.
So I guess its the validateCertificateChain that has issues? How
do I implement the eID Trust Service?
Hi,
I have been able to implement the identification part of
the eID Applet using Glassfish through Netbeans, but I seem
to be having some problems with the authentication part.
I can fill in my pin code, so I suppose my Bean is called
correctly. After that the applet gives a Generic Error and
Glassfish gives
"WARNING: StandardWrapperValve[AppletAuthnServiceServlet]:
PWC1406: Servlet.service() for servlet
AppletAuthnServiceServlet threw exception.
java.lang.RuntimeException: expected a protocol start
message
at
be.fedict.eid.applet.shared.protocol.ProtocolStateMachine.checkRequestMessage(ProtocolStateMachine.java:121)
.... (see below)".
What does this error refer to? Does it mean I'm missing
something somewhere? A protocol start message somehow...
I read the developer's guide, but it does not give a lot
of detail. I checked other posts here and the examples on
the
codes.google page, but I still can't seem to get there.
Beneath are my errors and relevant files. I hope someone
can help me. Thanks!
My web.xml for the authentication:
<servlet>
<servlet-name>AppletAuthnServiceServlet</servlet-name>
<servlet-class>be.fedict.eid.applet.service.AppletServiceServlet</servlet-class>
<init-param>
<param-name>AuthenticationService</param-name>
<param-value>java:global/eID/AuthenticationServiceBean</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>AppletAuthnServiceServlet</servlet-name>
<url-pattern>/applet-service-authn</url-pattern>
</servlet-mapping>
The AuthenticationServiceBean:
package isb.eid;
import javax.ejb.Stateless;
import be.fedict.eid.applet.service.spi.AuthenticationService;
import be.fedict.eid.applet.service.spi.CertificateSecurityException;
import be.fedict.eid.applet.service.spi.ExpiredCertificateSecurityException;
import be.fedict.eid.applet.service.spi.RevokedCertificateSecurityException;
import be.fedict.eid.applet.service.spi.TrustCertificateSecurityException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@Stateless
public class AuthenticationServiceBean implements
AuthenticationService {
private static final Log LOG = LogFactory.getLog(AuthenticationServiceBean.class);
@Override
public void validateCertificateChain(List<X509Certificate>
certificateChain) throws ExpiredCertificateSecurityException,
RevokedCertificateSecurityException,
TrustCertificateSecurityException,
CertificateSecurityException, SecurityException {
LOG.debug("validate certificate chain: " +
certificateChain);
HttpServletRequest httpServletRequest;
try {
httpServletRequest = (HttpServletRequest)
PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
}catch (PolicyContextException e) {
throw new RuntimeException("JACC error: "
+ e.getMessage());
}
HttpSession httpSession =
httpServletRequest.getSession();
httpSession.setAttribute("AuthenticationCertificateChain",
certificateChain);
}
}
authentication.jsp:
<script>
var attributes
= {
code
:'be.fedict.eid.applet.Applet.class',
width :600,
height :300
};
var parameters
= {
TargetPage
:'authn-result.jsp',
AppletService
:'applet-service-authn',
BackgroundColor
:'#ffffff',
Language :
'en'
};
deployJava.runApplet(attributes,
parameters);
</script>
The Glassfish error:
WARNING: StandardWrapperValve[AppletAuthnServiceServlet]:
PWC1406: Servlet.service() for servlet
AppletAuthnServiceServlet threw exception
java.lang.RuntimeException: expected a protocol start
message
at
be.fedict.eid.applet.shared.protocol.ProtocolStateMachine.checkRequestMessage(ProtocolStateMachine.java:121)
at
be.fedict.eid.applet.service.AppletServiceServlet.doPost(AppletServiceServlet.java:299)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
at
org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1550)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at
org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at
com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317)
at
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
at
com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860)
at
com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757)
at
com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1056)
at
com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229)
at
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at
com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at
com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at
com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at
com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at
java.lang.Thread.run(Thread.java:722)
The applet error:
eID Applet - Copyright (C) 2008-2011 FedICT.
Released under GNU LGPL version 3.0 license.
checking applet privileges...
security manager permission check for java 1.6...
checking web application trust...
running privileged code...
Java version: 1.7.0_21
Java vendor: Oracle Corporation
OS: Windows 7
OS version: 6.1
OS arch: x86
Current time: Tue May 14 15:52:29 CEST 2013
ERROR: no session cookie detected!
sending message: HelloMessage
current protocol state: null
protocol state transition: INIT
SSL handshake finish cipher suite:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
response message: AuthenticationRequestMessage
current protocol state: INIT
protocol state transition: AUTHENTICATE
include hostname: false
include inet address: false
remove card after authn: false
logoff: false
pre-logoff: false
TLS session Id channel binding: false
server certificate channel binding: false
include identity: false
include certificates: false
include address: false
include photo: false
include integrity data: false
require secure smart card reader: false
no PKCS11: false
Detecting eID card...
PKCS#11 path: C:\WINDOWS\system32\beidpkcs11.dll
library description: Belgium eID PKCS#11 interface v2
manufacturer ID: Belgium Government
library version: 2.0
cryptoki version: 2.b
reader: Alcor Micro USB Smart Card Reader 0
Belgium eID card in slot: 0
Authenticating...
getting protection parameter
key alias: Root
key alias: CA
key alias: Authentication
key alias: Signature
sending message: AuthenticationDataMessage
current protocol state: AUTHENTICATE
SSL handshake finish cipher suite:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
HTTP response code: 500
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Strict//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html
xmlns="
http://www.w3.org/1999/xhtml"><head><title>GlassFish
Server Open Source Edition 3.1.2.2 - Error
report</title><style type="text/css"><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Status 500 -
</h1><hr/><p><b>type</b>
Exception
report</p><p><b>message</b></p><p><b>description</b>The
server encountered an internal error () that prevented it
from fulfilling this
request.</p><p><b>exception</b>
<pre>java.lang.RuntimeException: expected a
protocol start
message</pre></p><p><b>note</b>
<u>The full stack traces of the exception and its
root causes are available in the GlassFish Server Open
Source Edition 3.1.2.2
logs.</u></p><hr/><h3>GlassFish
Server Open Source Edition
3.1.2.2</h3></body></html>
error: error sending message to service. HTTP status
code: 500
error type: java.io.IOException
at be.fedict.eid.applet.Controller.sendMessage:227
at be.fedict.eid.applet.Controller.performEidAuthnOperation:1291
at be.fedict.eid.applet.Controller.run:382
at be.fedict.eid.applet.Applet$AppletThread$1.run:602
at java.security.AccessController.doPrivileged:-2
at be.fedict.eid.applet.Applet$AppletThread.run:597
at java.lang.Thread.run:-1
Generic Error.