search

open-eid / qdigidoc

DEPRECATED DigiDoc3 Client is a program that can be used to sign digitally with ID-card and Mobile-ID, check the validity of digital signatures and open and save documents inside the signature container.
http://installer.id.ee
GNU Lesser General Public License v2.1
25 stars 7 forks source link

[3.13.4] Failed to sign container #126

Closed Germano0 closed 6 years ago

Germano0 commented 6 years ago

Everytime I try to sign a document, I obtain error message

ASiC_E.cpp:348 Failed to sign BDOC container.
QSigner.cpp:448 Failed to sign document

qdigidoc-client diagnostic

Locale: Italian / it_IT.UTF-8

Application version: 3.13.4.0 (64 bit)
OS: "Fedora release 27 (Twenty Seven)"
Kernel: Linux 4.13.15-300.fc27.x86_64 #1 SMP Tue Nov 21 21:10:22 UTC 2017 x86_64

Libraries:
qdigidoc (3.13.4)
qesteidutil (3.12.10)
openssl (1.1.0g)
pcsc-lite (1.8.22)
opensc (0.17.0)
QT (5.9.2)

Arguments: /usr/bin/qdigidocclient
Library paths: /usr/lib64/qt5/plugins;/usr/bin
URLs:
CONFIG_URL: https://id.eesti.ee/config.json
TSL_URL: https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml
SIVA_URL: https://siva.eesti.ee/validate

TSL signing certs:
(SIGN) AGNIESZKA BAJNO
Philippe Jean Renaud Schneider
Pierre Damas (Signature)
Maarten Ottoy (Signature)
Jean-Marc Verbergt (Signature)
Maarten Joris Ottoy

Central Configuration:
DATE: 20171124102215Z
SERIAL: 47
URL: https://id.eesti.ee/config.json
VER: 1

Smart Card service status: Running
Smart Card readers:
ACS ACR 38U-CCID 00 00 max APDU size 65536
Reader state: PRESENT, INUSE
ATR cold - *removed by me*
ATR warm - *removed by me*
ID - *removed by me*

