grid item xs={2}></Grid>
            <Grid item xs={8}>
              <PeculiarFortifyCertificates
                hide-footer
                filters={{ onlySmartcards: true, onlyWithPrivateKey: true, keyUsage: ['digitalSignature'] }}
                onContinue={handleContinue}
                onCancel={() => alert('Very well, but cancel what?')}
              />
            </Grid>
          </>
        ) : (
          <>
            <Grid item xs={6}>
              <div className={classes.widget}>
                <TextField
                  id="filled-textarea"
                  label="Text to sign"
                  placeholder="Type text to sign"
                  multiline
                  fullWidth
                  variant="filled"
                  onChange={(e) => setText(e.target.value)}
                />
              </div>
            </Grid>
            <Grid item xs={6}>
              <div className={classes.widget}>
                <h3>Signed text:</h3>
                <span>{text}</span>
              </div>
            </Grid>
          </>
        )}
      </Grid>
    </>
  );
};

Error is raised by this line

let provider = await event.detail.server.getCrypto(event.detail.providerId);

What am I doing wrong? It is a subset of the code provided by example...

donskov commented 2 years ago

Hi @KINFOO. Try to use the pre-release 1.8.4 version. We tried to fix the problems associated with the lack of connection.

KINFOO commented 2 years ago

Hi,

I tried pre-release 1.8.4 version and got SEC_ERROR_BAD_DATABASE as soon as I insert Yubikey and then application segfaults

