Closed mcmate closed 1 month ago
roelderickx
commented
6 months ago I am not sure which extension you need for the site you are trying to log in with your eid, it can be either the Connective Browser Plugin or Connective SignId. This repository is a replacement for the Connective Browser Plugin, not for Connective SignId which you are trying to install. It probably works similar but I currently don't have the time to investigate it.
mcmate
commented
6 months ago But how do you install the connective_signing_extension-1.0.5.xpi of your repository? When I open it with Google Chrome, it does not do more but download the same file. And when trying to add it via Foxified, it complains with some errors. Thank you in advance.
On Wed, 24 Jan 2024, 22:17 Roel Derickx, @.***> wrote:
I am not sure which extension you need for the site you are trying to log in with your eid, it can be either the Connective Browser Plugin or Connective SignId. This repository is a replacement for the Connective Browser Plugin, not for Connective SignId which you are trying to install. It probably works similar but I currently don't have the time to investigate it.
— Reply to this email directly, view it on GitHub https://github.com/roelderickx/connective-plugin-linux/issues/18#issuecomment-1908930761, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGMMRXGTTSODCYKABMKSPFDYQF25BAVCNFSM6AAAAABCJGZ4FKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBYHEZTANZWGE . You are receiving this because you modified the open/close state.Message ID: @.***>
roelderickx
commented
6 months ago Ok I see, in contrast to Firefox it is not possible to install xpi files in Chrome, unless you use the developer-mode workaround but then there are errors. So I think the 1.0.6 version form the chrome web store is the one you'll need, I am able to install this extension without errors. But you seem to suggest there are errors while using the plugin then, I should look into the way it communicates with the backend. I'll revert to you when I have more information.
roelderickx
commented
6 months ago Question: do you use chrome or chromium? There seems to be a difference as to where the native messaging manifest must be installed. I'll have to add chromium to the nativemessaging-ng module anyway, I'll do that right away and release a new version.
mcmate
commented
6 months ago Chrome.
On Thu, 25 Jan 2024, 18:23 Roel Derickx, @.***> wrote:
Question: do you use chrome or chromium? There seems to be a difference as to where the native messaging manifest must be installed. I'll have to add chromium to the nativemessaging-ng module anyway, I'll do that right away and release a new version.
— Reply to this email directly, view it on GitHub https://github.com/roelderickx/connective-plugin-linux/issues/18#issuecomment-1910662304, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGMMRXETQNYEKC5TMYM3QYTYQKIINAVCNFSM6AAAAABCJGZ4FKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJQGY3DEMZQGQ . You are receiving this because you modified the open/close state.Message ID: @.***>
mcmate
commented
6 months ago Thank you in advance.
On Thu, 25 Jan 2024, 17:26 Roel Derickx, @.***> wrote:
Ok I see, in contrast to Firefox it is not possible to install xpi files in Chrome, unless you use the developer-mode workaround but then there are errors. So I think the 1.0.6 version form the chrome web store is the one you'll need, I am able to install this extension without errors. But you seem to suggest there are errors while using the plugin then, I should look into the way it communicates with the backend. I'll revert to you when I have more information.
— Reply to this email directly, view it on GitHub https://github.com/roelderickx/connective-plugin-linux/issues/18#issuecomment-1910554601, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGMMRXCY6ZBEHZ47C7QMJULYQKBUPAVCNFSM6AAAAABCJGZ4FKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJQGU2TINRQGE . You are receiving this because you modified the open/close state.Message ID: @.***>
roelderickx
commented
6 months ago On the Linux distro I work with Chrome is not available, I installed ubuntu on an old laptop and installed Chrome.
I can confirm the Connective signing extension 1.0.6 you mentioned is the right extension to install. I was also able to install the native messaging backend with the command nativemessaging-install install chrome and I can confirm the whole setup works for me.
However, I think you installed Chrome using a snap package, which is the suggested way to install software in ubuntu. The browser is then sandboxed, which is generally good from a security perspective since external applications cannot be executed, but that doesn't allow us to start the connective backend process either.
