When reading new cards getting photo digest error

62 views
Skip to first unread message

shravya shetty

unread,
Dec 19, 2016, 10:27:21 AM12/19/16
to eID Middleware
Hi All,

We are using eid-applet-package-2.0.0.FEDICT.jar in our application to read data from the EID card.
Now for the newly issued cards we are getting error when trying to read the data.

PFB the error - 

eID Applet - Copyright (C) 2008-2013 FedICT.

Copyright (C) 2014-2015 e-Contract.be BVBA.

Released under GNU LGPL version 3.0 license.

More info: https://github.com/Fedict/eid-applet

checking applet privileges...

security manager permission check for java 1.6...

checking web application trust...

running privileged code...

OS is [Windows 7]. Not Enabling PCSC library fix.

eID browser applet version: 2.0.0.FEDICT

Java version: 1.8.0_112

Java vendor: Oracle Corporation

OS: Windows 7

OS version: 6.1

OS arch: x86

Current time: Thu Dec 15 13:56:14 CET 2016

session cookie detected

sending message: HelloMessage

current protocol state: null

protocol state transition: INIT

SSL handshake finish cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

response message: IdentificationRequestMessage

current protocol state: INIT

protocol state transition: IDENTIFY

include address: true

include photo: true

include integrity data: false

include certificates: true

remove card: true

identity data usage: null

Detecting eID card...

Please insert your eID card...

Scanning card terminal: VASCO DP905v1.1 0

eID card detected in card terminal : VASCO DP905v1.1 0

Reading out identity...

Reading identity file...

selecting file

read binary

Size identity file: 176

Read address file...

selecting file

read binary

Size address file: 121

Read photo file...

selecting file

read binary

reading authn certificate file...

selecting file

read binary

size authn cert file: 1900

reading sign certificate file...

selecting file

read binary

size non-repud cert file: 1900

reading citizen CA certificate file...

selecting file

read binary

size Cit CA cert file: 1556

reading root certificate file...

selecting file

read binary

size Root CA cert file: 1426

Please remove your eID card.

Transmitting identity data...

sending message: IdentityDataMessage

current protocol state: IDENTIFY

SSL handshake finish cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

HTTP response code: 500

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">

<HTML>

<HEAD>

<TITLE>Error 500--Internal Server Error</TITLE>

<META NAME="GENERATOR" CONTENT="WebLogic Server">

</HEAD>

<BODY bgcolor="white">

<FONT FACE=Helvetica><BR CLEAR=all>

<TABLE border=0 cellspacing=5><TR><TD><BR CLEAR=all>

<FONT FACE="Helvetica" COLOR="black" SIZE="3"><H2>Error 500--Internal Server Error</H2>

</FONT></TD></TR>

</TABLE>

<TABLE border=0 width=100% cellpadding=10><TR><TD VALIGN=top WIDTH=100% BGCOLOR=white><FONT FACE="Courier New"><pre>javax.servlet.ServletException: photo digest incorrect

                at be.fedict.eid.applet.service.impl.handler.IdentityDataMessageHandler.handleMessage(IdentityDataMessageHandler.java:236)

                at be.fedict.eid.applet.service.impl.handler.IdentityDataMessageHandler.handleMessage(IdentityDataMessageHandler.java:64)

                at be.fedict.eid.applet.service.AppletServiceServlet.doPost(AppletServiceServlet.java:310)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

                at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:226)

                at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:124)

                at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)

                at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)

                at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3395)

                at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)

                at weblogic.security.service.SecurityManager.runAs(Unknown Source)

                at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2140)

                at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2046)

                at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)

                at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)

                at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)

</pre></FONT></TD></TR>

</TABLE>

 

</BODY>

</HTML>

error: error sending message to service. HTTP status code: 500

error type: java.io.IOException

at be.fedict.eid.applet.Controller.sendMessage:193

at be.fedict.eid.applet.Controller.sendMessage:153

at be.fedict.eid.applet.Controller.performEidIdentificationOperation:1194

at be.fedict.eid.applet.Controller.run:326

at be.fedict.eid.applet.Applet$AppletThread$1.run:595

at java.security.AccessController.doPrivileged:-2

at be.fedict.eid.applet.Applet$AppletThread.run:591

at java.lang.Thread.run:-1

Generic Error.


Can you please let us know the cause for this error.


Regards,

Shravya

Frederik Vernelen

unread,
Dec 19, 2016, 10:39:43 AM12/19/16
to eid...@googlegroups.com
Hello,

The new eID Cards add a sha256 hash of the photo file to the identity file, whereas the older eID cards use a sha1 hash.
It looks like the applet (that has been declared deprecated) has not been updated for the new cards,
 so it probably still validates the new sha256 hash against a sha1 hash and concludes the photo is not valid.

I'll check with the maintainers of the eid-applet if this fix could be added.

Wkr,
 Frederik


--
Je hebt dit bericht ontvangen omdat je bent geabonneerd op de groep "eID Middleware" van Google Discussiegroepen.
Als je je wilt afmelden bij deze groep en geen e-mails van de groep meer wilt ontvangen, stuur je een e-mail naar eid-mw+unsubscribe@googlegroups.com.
Als je een bericht in deze groep wilt plaatsen, stuur je een e-mail naar eid...@googlegroups.com.
Bezoek deze groep op https://groups.google.com/group/eid-mw.
Ga naar https://groups.google.com/d/optout voor meer opties.

Message has been deleted
Message has been deleted

shravya shetty

unread,
Dec 22, 2016, 11:12:04 AM12/22/16
to eID Middleware

Hello Frederik,

Thanks for the update.

Will the jars be updated?
We are currently using the jar 2.0.0.FEDICT.jar.

Thanks,
Shravya

Frederik Vernelen

unread,
Dec 23, 2016, 3:35:42 AM12/23/16
to eid...@googlegroups.com
Hello Shravya,

I've received feedback that the team involved will try to fix this bug.
Can you post it on https://github.com/Fedict/eid-applet/issues , so you can track it there?

I myself will be on holidays fort the next two weeks,

Wkr,
 Frederik

--
Reply all
Reply to author
Forward
0 new messages