$ /opt/Fortify/fortify
info: [application]  Starting {"time":"2022-05-09T12:40:35.195Z"}
info: [application]  Application info {"version":"1.8.4","versionChrome":"91.0.4472.164","versionElectron":"13.6.9","versionNode":"14.16.0"}
info: [system]  System info {"type":"Linux","platform":"linux","arch":"x64","cpus":4,"version":"5.10.0-13-amd64","totalmem":11948204032,"freemem":386052096}
info: [system]  Screen size {"width":1920,"height":1080}
info: [l10n]  Change language {"lang":"en"}
info: [ssl-service]  Get certificate status {"status":"valid"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/3lrtpgml.default\" -h \"all\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/3lrtpgml.default\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/3y8lpdvr.default-1454578991607\" -h \"all\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/3y8lpdvr.default-1454578991607\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/Crash Reports\" -h \"all\"","shell":"bash"}
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
error: [ssl-installer]  SSL install error {"error":"Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/Crash Reports\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n","stack":"Error: Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/Crash Reports\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n\n    at checkExecSyncError (child_process.js:625:11)\n    at Object.execSync (child_process.js:661:15)\n    at Object.execSync (electron/js2c/asar_bundle.js:5:12288)\n    at t.NssCertUtils.run (/opt/Fortify/resources/app.asar/out/main.js:256:182457)\n    at t.NssCertUtils.list (/opt/Fortify/resources/app.asar/out/main.js:256:181905)\n    at t.NssCertUtils.exists (/opt/Fortify/resources/app.asar/out/main.js:256:181646)\n    at t.SslCertInstaller.installFirefox (/opt/Fortify/resources/app.asar/out/main.js:256:179862)\n    at g.run (/opt/Fortify/resources/app.asar/out/main.js:256:175384)\n    at t.Server.init (/opt/Fortify/resources/app.asar/out/main.js:31:553306)\n    at b.initServer (/opt/Fortify/resources/app.asar/out/main.js:172:90344)"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/Pending Pings\" -h \"all\"","shell":"bash"}
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
error: [ssl-installer]  SSL install error {"error":"Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/Pending Pings\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n","stack":"Error: Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/Pending Pings\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n\n    at checkExecSyncError (child_process.js:625:11)\n    at Object.execSync (child_process.js:661:15)\n    at Object.execSync (electron/js2c/asar_bundle.js:5:12288)\n    at t.NssCertUtils.run (/opt/Fortify/resources/app.asar/out/main.js:256:182457)\n    at t.NssCertUtils.list (/opt/Fortify/resources/app.asar/out/main.js:256:181905)\n    at t.NssCertUtils.exists (/opt/Fortify/resources/app.asar/out/main.js:256:181646)\n    at t.SslCertInstaller.installFirefox (/opt/Fortify/resources/app.asar/out/main.js:256:179862)\n    at g.run (/opt/Fortify/resources/app.asar/out/main.js:256:175384)\n    at t.Server.init (/opt/Fortify/resources/app.asar/out/main.js:31:553306)\n    at b.initServer (/opt/Fortify/resources/app.asar/out/main.js:172:90344)"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/dlpnyzyi.default\" -h \"all\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/dlpnyzyi.default\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/installs.ini\" -h \"all\"","shell":"bash"}
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
error: [ssl-installer]  SSL install error {"error":"Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/installs.ini\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n","stack":"Error: Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/installs.ini\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n\n    at checkExecSyncError (child_process.js:625:11)\n    at Object.execSync (child_process.js:661:15)\n    at Object.execSync (electron/js2c/asar_bundle.js:5:12288)\n    at t.NssCertUtils.run (/opt/Fortify/resources/app.asar/out/main.js:256:182457)\n    at t.NssCertUtils.list (/opt/Fortify/resources/app.asar/out/main.js:256:181905)\n    at t.NssCertUtils.exists (/opt/Fortify/resources/app.asar/out/main.js:256:181646)\n    at t.SslCertInstaller.installFirefox (/opt/Fortify/resources/app.asar/out/main.js:256:179862)\n    at g.run (/opt/Fortify/resources/app.asar/out/main.js:256:175384)\n    at t.Server.init (/opt/Fortify/resources/app.asar/out/main.js:31:553306)\n    at b.initServer (/opt/Fortify/resources/app.asar/out/main.js:172:90344)"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/jfrpy17b.dev-edition-default-1594911365065\" -h \"all\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/jfrpy17b.dev-edition-default-1594911365065\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/l0c1uhgo.default\" -h \"all\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/l0c1uhgo.default\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/mwad0hks.default\" -h \"all\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/mwad0hks.default\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/profiles.ini\" -h \"all\"","shell":"bash"}