Work is ongoing to support native messaging in sandboxed browsers, see https://github.com/flatpak/xdg-desktop-portal/issues/655. Meanwhile I suggest installing Chrome by downloading manually from the Google Chrome website and then install the package using the command sudo dpkg -i google-chrome-stable_current_amd64.deb.
mcmate
commented
6 months ago In fact, I did install Chrome by downloading manually from the Google Chrome website and followed the same procedure for the installation of the plugin with no success as I described.
El sáb, 27 ene 2024 a las 11:16, Roel Derickx @.***>) escribió:
On the Linux distro I work with Chrome is not available, I installed ubuntu on an old laptop and installed Chrome.
I can confirm the Connective signing extension 1.0.6 https://chromewebstore.google.com/detail/connective-signing-extens/kclpjmhngbacampgcdojmiedamjbgjjm?utm_source=chrome-app-launcher-info-dialog you mentioned is the right extension to install. I was also able to install the native messaging backend with the command nativemessaging-install install chrome and I can confirm the whole setup works for me.
However, I think you installed Chrome using a snap package, which is the suggested way to install software in ubuntu. The browser is then sandboxed, which is generally good from a security perspective since external applications cannot be executed, but that doesn't allow us to start the connective backend process either.
Work is ongoing to support native messaging in sandboxed browsers, see flatpak/xdg-desktop-portal#655 https://github.com/flatpak/xdg-desktop-portal/issues/655. Meanwhile I suggest installing Chrome by downloading manually from the Google Chrome website https://www.google.com/chrome/ and then install the package using the command sudo dpkg -i google-chrome-stable_current_amd64.deb.
— Reply to this email directly, view it on GitHub https://github.com/roelderickx/connective-plugin-linux/issues/18#issuecomment-1913106275, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGMMRXD5JXQ64PBSETYS24LYQTHZLAVCNFSM6AAAAABCJGZ4FKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJTGEYDMMRXGU . You are receiving this because you modified the open/close state.Message ID: @.***>
roelderickx
commented
6 months ago Ok, then the installation of Chrome and the plugin are correct.
Can you go through the troubleshoot guide and report in which step it is failing and which error messages you get?
mcmate
commented
6 months ago After rechecking the troubleshoot guide, I can confirm I could run connective-backend.py in a terminal window without any problem. However, when I try to run it in the browser nothing happens, with the activationToken field of the Communication empty (Request sent: {"cmd":"GET_READERS","activationToken":"","isRequest":true}), sth it does not happen in a terminal window. Thank you in advance.
El lun, 29 ene 2024 a las 10:31, Roel Derickx @.***>) escribió:
Ok, then the installation of Chrome and the plugin are correct.
Can you go through the troubleshoot guide https://github.com/roelderickx/connective-plugin-linux/tree/main/test and report in which step it is failing and which error messages you get?
— Reply to this email directly, view it on GitHub https://github.com/roelderickx/connective-plugin-linux/issues/18#issuecomment-1914297491, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGMMRXAZ46AXLLILK7BAPMLYQ5UALAVCNFSM6AAAAABCJGZ4FKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJUGI4TONBZGE . You are receiving this because you modified the open/close state.Message ID: @.***>
roelderickx
commented
6 months ago In that case the only component which doesn't work is the native messaging. The activation token is not verified by connective-plugin-linux, please see #12 for detailed information about this.
nativemessaging-install install chrome? Also, make sure you run it from the directory where native-manifest.json can be found, ie the main directory of this repository.~/.config/google-chrome/NativeMessagingHosts/com.connective.signer.json?mcmate
commented
6 months ago Thank you in advance
El lun, 29 ene 2024 a las 17:23, Roel Derickx @.***>) escribió:
In that case the only component which doesn't work is the native messaging. The activation token is not verified by connective-plugin-linux, please see #12 https://github.com/roelderickx/connective-plugin-linux/issues/12 for detailed information about this.
- Did you run nativemessaging-install install chrome? Also, make sure you run it from the directory where native-manifest.json can be found, ie the main directory of this repository.
- Did it succeed or were there any errors?
- Did it install the manifest file as ~/.config/google-chrome/NativeMessagingHosts/com.connective.signer.json ?
- If you open the installed manifest file, does the content of the path tag points to the backend? It must include the complete path.