gdb backtrace

$ gdb qdigidocclient 
GNU gdb (GDB) Fedora 8.0.1-30.fc27
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from qdigidocclient...Reading symbols from /usr/lib/debug/usr/bin/qdigidocclient-3.13.4-1.fc27.x86_64.debug...done.
done.
(gdb) run
Starting program: /usr/bin/qdigidocclient 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffe0495700 (LWP 7789)]
[New Thread 0x7fffd13c3700 (LWP 7790)]
Detaching after fork from child process 7794.
[New Thread 0x7fffc80b1700 (LWP 7815)]
[New Thread 0x7fffc7210700 (LWP 7816)]
QObject: Cannot create children for a parent that is in a different thread.
(Parent is QSigner(0x555555b043c0), parent's thread is QThread(0x5555559139c0), current thread is QSigner(0x555555b043c0)
Loading: "opensc-pkcs11.so"
Detaching after fork from child process 7817.
[New Thread 0x7fffc6412700 (LWP 7841)]
DEBUG [Connect.cpp:53] - Connecting to URL: https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.sha2
DEBUG [Connect.cpp:75] - Connecting to Host: ec.europa.eu:443
[New Thread 0x7fffb2fa7700 (LWP 7846)]
[New Thread 0x7fffaa7a6700 (LWP 7847)]
[New Thread 0x7fffb27a6700 (LWP 7848)]
[New Thread 0x7fffb1fa5700 (LWP 7849)]
[New Thread 0x7fffb17a4700 (LWP 7850)]
[New Thread 0x7fffb0fa3700 (LWP 7851)]
[New Thread 0x7fffabfff700 (LWP 7852)]
DEBUG [Connect.cpp:53] - Connecting to URL: https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml
DEBUG [Connect.cpp:75] - Connecting to Host: ec.europa.eu:443
"OPENSC PROJECT                   (2.20)" 
"OPENSC SMARTCARD FRAMEWORK       (0.17)" 
Flags: 0
DEBUG [TSL.cpp:549] - Last modified: Thu, 30 Nov 2017 10:26:47 GMT
WARN [TSL.cpp:581] - Failed to parse TSL last modified date: Invalid HTTP Full Date format: 'Thu, 30 Nov 2017 10:26:47 GMT'
DEBUG [TSL.cpp:246] - TSL tl-mp.xml signature is valid
[New Thread 0x7fffab284700 (LWP 7855)]
DEBUG [Connect.cpp:53] - Connecting to URL: https://sr.riik.ee/tsl/estonian-tsl.sha2
DEBUG [Connect.cpp:75] - Connecting to Host: sr.riik.ee:443
DEBUG [TSL.cpp:246] - TSL EE.xml signature is valid
[Thread 0x7fffab284700 (LWP 7855) exited]
INFO [X509CertStore.cpp:84] - Loaded 42 certificates into TSL certificate store.
[Thread 0x7fffc6412700 (LWP 7841) exited]
[New Thread 0x7fffc6412700 (LWP 7858)]
[Thread 0x7fffc6412700 (LWP 7858) exited]
QObject::connect: invalid null parameter
[New Thread 0x7fffc6412700 (LWP 7861)]
[Thread 0x7fffc6412700 (LWP 7861) exited]
[New Thread 0x7fffc6412700 (LWP 7862)]
[Thread 0x7fffc6412700 (LWP 7862) exited]
[New Thread 0x7fffc6412700 (LWP 7863)]
[New Thread 0x7fffab284700 (LWP 7864)]
[New Thread 0x7fff69d9d700 (LWP 7865)]
[New Thread 0x7fff6959c700 (LWP 7866)]
[New Thread 0x7fff68b8e700 (LWP 7867)]
[New Thread 0x7fff5bfff700 (LWP 7868)]
[New Thread 0x7fff5b7fe700 (LWP 7869)]
[New Thread 0x7fff5affd700 (LWP 7870)]
[Thread 0x7fffc6412700 (LWP 7863) exited]
[Thread 0x7fff5b7fe700 (LWP 7869) exited]
[Thread 0x7fff5bfff700 (LWP 7868) exited]
[Thread 0x7fff68b8e700 (LWP 7867) exited]
[Thread 0x7fff6959c700 (LWP 7866) exited]
[Thread 0x7fff69d9d700 (LWP 7865) exited]
[Thread 0x7fffab284700 (LWP 7864) exited]
[New Thread 0x7fff69d9d700 (LWP 7874)]
[New Thread 0x7fffab284700 (LWP 7875)]
DEBUG [SignatureXAdES_B.cpp:458] - SignatureXAdES_B::validate(POLv2)
DEBUG [SignatureXAdES_B.cpp:765] - Digest { *removed by me* }:32
[Thread 0x7fff5affd700 (LWP 7870) exited]
[Thread 0x7fffab284700 (LWP 7875) exited]
[Thread 0x7fff69d9d700 (LWP 7874) exited]
Detaching after fork from child process 7901.
Detaching after fork from child process 7902.
Detaching after fork from child process 7903.
Detaching after fork from child process 7904.
Detaching after fork from child process 7905.
Detaching after fork from child process 7906.
Detaching after fork from child process 7907.
Detaching after fork from child process 7908.
[New Thread 0x7fff69d9d700 (LWP 7909)]
Detaching after fork from child process 7910.
Detaching after fork from child process 7911.
Detaching after fork from child process 7912.
Detaching after fork from child process 7933.
Detaching after fork from child process 7934.
Detaching after fork from child process 7935.
Detaching after fork from child process 7936.
Detaching after fork from child process 7937.
Detaching after fork from child process 7938.
Detaching after fork from child process 7939.
Detaching after fork from child process 7940.
Detaching after fork from child process 7941.
Detaching after fork from child process 7942.
Detaching after fork from child process 7943.
Detaching after fork from child process 7944.
Detaching after fork from child process 7945.
Detaching after fork from child process 7946.
Detaching after fork from child process 7947.
Detaching after fork from child process 7948.
Detaching after fork from child process 7949.
Detaching after fork from child process 7950.
Detaching after fork from child process 7951.
Detaching after fork from child process 7952.
Detaching after fork from child process 7953.
Detaching after fork from child process 7954.
Detaching after fork from child process 7955.
Detaching after fork from child process 7956.
Detaching after fork from child process 7959.
Detaching after fork from child process 7960.
Detaching after fork from child process 7961.
Detaching after fork from child process 7962.
Detaching after fork from child process 7963.
Detaching after fork from child process 7964.
Detaching after fork from child process 7965.
Detaching after fork from child process 7966.
Detaching after fork from child process 7967.
[Thread 0x7fff69d9d700 (LWP 7909) exited]

Note: Qt libraries on Fedora 27 have been compiled against OpenSSL 1.1

metsma commented 6 years ago

Is this updated card? And if it is, does OpenSC have patches https://github.com/metsma/OpenSC/compare/0.17.0...0.17-esteid

Germano0 commented 6 years ago

1) The card has been updated on another operating system 2) No, OpenSC did not have patch https://github.com/metsma/OpenSC/compare/0.17.0...0.17-esteid I applied the patch and it solved the problem.

Will the patch be included in OpenSC upstream package?

metsma commented 6 years ago

Patches are in master branch, dont know when 0.18.0 will be released

superseacat commented 6 years ago

same issue on Ubuntu 16.04. Built both clients (DigiDocClient3 and 4 from github sources) - signing still fails with the same infamous: ASiC_E.cpp:348 Failed to sign BDOC container. QSigner.cpp:482 Failed to sign document does it mean that patch has not made it's way yet?

Germano0 commented 6 years ago

@nikolaidenissov ask Ubuntu opensc maintainer

metsma commented 6 years ago

You must use patched opensc https://installer.id.ee/media/ubuntu/pool/main/o/opensc/