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
error: [ssl-installer]  SSL install error {"error":"Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/profiles.ini\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n","stack":"Error: Command failed: \"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/profiles.ini\" -h \"all\"\ncertutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.\n\n    at checkExecSyncError (child_process.js:625:11)\n    at Object.execSync (child_process.js:661:15)\n    at Object.execSync (electron/js2c/asar_bundle.js:5:12288)\n    at t.NssCertUtils.run (/opt/Fortify/resources/app.asar/out/main.js:256:182457)\n    at t.NssCertUtils.list (/opt/Fortify/resources/app.asar/out/main.js:256:181905)\n    at t.NssCertUtils.exists (/opt/Fortify/resources/app.asar/out/main.js:256:181646)\n    at t.SslCertInstaller.installFirefox (/opt/Fortify/resources/app.asar/out/main.js:256:179862)\n    at g.run (/opt/Fortify/resources/app.asar/out/main.js:256:175384)\n    at t.Server.init (/opt/Fortify/resources/app.asar/out/main.js:31:553306)\n    at b.initServer (/opt/Fortify/resources/app.asar/out/main.js:172:90344)"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/zlj3zm6h.default\" -h \"all\"","shell":"bash"}
info: [nss]  Run certutil command {"command":"\"certutil\" -L -d \"sql:/home/kevin/.mozilla/firefox/zlj3zm6h.default\" -n \"Fortify Local CA\" -a \"\"","shell":"bash"}
info: [server]  SSL certificate is loaded
info: [server]  Comparing current version of card.json file with remote
(node:227667) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `fortify --trace-deprecation ...` to show where the warning was created)
info: [server]  card.json has the latest version {"version":"1.1.7"}
info: [pcsc]  Start PCSC listening
info: [update]  Check for new update
info: [application]  Loaded {"time":"2022-05-09T12:40:36.014Z","duration":819}
info: [server]  Started {"address":"127.0.0.1:31337"}
info: [provider]  PKCS#11 library information {"library":"/usr/lib/x86_64-linux-gnu/nss/libsoftokn3.so","manufacturerId":"Mozilla.org","cryptokiVersion":{"major":2,"minor":40},"libraryVersion":{"major":3,"minor":61},"firmwareVersion":{"major":0,"minor":0}}
info: [provider]  Crypto provider was added to the list {"id":"48210e257b3a40392fd95249e460804a2d5fbb8a","library":"/usr/lib/x86_64-linux-gnu/nss/libsoftokn3.so","name":"Software Security Device","reader":"PSM Private Keys"}
info: [provider]  PKCS#11 library information {"library":"/usr/lib/x86_64-linux-gnu/nss/libsoftokn3.so","manufacturerId":"Mozilla.org","cryptokiVersion":{"major":2,"minor":40},"libraryVersion":{"major":3,"minor":61},"firmwareVersion":{"major":0,"minor":0}}
info: [provider]  Crypto provider was added to the list {"id":"48210e257b3a40392fd95249e460804a2d5fbb8a","library":"/usr/lib/x86_64-linux-gnu/nss/libsoftokn3.so","name":"Software Security Device","reader":"PSM Private Keys"}
info: [pcsc]  Start PCSC listening
info: [update]  New version wasn't found
info: [server]  Create a new connection {"origin":"https://tools.fortifyapp.com"}
info: [server]  Push session to stack {"origin":"https://tools.fortifyapp.com"}
warn: [server]  Cannot parse MessageSignedProtocol
info: [server]  Initialize secure session {"origin":"https://tools.fortifyapp.com","session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","authorized":true}
info: [server]  Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"server/isLoggedIn"}
info: [server]  Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"provider/action/info"}
info: [server]  Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"provider/action/getCrypto"}
info: [server]  Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"crypto/isLoggedIn","provider":"48210e257b3a40392fd95249e460804a2d5fbb8a"}
info: [server-api]  crypto/isLoggedIn {"crypto":"Software Security Device"}
info: [server]  Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"provider/action/getCrypto"}
info: [server]  Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"crypto/isLoggedIn","provider":"48210e257b3a40392fd95249e460804a2d5fbb8a"}
info: [server-api]  crypto/isLoggedIn {"crypto":"Software Security Device"}
info: [server]  Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"provider/action/getCrypto"}
info: [server]  Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"crypto/isLoggedIn","provider":"48210e257b3a40392fd95249e460804a2d5fbb8a"}