- The browser needs to be restarted after installation or modification of the native messaging manifest
— Reply to this email directly, view it on GitHub https://github.com/roelderickx/connective-plugin-linux/issues/18#issuecomment-1915063406, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGMMRXCWMIREEVT4F6XTUXLYQ7EHPAVCNFSM6AAAAABCJGZ4FKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJVGA3DGNBQGY . You are receiving this because you modified the open/close state.Message ID: @.***>
roelderickx
commented
6 months ago Thanks for the extra information.
It seems strange you got a permission denied error on a subdirectory of your own home directory, it should not be necessary to run nativemessaging-install as root. Make sure the user who runs chrome (oscar in your case) has read permissions on /home/oscar/.config/google-chrome/NativeMessagingHosts/com.connective.signer.json and read+execute rights on /home/oscar/Downloads/connective-plugin-linux-main/connective-backend.py.
Apart from that I noticed the protocoltester does not work (anymore?) in Chrome. Also, ctrl-shift-J seems to be the same as F12 in Chrome, another difference with Firefox. Very annoying, I will have to add a separate tester for Chrome but it needs some study, I don't have that much time at the moment.
In stead you can test your setup if you start Chrome from a terminal window, so you see all output (the executable is called google-chrome). Then go to a website using the connective plugin, let's say doccle (click on log in with eid). You should start seeing the connective messages in the terminal window, even without connecting a card reader or providing you eid card.
If that doesn't happen, do you see any errors related to the connective plugin?
mcmate
commented
6 months ago Thanks for the support.
Here is the output when starting Chrome from a terminal window (change part of the info for <...>):
Card applet version: 17 Card 0x6C delay required: 0 ms OUT {"readerList": [{"index": 0, "library": "cardcomm", "name": "Alcor Micro AU9540 00 00", "atr": "3B9813400AA503010101AD1311", "cardPresent": true, "cardType": 1}]} IN {"cmd":"READ_FILE","reader":"Alcor Micro AU9540 00 00","fileId":"3F00DF014031","activationToken":"GYvQfXZ<...>KrSWIA==","isRequest":true} Card applet version: 17 Card 0x6C delay required: 0 ms OUT {"data": "010A423<...>1B001C00"} IN {"cmd":"READ_FILE","reader":"Alcor Micro AU9540 00 00","fileId":"3F00DF014032","activationToken":"GYvQfXZ<...>KrSWIA==","isRequest":true} Card applet version: 17 Card 0x6C delay required: 0 ms OUT {"error": {"code": 5, "id": 5, "message": "Error reading file (Comm 0x6a87) (0xa4080c)"}}
El mar, 30 ene 2024 a las 18:57, Roel Derickx @.***>) escribió:
Thanks for the extra information.
It seems strange you got a permission denied error on a subdirectory of your own home directory, it should not be necessary to run nativemessaging-install as root. Make sure the user who runs chrome (oscar in your case) has read permissions on /home/oscar/.config/google-chrome/NativeMessagingHosts/com.connective.signer.json and read+execute rights on /home/oscar/Downloads/connective-plugin-linux-main/connective-backend.py.
Apart from that I noticed the protocoltester does not work (anymore?) in Chrome. Also, ctrl-shift-J seems to be the same as F12 in Chrome, another difference with Firefox. Very annoying, I will have to add a separate tester for Chrome but it needs some study, I don't have that much time at the moment.
In stead you can test your setup if you start Chrome from a terminal window, so you see all output (the executable is called google-chrome). Then go to a website using the connective plugin, let's say doccle https://id.doccle.be/app/login (click on log in with eid). You should start seeing the connective messages in the terminal window, even without connecting a card reader or providing you eid card.
If that doesn't happen, do you see any errors related to the connective plugin?
— Reply to this email directly, view it on GitHub https://github.com/roelderickx/connective-plugin-linux/issues/18#issuecomment-1917591340, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGMMRXEZYBXFCIBI7ZVCQULYREYAZAVCNFSM6AAAAABCJGZ4FKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJXGU4TCMZUGA . You are receiving this because you modified the open/close state.Message ID: @.***>
roelderickx
commented
6 months ago Ok, many thanks for the log.
