search

PeculiarVentures / fortify

Fortify enables web applications to use smart cards, local certificate stores and do certificate enrollment. This is the desktop application repository.
https://fortifyapp.com
Other
114 stars 32 forks source link

Epass2003 not detected in fortify web component #538

Open rossinicolas opened 1 year ago

rossinicolas commented 1 year ago

Hi, the Epass2003 tokens are not detected in the Fortify Web-Compent list if we setup the onlySmartcards in true. Could you tell us what's could be the problem.

TIA

microshine commented 1 year ago

Do you see this token without that flag?

Fortify reads information about the token and detects if the token is removable. Fortify Web-Compent uses this information for filtering. So it's possible that your token returns another value.

Please share some information about your environment.

rossinicolas commented 1 year ago

Do you see this token without that flag?

Fortify reads information about the token and detects if the token is removable. Fortify Web-Compent uses this information for filtering. So it's possible that your token returns another value.

Please share some information about your environment.

  • What is the version of your operating system? Windows 10 Pro Versión: 1903
  • What is the version of Fortify? 1.8.4
  • What PKCS11 library does Fortify use to work with your token? This information can be obtained from the logs of the application ~/.fortify/fortify.log. **{"level":"info","message":"Logging status changed","source":"logging","timestamp":"2023-02-23T16:05:02.649Z","value":true} {"level":"info","message":"Create a new connection","origin":"https://myurl.com","source":"server","timestamp":"2023-02-23T16:11:47.065Z"} {"level":"info","message":"Push session to stack","origin":"https://myurl.com","source":"server","timestamp":"2023-02-23T16:11:47.067Z"} {"level":"warn","message":"Cannot parse MessageSignedProtocol","source":"server","timestamp":"2023-02-23T16:11:47.090Z"} {"authorized":true,"level":"info","message":"Initialize secure session","origin":"https://myurl.com","session":"334865dc4bbe38ceacd8342d76971f0feaeb434a508b45a99edf3a565550c694","source":"server","timestamp":"2023-02-23T16:11:47.133Z"} {"action":"server/isLoggedIn","level":"info","message":"Run action","session":"334865dc4bbe38ceacd8342d76971f0feaeb434a508b45a99edf3a565550c694","source":"server","timestamp":"2023-02-23T16:11:47.135Z"} {"action":"provider/action/info","level":"info","message":"Run action","session":"334865dc4bbe38ceacd8342d76971f0feaeb434a508b45a99edf3a565550c694","source":"server","timestamp":"2023-02-23T16:11:47.149Z"} {"level":"info","message":"Close window","name":"preferences","source":"windows","timestamp":"2023-02-23T16:14:33.286Z"} {"level":"error","message":"Server event error","source":"server","timestamp":"2023-02-23T16:14:33.840Z"} {"level":"info","message":"Closing open disposable windows","origin":"https://myurl.com:54167","source":"server","timestamp":"2023-02-23T16:14:33.840Z"} {"description":"","event":"close","level":"info","message":"Close session","reasonCode":1005,"remoteAddress":"https://myurl.com:54167","source":"server","timestamp":"2023-02-23T16:14:33.841Z"}**
rossinicolas commented 1 year ago