info: [server-api]  crypto/isLoggedIn {"crypto":"Software Security Device"}
info: [server]  Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"crypto/keyStorage/keys","provider":"48210e257b3a40392fd95249e460804a2d5fbb8a"}
info: [server-api]  keyStorage/keys {"crypto":"Software Security Device"}
info: [server]  Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"crypto/certificateStorage/keys","provider":"48210e257b3a40392fd95249e460804a2d5fbb8a"}
info: [server-api]  certStorage/keys {"crypto":"Software Security Device"}
info: [server]  Create a new connection {"origin":"127.0.0.1"}
info: [server]  Push session to stack {"origin":"127.0.0.1"}
warn: [server]  Cannot parse MessageSignedProtocol
info: [server]  Initialize secure session {"origin":"127.0.0.1","session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","authorized":true}
info: [server]  Run action {"session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","action":"server/isLoggedIn"}
info: [server]  Run action {"session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","action":"provider/action/info"}
info: [pcsc]  Initialize new reader {"reader":"Yubico YubiKey OTP+FIDO+CCID 00 00"}
info: [pcsc]  New token was added to the reader {"reader":"Yubico YubiKey OTP+FIDO+CCID 00 00","atr":"3bfd1300008131fe158073c021c057597562694b657940"}
info: [pcsc]  Initialize new reader {"reader":"Yubico YubiKey OTP+FIDO+CCID 00 00"}
info: [pcsc]  New token was added to the reader {"reader":"Yubico YubiKey OTP+FIDO+CCID 00 00","atr":"3bfd1300008131fe158073c021c057597562694b657940"}
info: [server-api]  cardReader/insert {"atr":"3bfd1300008131fe158073c021c057597562694b657940","reader":"Yubico YubiKey OTP+FIDO+CCID 00 00"}
info: [server-api]  cardReader/insert {"atr":"3bfd1300008131fe158073c021c057597562694b657940","reader":"Yubico YubiKey OTP+FIDO+CCID 00 00"}
info: [provider]  Token was added to the reader {"reader":"Yubico YubiKey OTP+FIDO+CCID 00 00","name":"Yubico Yubikey 4 OTP+U2F+CCID","atr":"3bfd1300008131fe158073c021c057597562694b657940"}
info: [provider]  Loading PKCS#11 library {"library":"/usr/local/lib/libykcs11.so"}
info: [provider]  Looking for slot {"slots":1}
info: [provider]  Use ConfigTemplateBuilder
info: [provider]  PKCS#11 library information {"library":"/usr/local/lib/libykcs11.so","manufacturerId":"Yubico (www.yubico.com)","cryptokiVersion":{"major":2,"minor":40},"libraryVersion":{"major":2,"minor":20},"firmwareVersion":{"major":1,"minor":0}}
info: [provider]  Crypto provider was added to the list {"id":"3c8aee3baec2fa2f668129aba3a3e537ae36a187529eb4f725814f5e337c7861","library":"/usr/local/lib/libykcs11.so","name":"Yubico Yubikey 4 OTP+U2F+CCID","reader":"Yubico YubiKey OTP+FIDO+CCID 00 00"}
info: [provider-service]  Amount of tokens was changed {"added":1,"removed":0}
info: [server]  Run action {"session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","action":"provider/action/info"}
info: [server]  Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"provider/action/getCrypto"}
info: [server]  Run action {"session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","action":"provider/action/getCrypto"}
info: [server]  Run action {"session":"df8ddc3de4977c2eefc260256d82236e23c8ada31e8a2cd2fa6d3ace7b2c17fb","action":"crypto/isLoggedIn","provider":"3c8aee3baec2fa2f668129aba3a3e537ae36a187529eb4f725814f5e337c7861"}
info: [server-api]  crypto/isLoggedIn {"crypto":"Yubico Yubikey 4 OTP+U2F+CCID"}
info: [server]  Run action {"session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","action":"crypto/isLoggedIn","provider":"3c8aee3baec2fa2f668129aba3a3e537ae36a187529eb4f725814f5e337c7861"}
info: [server-api]  crypto/isLoggedIn {"crypto":"Yubico Yubikey 4 OTP+U2F+CCID"}
info: [server]  Run action {"session":"28e85329690c9548c8b0100ed8777329c2cc623140c8a56b840ff4cd8c8341fa","action":"crypto/login","provider":"3c8aee3baec2fa2f668129aba3a3e537ae36a187529eb4f725814f5e337c7861"}
info: [server-api]  crypto/login {"crypto":"Yubico Yubikey 4 OTP+U2F+CCID"}
info: [windows]  Create window {"name":"p11-pin"}
[227667:0509/144105.020037:FATAL:nss_util.cc(129)] nss_error=-8018, os_error=0
[1]    227667 trace trap  /opt/Fortify/fortify
KINFOO commented 2 years ago

I also tried pre-release 1.8.4 version on Windows 10 and got my initial Socket connection is not open error

davidbonnet commented 2 years ago

The example above eagerly unmounted the PeculiarFortifyCertificates component during the onContinue callback execution. Thus there is no particular bug.

As a suggestion though, it would be interesting to extract the logic that lists certificates and selects one so that it becomes UI library/framework agnostic and therefore easier to test/integrate.

rmhrisk commented 2 years ago

/cc @donskov