It turns out to be the same problem as #15, but it wasn't resolved at the time because the user who reported the issue didn't need it anymore. As you can see the first READ_FILE call worked fine, but it fails at the second call. If you're lucky it will work for the second call as well next time, but it fails anyway before all files are read. I am not sure but I think it is due to the fact the cardreader connects to the id card on each call, for your particular cardreader it may happen too fast.
I'll try to rework it without the superfluous connections, it is not too much work. I'll keep you updated, it would be appreciated if you can test 🙂
mcmate
commented
6 months ago Perfect. I will wait for the update to test it. Thank you in advance.
El mié, 31 ene 2024 a las 12:25, Roel Derickx @.***>) escribió:
Ok, many thanks for the log.
It turns out to be the same problem as #15 https://github.com/roelderickx/connective-plugin-linux/issues/15, but it wasn't resolved at the time because the user who reported the issue didn't need it anymore. As you can see the first READ_FILE call worked fine, but it fails at the second call. If you're lucky it will work for the second call as well next time, but it fails anyway before all files are read. I am not sure but I think it is due to the fact the cardreader connects to the id card on each call, for your particular cardreader it may happen too fast.
I'll try to rework it without the superfluous connections, it is not too much work. I'll keep you updated, it would be appreciated if you can test 🙂
— Reply to this email directly, view it on GitHub https://github.com/roelderickx/connective-plugin-linux/issues/18#issuecomment-1918915658, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGMMRXGCN6RWSWE5KFV7WWLYRIS3BAVCNFSM6AAAAABCJGZ4FKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJYHEYTKNRVHA . You are receiving this because you modified the open/close state.Message ID: @.***>
roelderickx
commented
6 months ago Can you try with the branch issue19 please?
I really hope it solves your problem, this is just a wild guess.
mcmate
commented
6 months ago Unfortunately same error:
Card applet version: 17 Card 0x6C delay required: 0 ms OUT {"readerList": [{"index": 0, "library": "cardcomm", "name": "Alcor Micro AU9540 00 00", "atr": "3B9813400AA503010101AD1311", "cardPresent": true, "cardType": 1}]} IN {"cmd":"READ_FILE","reader":"Alcor Micro AU9540 00 00","fileId":"3F00DF014031","activationToken":"X3DzkFkfucXXPi<...>XdDyHTE0g==","isRequest":true} OUT {"data": "010A4234<...>01A001B001C00"} IN {"cmd":"READ_FILE","reader":"Alcor Micro AU9540 00 00","fileId":"3F00DF00503A","activationToken":"X3DzkFkfucXXPi<...>XdDyHTE0g==","isRequest":true} OUT {"error": {"code": 5, "id": 5, "message": "Error reading file (Comm 0x6a87) (0xa4080c)"}}
(Well checked for the new version and restart of Google Chrome) cat /home/oscar/.config/google-chrome/NativeMessagingHosts/com.connective.signer.json {"name": "com.connective.signer", "description": "Connective Extension", "path": "/home/oscar/Downloads/connective-plugin-linux-issue19/connective-backend.py", "type": "stdio", "allowed_origins": ["chrome-extension://kclpjmhngbacampgcdojmiedamjbgjjm/", "chrome-extension://iakejplkonnlkckfmnkmnjonjldbhpfa/", "chrome-extension://hjldggdfakblnppfaijhaioieincmlln/", "chrome-extension://fccadhkefgbjhhmhaifdjgabjjjhenek/", "chrome-extension://agapehmkpebacbgojngbpmcojkimlllf/"]}
Thank you in advance.
El mié, 31 ene 2024 a las 21:31, Roel Derickx @.***>) escribió:
Can you try with the branch issue19 https://github.com/roelderickx/connective-plugin-linux/tree/issue19 please?
I really hope it solves your problem, this is just a wild guess.