{"authorized":true,"level":"info","message":"Initialize secure session","origin":"https://tools.fortifyapp.com","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.712Z"} {"action":"server/isLoggedIn","level":"info","message":"Run action","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.714Z"} {"action":"provider/action/info","level":"info","message":"Run action","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.754Z"} {"action":"provider/action/getCrypto","level":"info","message":"Run action","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.787Z"} {"action":"crypto/isLoggedIn","level":"info","message":"Run action","provider":"dd1464a08e1c30e61c399faa2b650b3803650312","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.812Z"} {"crypto":"Windows CryptoAPI","level":"info","message":"crypto/isLoggedIn","source":"server-api","timestamp":"2023-02-24T15:10:49.815Z"} {"action":"provider/action/getCrypto","level":"info","message":"Run action","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.825Z"} {"action":"crypto/isLoggedIn","level":"info","message":"Run action","provider":"a7370eae6951997646c5bfedf8f3df0d8b8b698d","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.837Z"} {"crypto":"NSS Certificate DB","level":"info","message":"crypto/isLoggedIn","source":"server-api","timestamp":"2023-02-24T15:10:49.838Z"} {"action":"provider/action/getCrypto","level":"info","message":"Run action","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.856Z"} {"action":"crypto/isLoggedIn","level":"info","message":"Run action","provider":"a7370eae6951997646c5bfedf8f3df0d8b8b698d","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.868Z"} {"crypto":"NSS Certificate DB","level":"info","message":"crypto/isLoggedIn","source":"server-api","timestamp":"2023-02-24T15:10:49.869Z"} {"action":"provider/action/getCrypto","level":"info","message":"Run action","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.887Z"} {"action":"crypto/isLoggedIn","level":"info","message":"Run action","provider":"dd1464a08e1c30e61c399faa2b650b3803650312","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.901Z"} {"crypto":"Windows CryptoAPI","level":"info","message":"crypto/isLoggedIn","source":"server-api","timestamp":"2023-02-24T15:10:49.902Z"} {"action":"crypto/keyStorage/keys","level":"info","message":"Run action","provider":"dd1464a08e1c30e61c399faa2b650b3803650312","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.913Z"} {"crypto":"Windows CryptoAPI","level":"info","message":"keyStorage/keys","source":"server-api","timestamp":"2023-02-24T15:10:49.915Z"} {"action":"crypto/certificateStorage/keys","level":"info","message":"Run action","provider":"dd1464a08e1c30e61c399faa2b650b3803650312","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.927Z"} {"crypto":"Windows CryptoAPI","level":"info","message":"certStorage/keys","source":"server-api","timestamp":"2023-02-24T15:10:49.929Z"} {"action":"crypto/certificateStorage/getItem","level":"info","message":"Run action","provider":"dd1464a08e1c30e61c399faa2b650b3803650312","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.941Z"} {"crypto":"Windows CryptoAPI","index":"x509-e0be82aa-4e4a25fbc4755ae29f3e4124417552cfd74906a0","level":"info","message":"certStorage/getItem","source":"server-api","timestamp":"2023-02-24T15:10:49.945Z"} {"cert":{"publicKey":{"algorithm":{"hash":"SHA-256","name":"RSASSA-PKCS1-v1_5","sensitive":false,"token":true},"extractable":true,"id":"4e4a25fbc4755ae29f3e4124417552cfd74906a0","type":"public","usages":["encrypt","verify","wrapKey"]},"subjectName":"2.5.4.5=CUIL 20220677797, C=AR, CN=MESSINA Fabricio Raúl","token":true,"type":"x509"},"crypto":"Windows CryptoAPI","level":"info","message":"certStorage/getItem","source":"server-api","timestamp":"2023-02-24T15:10:50.003Z"} {"action":"crypto/certificateStorage/export","level":"info","message":"Run action","provider":"dd1464a08e1c30e61c399faa2b650b3803650312","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:50.021Z"} {"cert":{"publicKey":{"algorithm":{"hash":"SHA-256","name":"RSASSA-PKCS1-v1_5","sensitive":false,"token":true},"extractable":true,"id":"4e4a25fbc4755ae29f3e4124417552cfd74906a0","type":"public","usages":["encrypt","verify","wrapKey"]},"subjectName":"2.5.4.5=CUIL 20220677797, C=AR, CN=MESSINA Fabricio Raúl","token":true,"type":"x509"},"crypto":"Windows CryptoAPI","level":"info","message":"certStorage/exportCert","source":"server-api","timestamp":"2023-02-24T15:10:50.024Z"} {"level":"info","message":"Create window","name":"preferences","source":"windows","timestamp":"2023-02-24T15:10:54.201Z"} {"level":"info","message":"Check for new update","source":"update","timestamp":"2023-02-24T15:10:54.499Z"} {"error":"tunneling socket could not be established, statusCode=407","jwsLink":"https://fortifyapp.com/packages/update.jws","level":"error","message":"JWS GET error","source":"update","stack":"Error: tunneling socket could not be established, statusCode=407\n at ClientRequest.o (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:329:109106)\n at Object.onceWrapper (events.js:422:26)\n at ClientRequest.emit (events.js:315:20)\n at Socket.socketOnData (_http_client.js:547:11)\n at Socket.emit (events.js:315:20)\n at addChunk (internal/streams/readable.js:309:12)\n at readableAddChunk (internal/streams/readable.js:284:9)\n at Socket.Readable.push (internal/streams/readable.js:223:10)\n at TCP.onStreamRead (internal/stream_base_commons.js:188:23)","timestamp":"2023-02-24T15:10:54.549Z"} {"error":"Unable to connect to update server","level":"error","message":"Get info error","source":"update","stack":"UpdateError: Unable to connect to update server\n at h.getJWS (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:103:166108)\n at processTicksAndRejections (internal/process/task_queues.js:93:5)\n at async h.getUpdateInfo (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:103:166199)\n at async h.checkForUpdates (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:103:166603)","timestamp":"2023-02-24T15:10:54.550Z"} {"error":"Unable to connect to update server","level":"error","message":"Update error","source":"update","stack":"UpdateError: Unable to connect to update server\n at h.getJWS (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:103:166108)\n at processTicksAndRejections (internal/process/task_queues.js:93:5)\n at async h.getUpdateInfo (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:103:166199)\n at async h.checkForUpdates (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:103:166603)","timestamp":"2023-02-24T15:10:54.550Z"}

