search

open-eid / firefox-pkcs11-loader

DEPRECATED This package provides a helper script for Firefox that sets up the browser for authentication with Estonian ID-card
GNU Lesser General Public License v2.1
29 stars 7 forks source link

PKCS11 loader Add-on is not enabled. #40

Closed dovydasgulbinas closed 1 week ago

dovydasgulbinas commented 11 months ago

Hello I followed all the instructions for using Lithuanian SmartID cards and executed the installation script https://www.id.ee/en/plugins/.

I am able to read ID card information on my host machine, but the browser extension seems to be not enabled (see screenshot below)

image

OS: Kubuntu 22.04.3 LTS x86_64 Host: Latitude 7490 Browser: Firefox 120.0 (64bit), non-snap, Debian package

rkoosaar commented 9 months ago

I have the same problem.

kaiwa commented 3 months ago

Same. I try to get the fedora open-eid package running. I have inspected the extension:

14:08:51.728 module is not installed: idemiaawppkcs11 background.js:41:17 14:08:51.756 Unable to load module: Error: An unexpected error occurred background.js:34:15 load moz-extension://d139bc19-0508-43ec-8d36-26508813ea3d/background.js:34

This extension suffers from the windows methodology to hide any useful error messages :)

Anyway, not sure if its the same reason it is not working for you. And I don't know how to fix it yet :)

kaiwa commented 3 months ago

/usr/lib64/mozilla/pkcs11-modules/idemiaawppkcs11.json

{
  "name": "idemiaawppkcs11",
  "description": "IDEMIA AWP PKCS#11 Module",
  "type": "pkcs11",
  "path": "/usr/local/AWP/lib/libOcsPKCS11Wrapper.so",
  "allowed_extensions": ["{02274e0c-d135-45f0-8a9c-32b35110e10d}"]
}
file /usr/local/AWP/lib/libOcsPKCS11Wrapper.so
/usr/local/AWP/lib/libOcsPKCS11Wrapper.so: cannot open `/usr/local/AWP/lib/libOcsPKCS11Wrapper.so' (No such file or directory)

I cannot find any package providing that libOcsPKCS11Wrapper.so

metsma commented 3 months ago

Same. I try to get the fedora open-eid package running. I have inspected the extension:

14:08:51.728 module is not installed: idemiaawppkcs11 background.js:41:17 14:08:51.756 Unable to load module: Error: An unexpected error occurred background.js:34:15 load moz-extension://d139bc19-0508-43ec-8d36-26508813ea3d/background.js:34

This extension suffers from the windows methodology to hide any useful error messages :)

extension reports all errors that are available. It is the firefox that hides errors

Anyway, not sure if its the same reason it is not working for you. And I don't know how to fix it yet :)

Do you have installed the package system ? The extension does not work standalone.

metsma commented 3 months ago

/usr/lib64/mozilla/pkcs11-modules/idemiaawppkcs11.json

{
  "name": "idemiaawppkcs11",
  "description": "IDEMIA AWP PKCS#11 Module",
  "type": "pkcs11",
  "path": "/usr/local/AWP/lib/libOcsPKCS11Wrapper.so",
  "allowed_extensions": ["{02274e0c-d135-45f0-8a9c-32b35110e10d}"]
}
file /usr/local/AWP/lib/libOcsPKCS11Wrapper.so
/usr/local/AWP/lib/libOcsPKCS11Wrapper.so: cannot open `/usr/local/AWP/lib/libOcsPKCS11Wrapper.so' (No such file or directory)

I cannot find any package providing that libOcsPKCS11Wrapper.so

Ignore the idemia. It is obsolete and actualy the whole extension is obsolete. OpenSC contains own pkcs11 register service for module

kaiwa commented 3 months ago

Ah yes, I read the debugging message wrong. The error occurs while loading this one onepinopenscpkcs11, the other message is just informational. Mhh, need to check why it cannot find that one.

Do you have installed the package system

yes, there's an open-eid fedora package which I am trying to get running

kaiwa commented 3 months ago

This extension suffers from the windows methodology to hide any useful error messages :)

extension reports all errors that are available. It is the firefox that hides errors

Ok, it reports it, but not to the user :) I guess the extension would need to catch its exceptions and provide some kind of UI notification, even if it would be just an window.alert()

kaiwa commented 3 months ago

I checked the other lib and it is actually available where the add on seems to expect it

➜ cat /usr/lib64/mozilla/pkcs11-modules/onepinopenscpkcs11.json
{
  "name": "onepinopenscpkcs11",
  "description": "OpenSC PKCS#11 Module",
  "type": "pkcs11",
  "path": "/usr/lib64/pkcs11/onepin-opensc-pkcs11.so",
  "allowed_extensions": ["{02274e0c-d135-45f0-8a9c-32b35110e10d}"]
}
➜ file /usr/lib64/pkcs11/onepin-opensc-pkcs11.so            
/usr/lib64/pkcs11/onepin-opensc-pkcs11.so: symbolic link to ../onepin-opensc-pkcs11.so
➜  file /usr/lib64/onepin-opensc-pkcs11.so       
/usr/lib64/onepin-opensc-pkcs11.so: symbolic link to opensc-pkcs11.so
➜  file /usr/lib64/opensc-pkcs11.so       
/usr/lib64/opensc-pkcs11.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c8f10e211e4aa4fd96470fe9f123994e65d66eb2, stripped

Don't know why it fails to load

kaiwa commented 3 months ago

This extension suffers from the windows methodology to hide any useful error messages :)

extension reports all errors that are available. It is the firefox that hides errors

Ok, it reports it, but not to the user :) I guess the extension would need to catch its exceptions and provide some kind of UI notification, even if it would be just an window.alert()

Update: Ok you were right with firefox hiding the error, at least for any low level information. The exception occurred when the extension tries to install the onepinopenscpkcs11 module. I found the reason for this, there was an pkcs-proxy (or something like that) cryptographic module loaded, which was accessing the same card. After I have unloaded that module, the extension is now able to install the onepinopenscpkcs11 module. It shows the correct card data and I can log in using the PIN (using the firefox settings dialog here). Unfortunately, eesti.ee still does not recognize the card. Need to investigate further.

Bildschirmfoto vom 2024-07-11 19-22-38

image

kaiwa commented 3 months ago

Wohoo, working now (almost). I missed to install the Web eID addon + web-eid package. Now I have the PIN dialogue, looks fine. I get an another authentication error, but I guess that's out of scope and only because the card is not activated yet.

Raflos10 commented 3 months ago

I had this issue on arch linux because I was missing the manifest files. I got the two files "idemiaawppkcs11.json" and "onepinopenscpkcs11.json" from the root of this repo and put them into "~/.mozilla/pkcs11-modules/", then the extension worked.

Raflos10 commented 3 months ago

Also, for anyone else on Arch: I had to install the web-eid-native and web-eid-firefox packages from AUR.

kristelmerilain commented 1 week ago

Thank you for the feedback. I will close this issue since the active development and management of the Firefox PKCS11 Loader component has ended due to the transition to the OpenSC pkcs11-register tool.