— Reply to this email directly, view it on GitHub https://github.com/roelderickx/connective-plugin-linux/issues/18#issuecomment-1919905914, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGMMRXCBSGWGAT5IR7QWDJDYRKS2BAVCNFSM6AAAAABCJGZ4FKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJZHEYDKOJRGQ . You are receiving this because you modified the open/close state.Message ID: @.***>
roelderickx
commented
6 months ago There seems to be a problem with the Alcor Micro AU9540, see LudovicRousseau/CCID#84. At the end Ludovic Rousseau points to https://ccid.apdu.fr/ccid/unsupported.html#0x058F0x9540, where it is stated that both readers are only partly supported. However, I tested long time ago with an Alcor Micro AU 9560 (currently not in my possession) and it worked fine. Maybe the version of pyscard or ccid is different? Or is the firmware different? It seems these readers are built-in with some HP and/or Lenovo laptops. Is that the case for you and do you have the possibility to download the latest firmware from their site to install it?
mcmate
commented
6 months ago Ill try to check, but Im not sure the problem is on the reader side, since I could log in in different services using it. Its just the connective-plugin that I couldnt make it work. Could you specify the proper pyscard or ccid versions maybe. My laptop is an Asus, so not sure I could do much more.
El sáb, 3 feb 2024 a las 18:27, Roel Derickx @.***>) escribió:
There seems to be a problem with the Alcor Micro AU9540, see LudovicRousseau/CCID#84 https://github.com/LudovicRousseau/CCID/issues/84. At the end Ludovic Rousseau points to https://ccid.apdu.fr/ccid/unsupported.html#0x058F0x9540, where it is stated that both readers are only partly supported. However, I tested long time ago with an Alcor Micro AU 9560 (currently not in my possession) and it worked fine. Maybe the version of pyscard or ccid is different? Or is the firmware different? It seems these readers are built-in with some HP and/or Lenovo laptops. Is that the case for you and do you have the possibility to download the latest firmware from their site to install it?
— Reply to this email directly, view it on GitHub https://github.com/roelderickx/connective-plugin-linux/issues/18#issuecomment-1925402112, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGMMRXAMRFF6RY5SJBDHXADYRZXRBAVCNFSM6AAAAABCJGZ4FKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMRVGQYDEMJRGI . You are receiving this because you modified the open/close state.Message ID: @.***>
roelderickx
commented
6 months ago It is also strange that these kind of errors pop up now, in the past two years it never came up. Even for both Alcor Micro devices which are widespread. So yes, it should be possible to make it work. I'll see if I can get one of these models to test with, to see if it works for a specific version of pyscard and/or ccid.
mcmate
commented
6 months ago Perfect. Thank you.
On Sat, 3 Feb 2024, 21:17 Roel Derickx, @.***> wrote:
It is also strange that these kind of errors pop up now, in the past two years it never came up. Even for both Alcor Micro devices which are widespread. So yes, it should be possible to make it work. I'll see if I can get one of these models to test with, to see if it works for a specific version of pyscard and/or ccid.
— Reply to this email directly, view it on GitHub https://github.com/roelderickx/connective-plugin-linux/issues/18#issuecomment-1925445741, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGMMRXGFDGSL3UB3MLX4UHDYR2LPHAVCNFSM6AAAAABCJGZ4FKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMRVGQ2DKNZUGE . You are receiving this because you modified the open/close state.Message ID: @.***>
roelderickx
commented
1 month ago It seems to work with ubuntu 22, see #25.
mcmate
commented
1 month ago nice, thank you
roelderickx
commented
1 month ago Closing this issue as per the latest comment in #25.
Not sure if there is a solution without downgrading the whole OS, a docker image will almost certainly not receive any requests via the native messaging protocol.
mcmate
commented
1 month ago fair enough, mine was always ubuntu 22 though
roelderickx
commented
1 month ago Interesting... Let's say there was a buggy version of one of the components which is fixed in an update somewhere. Very vague but definitely an answer if someone stumbles upon this issue. Anyway, it's good to hear it works for you now!
Connective signing extension 1.0.6 is the only one I can install from the Chrome web store https://chromewebstore.google.com/detail/connective-signing-extens/kclpjmhngbacampgcdojmiedamjbgjjm?utm_source=chrome-app-launcher-info-dialog Did not manage to install the xpi file, even with Foxified. With 1.0.6 it reports some errors though: "An error occured while handling your request." with no issues but no answer either when testing. Thank you for the help.