search

open-eid / firefox-pkcs11-loader

DEPRECATED This package provides a helper script for Firefox that sets up the browser for authentication with Estonian ID-card
GNU Lesser General Public License v2.1
29 stars 7 forks source link

Verbose Debug Log Messages #36

Closed maltfield closed 2 years ago

maltfield commented 2 years ago

Feature request:

  1. Allow the user to enable verbose debug logging
  2. Update this project's documentation describing how the user can enable and view the extension's debug log messages

Problem

Problem: There is currently no way (at least that's easy to find) to enable verbose debug logging so that a user can figure out what failed when this extension doesn't work as expected.

I needed to sign a document today (PIN2) on an Estonian government website, but it failed. I got a very unhelpful error message displayed in the browser:

Signing failed. Please make sure the ID-card software is installed and updated and web browsers are configured correctly. Further guidance

I'm 100% sure that the ID software is installed and my smartcard is recognized by my browser (and this extension) because I used it to sign-into the portal (PIN1). I tried it again in another tab and confirmed that, yes, it's still connected and working (again PIN1).

I tried to sign the document again (PIN2), and got the same unhelpful message in the browser.

I checked the browser's debugging console, but nothing was there. I checked the network tab, and all requests were 200.

I tried downloading the document and opening it for signing locally in qdigidoc4, and when I tried to sign the doc, I got a dreaded Segmentation Fault

Is this extension failing for the same reason? Is it also caused by a segfault? Or is it some backend API failing because of the segfault? I have no idea because I cannot view any log messages to see what is going on under the hood.

Solution

This tool needs a way for the user to be able to enable and view very, very detailed debug log messages so that they can pinpoint issues and submit bug reports or pull requests.

metsma commented 2 years ago

This extension has nothing to do with signing. Its only purpose is to configure PKCS11 module for Firefox authentication on linux.

mrts commented 2 years ago

Hi @maltfield! Thanks for the report! Do you have time for quick video call to investigate the issue?

maltfield commented 2 years ago

@mrts unfortunately my internet connection is not very good. Is there any way I can force the plugin to dump some error logs so that I can provide the info you'd need?

maltfield commented 2 years ago

@metsma I'm a bit confused. Could there be anything else installed in firefox that handles the signing?

I checked about:addons and I only see 1 extension = PKCS11 loader (and whoose Homepage links to this repo).

I also have these web-eid and web-eid-firefox extensions installed

user@estonia:~$ sudo dpkg -l | grep -Ei 'eid|firefox'
ii  firefox-esr                           91.11.0esr-1~deb10u1                    amd64        Mozilla Firefox web browser - Extended Support Release (ESR)
ii  firefox-pkcs11-loader                 3.13.6.1084-1804                        all          Firefox PKCS#11 module loader
ii  open-eid                              22.6.0.1926-1804                        all          This is eID Software metapackage
ii  web-eid                               2.0.0.552-1804                          all          Web eID application suite (metapackage)
ii  web-eid-chrome                        2.0.2.565-1804                          all          Web eID browser extension for Chrome
ii  web-eid-firefox                       2.0.2.565-1804                          all          Web eID browser extension for Firefox
ii  web-eid-native                        2.0.2.565-1804                          amd64        Web eID browser extension helper application
user@estonia:~$

...but, again, they don't show-up under about:addons in Firefox. Is it possible that extensions are installed but not shown to the user in about:addons? If so, that should probably change because users wanting to file bug reports will end-up here (it's how I got here)

metsma commented 2 years ago

There should be web-eid extension also installed. Web-eid-firefox package is installed, which should handle this. Maybe firefox-esr has different paths and settings? We need verify that.

maltfield commented 2 years ago

Is the web-eid extension a requirement in order to authenticate (PIN1) into a website? Because that works fine for me.

Also, I noticed that about:addons does not list all of the web browser's installed extensions. There's some hidden system extensions that are listed in the "Add-ons" section of about:support

Anyway, I checked about:support and there's no mention of web-eid (but PKCS11 loader is there). However, I do have these files installed on my system

user@estonia:~/.mozilla/firefox$ dpkg-query -L web-eid
/.
/usr
/usr/share
/usr/share/doc
/usr/share/doc/web-eid
/usr/share/doc/web-eid/changelog.Debian.gz
/usr/share/doc/web-eid/copyright
user@estonia:~/.mozilla/firefox$ 

user@estonia:~/.mozilla/firefox$ dpkg-query -L web-eid-native
/.
/usr
/usr/bin
/usr/bin/web-eid
/usr/share
/usr/share/applications
/usr/share/applications/web-eid.desktop
/usr/share/doc
/usr/share/doc/web-eid-native
/usr/share/doc/web-eid-native/changelog.Debian.gz
/usr/share/doc/web-eid-native/copyright
/usr/share/icons
/usr/share/icons/hicolor
/usr/share/icons/hicolor/128x128
/usr/share/icons/hicolor/128x128/apps
/usr/share/icons/hicolor/128x128/apps/web-eid.png
/usr/share/icons/hicolor/16x16
/usr/share/icons/hicolor/16x16/apps
/usr/share/icons/hicolor/16x16/apps/web-eid.png
/usr/share/icons/hicolor/256x256
/usr/share/icons/hicolor/256x256/apps
/usr/share/icons/hicolor/256x256/apps/web-eid.png
/usr/share/icons/hicolor/32x32
/usr/share/icons/hicolor/32x32/apps
/usr/share/icons/hicolor/32x32/apps/web-eid.png
/usr/share/icons/hicolor/512x512
/usr/share/icons/hicolor/512x512/apps
/usr/share/icons/hicolor/512x512/apps/web-eid.png
user@estonia:~/.mozilla/firefox$ 

user@estonia:~/.mozilla/firefox$ dpkg-query -L web-eid-firefox
/.
/usr
/usr/lib
/usr/lib/mozilla
/usr/lib/mozilla/native-messaging-hosts
/usr/lib/mozilla/native-messaging-hosts/eu.webeid.json
/usr/share
/usr/share/doc
/usr/share/doc/web-eid-firefox
/usr/share/doc/web-eid-firefox/changelog.Debian.gz
/usr/share/doc/web-eid-firefox/copyright
user@estonia:~/.mozilla/firefox$

Maybe firefox-esr has different paths and settings? We need verify that.

The firefox-esr may be a red herring. There is no package named firefox in Debian (only firefox-esr).

Update: The path does appear to be correct as documented by Mozilla here:

maltfield commented 2 years ago

See also https://github.com/web-eid/web-eid-app/issues/214

metsma commented 2 years ago

There is also script that adjust FF enterprice policy that instructs to install extension to browser from add-on store https://github.com/web-eid/web-eid-app/blob/main/debian/web-eid-firefox.postinst

kristelmerilain commented 2 years ago

Thank you for the feedback! I will close this issue since it has nothing to do with PKCS11 and this issue has now resolved in Web eID project.