search

roelderickx / connective-plugin-linux

A replacement for the Connective Plugin which is used on several websites to log in or sign documents using a card reader and an electronic identity card.
GNU General Public License v3.0
36 stars 2 forks source link

current connective-backend.py no longer works with itsme.be #10

Closed ghpille closed 2 years ago

ghpille commented 2 years ago

The very informative "An unspecified error occured" (can't even get their error messages correct) when trying to register. The older version I had (both report binversion 2.0.9) still gets further, but fails when trying to sign (this is the first time I try to sign).

Object { code: 99, message: "An unspecified error occured", stack: "t@https://bmid-id.connective.eu/resources/bundle-legacy.js:9:143\n_.prototype.getErrorForResponse@https://bmid-id.connective.eu/resources/bundle-legacy.js:20:1963\nn.prototype.readFile/</<@https://bmid-id.connective.eu/resources/bundle-legacy.js:22:1225\nn.prototype.processMessage/<@https://bmid-id.connective.eu/resources/bundle-legacy.js:2:4912\n", e: {�~@�} } bundle.js:6:287253

ghpille commented 2 years ago

The above error was caused by UBlock Origin - probably because it was blocking googletagmanager. After disabling UBlock Origin, I can continue up to the signing error.

ghpille commented 2 years ago

The error when signing (what's shown in the console of Firefox ESR):

Uncaught (in promise) TypeError: t is undefined
    loadTemplate https://bmid-esigner-prod.connective.eu/esig/signer/bundle-029a2d3.js:8
    value https://bmid-esigner-prod.connective.eu/esig/signer/bundle-029a2d3.js:286
bundle-029a2d3.js:8:42801
error
Object { code: 99, message: "An unspecified error occured", stack: "t@https://bmid-esigner-prod.connective.eu/esig/signer/resources/legacy-wrapper.min.js:9:143\n_.prototype.getErrorForResponse@https://bmid-esigner-prod.connective.eu/esig/signer/resources/legacy-wrapper.min.js:20:1963\nn.prototype.isPinPadReader/</<@https://bmid-esigner-prod.connective.eu/esig/signer/resources/legacy-wrapper.min.js:22:574\nn.prototype.processMessage/<@https://bmid-esigner-prod.connective.eu/esig/signer/resources/legacy-wrapper.min.js:2:4912\n", e: {�~@�} }
bundle-029a2d3.js:286:924228
Error in parsing value for �~@~Xtext-decoration�~@~Y.  Declaration dropped. app-029a2d3.css:2383:22
Unknown pseudo-class or pseudo-element �~@~X-ms-input-placeholder�~@~Y.  Ruleset ignored due to bad selector. app-029a2d3.css:2798:57
roelderickx commented 2 years ago

Interesting to know that Ublock Can you provide the relevant output of the browser console (ctrl-shift-J) while signing the document? I assume the last command is COMPUTE_SIGNATURE? Does this message work when you try it with test/protocoltest.html? There may be an issue with newer identity cards, I can't test this. What card version does the browser log indicate? (it is either 17 or 18)

ghpille commented 2 years ago

On 27/01/2022 15:55, Roel Derickx wrote:

Interesting to know that Ublock Can you provide the relevant output of the browser console (ctrl-shift-J) while signing the document? I assume the last command is COMPUTE_SIGNATURE? Does this message work when you try it with test/protocoltest.html? There may be an issue with newer identity cards, I can't test this. What card version does the browser log indicate? (it is either 17 or 18)

Currently, I can't even get registration to start. UBlock disabled, Content Blocking standard.