microshine commented 1 year ago

I don't see any logs about PKCS#11 providers. Looks like you took incorrect parts from the log file.

There must be information like this

{"atr":"3bfc1300008131fe15597562696b65794e454f7233e1","level":"info","message":"New token was added to the reader","reader":"Yubico Yubikey NEO OTP+U2F+CCID","source":"pcsc","timestamp":"2023-02-15T13:39:56.821Z"}
{"atr":"3bfc1300008131fe15597562696b65794e454f7233e1","level":"info","message":"Token was added to the reader","name":"Yubico Yubikey NEO OTP+U2F+CCID","reader":"Yubico Yubikey NEO OTP+U2F+CCID","source":"provider","timestamp":"2023-02-15T13:39:58.118Z"}
{"level":"info","library":"/usr/local/lib/libykcs11.dylib","message":"Loading PKCS#11 library","source":"provider","timestamp":"2023-02-15T13:39:58.119Z"}
{"level":"info","message":"Looking for slot","slots":1,"source":"provider","timestamp":"2023-02-15T13:39:59.422Z"}
{"level":"info","message":"Use ConfigTemplateBuilder","source":"provider","timestamp":"2023-02-15T13:40:00.051Z"}
{"cryptokiVersion":{"major":2,"minor":40},"firmwareVersion":{"major":1,"minor":0},"level":"info","library":"/usr/local/lib/libykcs11.dylib","libraryVersion":{"major":2,"minor":30},"manufacturerId":"Yubico (www.yubico.com)","message":"PKCS#11 library information","source":"provider","timestamp":"2023-02-15T13:40:00.052Z"}
{"id":"e96f0bd16bf92e3b4f1f6139ed6bc858bdb70eec6716530e2038c6ea17d4b5aa","level":"info","library":"/usr/local/lib/libykcs11.dylib","message":"Crypto provider was added to the list","name":"Yubico Yubikey NEO OTP+U2F+CCID","reader":"Yubico Yubikey NEO OTP+U2F+CCID","source":"provider","timestamp":"2023-02-15T13:40:00.053Z"}
rossinicolas commented 1 year ago

@microshine that info isn't the second log sended?

microshine commented 1 year ago

No, if you search for the keyword "library", you will see that there are no matches in your logs.