search

cliffdeclerck / eid-applet

Automatically exported from code.google.com/p/eid-applet
Other
0 stars 0 forks source link

Card using SHA256withRSA: failure to validate signed identity #88

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. insert eID where identity is signed using SHA256withRSA algo
2. surf to https://www.e-contract.be/eid-applet-test/sign-identity.jsp

What is the expected output? What do you see instead?

Expect Permission dialog, PIN entry, then "Signature created successfully." 
followed by signature value

Instead: Permission dialog, javax.servlet.ServletException: photo digest 
incorrect (see below)

What version of the product are you using? On what operating system?

eID browser applet version: 1.1.0.RC2
Java version: 1.8.0-ea
Java vendor: Oracle Corporation
OS: Linux
OS version: 3.8.7-1-ARCH
OS arch: amd64

Please provide any additional information below.

eID Applet - Copyright (C) 2008-2012 FedICT.
Released under GNU LGPL version 3.0 license.
More info: http://code.google.com/p/eid-applet/
checking applet privileges...
security manager permission check for java 1.6...
checking web application trust...
running privileged code...
[libj2pcsc.so workaround] Workaround for developer-only libj2pcsc.so on 
GNU/Linux Platforms enabled..
[libj2pcsc.so workaround] pcsclite found. Adjusting 
sun.security.smartcardio.library to [/usr/lib64/libpcsclite.so.1]
eID browser applet version: 1.1.0.RC2
Java version: 1.8.0-ea
Java vendor: Oracle Corporation
OS: Linux
OS version: 3.8.7-1-ARCH
OS arch: amd64
Web application URL: https://www.e-contract.be/eid-applet-test/sign-identity.jsp
Current time: Thu Jun 06 15:24:40 CEST 2013
session cookie detected
sending message: HelloMessage
current protocol state: null
protocol state transition: INIT
SSL handshake finish cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA
response message: SignCertificatesRequestMessage
current protocol state: INIT
protocol state transition: SIGN_CERTS
performing sign certificates retrieval operation...
Detecteren van eID kaart...
Detecteren van eID kaart...
Gelieve uw eID kaart in te steken...
Scanning card terminal: SCM Microsystems Inc. SCR3340 - ExpressCard54 Smart 
Card Reader [CCID Interface] (21220949C01025) 00 00
Scanning card terminal: VASCO DP905v1.1 01 00
eID card detected in card terminal : VASCO DP905v1.1 01 00
Identiteitsgegevens aan het uitlezen...
OK
Identiteitsgegevens aan het uitlezen...
selecting file
read binary
size sign cert file: 1496
selecting file
read binary
size citizen CA cert file: 1558
selecting file
read binary
size root CA cert file: 1426
reading identity file
selecting file
read binary
reading identity sign file
selecting file
read binary
reading address file
selecting file
read binary
reading address sign file
selecting file
read binary
reading photo file
selecting file
read binary
reading NRN certificate file
selecting file
read binary
sending message: SignCertificatesDataMessage
current protocol state: SIGN_CERTS
SSL handshake finish cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA
HTTP response code: 500
<html><head><title>JBoss Web/3.0.0-CR2 - Error report</title><style><!--H1 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-s
ize:22px;} H2 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-s
ize:16px;} H3 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-s
ize:14px;} BODY 
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P 
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px
;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> 
</head><body><h1>HTTP Status 500 - </h1><HR size="1" 
noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> 
<u></u></p><p><b>description</b> <u>The server encountered an internal error () 
that prevented it from fulfilling this request.</u></p><p><b>exception</b> 
<pre>javax.servlet.ServletException: photo digest incorrect
    be.fedict.eid.applet.service.impl.handler.SignCertificatesDataMessageHandler.handleMessage(SignCertificatesDataMessageHandler.java:142)
    be.fedict.eid.applet.service.impl.handler.SignCertificatesDataMessageHandler.handleMessage(SignCertificatesDataMessageHandler.java:65)
    be.fedict.eid.applet.service.AppletServiceServlet.doPost(AppletServiceServlet.java:311)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
    test.be.fedict.eid.applet.LogFilter.doFilter(LogFilter.java:54)
</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available 
in the JBoss Web/3.0.0-CR2 logs.</u></p><HR size="1" 
noshade="noshade"><h3>JBoss Web/3.0.0-CR2</h3></body></html>
error: error sending message to service. HTTP status code: 500
error type: java.io.IOException
at be.fedict.eid.applet.Controller.sendMessage:193
at be.fedict.eid.applet.Controller.run:329
at be.fedict.eid.applet.Applet$AppletThread$1.run:602
at java.security.AccessController.doPrivileged:-2
at be.fedict.eid.applet.Applet$AppletThread.run:597
at java.lang.Thread.run:-1
Algemene fout.

Original issue reported on code.google.com by fr4...@gmail.com on 6 Jun 2013 at 1:52

GoogleCodeExporter commented 9 years ago 
http://code.google.com/p/eid-applet/source/detail?r=777

Original comment by frank.co...@gmail.com on 31 Jul 2013 at 10:37