stderr output from native app com.connective.signer: IN {"cmd":"GET_INFO","isRequest":true} stderr output from native app com.connective.signer: OUT {"version": "2.0.2", "binVersion": "2.0.9"} stderr output from native app com.connective.signer: IN {"cmd":"GET_READERS","activationToken":"n4EqrXf4cpiwNa4lGeaNtCamNhD4KFCBE3tm5of6dGrn5k+44wHMiqj46PkwPAY43lT6aX+QBBtgN5MwodJSLWUMCiSW5ezuBRG0G/OSG24S66Qiu8kYdDG13598VwAYF14aigXsetx4varfHr/S6tTW+fbbJwGqOLkPmgR3BLlmvUr5SgVtBXyb1d6n8DpeMAPeKHhn5cCJ3dVAV430lt2Ht6v/rGtCnCqVD+uZ3cE7ALdNGAEHx7AjVzO8YGKAehk6Vyk1kBuBLDoxD1pbNZdarQFL3YkC4PyZd8pkP65ISv1FF9KlMZG9B1KyIYHplrXiPIxr4Xe2rpz0+XJIGw==","isRequest":true} stderr output from native app com.connective.signer: Card applet version: 17 stderr output from native app com.connective.signer: Card 0x6C delay required: 0 ms stderr output from native app com.connective.signer: OUT {"readerList": [{"index": 0, "library": "cardcomm", "name": "ACS APG8201 USB Reader 00 00", "atr": "3B9813400AA503010101AD1311", "cardPresent": true, "cardType": 1}]} stderr output from native app com.connective.signer: IN {"cmd":"READ_FILE","reader":"ACS APG8201 USB Reader 00 00","fileId":"3F00DF014031","activationToken":"n4EqrXf4cpiwNa4lGeaNtCamNhD4KFCBE3tm5of6dGrn5k+44wHMiqj46PkwPAY43lT6aX+QBBtgN5MwodJSLWUMCiSW5ezuBRG0G/OSG24S66Qiu8kYdDG13598VwAYF14aigXsetx4varfHr/S6tTW+fbbJwGqOLkPmgR3BLlmvUr5SgVtBXyb1d6n8DpeMAPeKHhn5cCJ3dVAV430lt2Ht6v/rGtCnCqVD+uZ3cE7ALdNGAEHx7AjVzO8YGKAehk6Vyk1kBuBLDoxD1pbNZdarQFL3YkC4PyZd8pkP65ISv1FF9KlMZG9B1KyIYHplrXiPIxr4Xe2rpz0+XJIGw==","isRequest":true} stderr output from native app com.connective.signer: Card applet version: 17 stderr output from native app com.connective.signer: Card 0x6C delay required: 0 ms stderr output from native app com.connective.signer: 'BeIdCard' object has no attribute '_BaseCard__6c_delay' stderr output from native app com.connective.signer: OUT {"error": {"code": 99, "id": 99, "message": "No request received after 10 seconds"}}

I must say that I had a try with Firefox 96 in the mean time. Perhaps that ruined my profile. I took a backup before, I'll restore that and have another try.

roelderickx commented 2 years ago

The message _'BeIdCard' object has no attribute '_BaseCard__6cdelay' does give a clue. I'll look into it.

roelderickx commented 2 years ago

I pushed a change, without testing though. I hope it works.

ghpille commented 2 years ago

On 27/01/2022 16:47, Roel Derickx wrote:

I pushed a change, without testing though. I hope it works.

Getting further, but now a completely different problem: The website asks me to sign, TK window opens asking for a signature, I hit OK and the cardreader beeps, asking for my PIN. I enter my PIN, hit OK, on the cardreader screen there appears "hash sign with the start of the signature", but the TK window doesn't close. After a while, the website reports "Er ging iets fout" (Something went wrong).

I don't have this problem with the test page "compute_authentication", but I do with "Compute_signature".

ghpille commented 2 years ago

On 27/01/2022 16:47, Roel Derickx wrote:

I pushed a change, without testing though. I hope it works.

BINGO! I have to hit OK twice on the card reader.

roelderickx commented 2 years ago

In that case I assume VERIFY_PIN is called first, you have to authenticate but you are de-authenticated again at the end of the call. Next command is COMPUTE_SIGNATURE which will ask to authenticate again. I noticed the Connective application never logs off and for most commands it doesn't start selecting the applet. It is stateless but used in a stateful way, rather shady if you ask me. Anyway, if hitting the ok button twice is the only side effect I can live with it. I need to document that though.