Skip to content
This repository has been archived by the owner on Sep 3, 2024. It is now read-only.

Epass2003 not detected in fortify web component #538

Open
rossinicolas opened this issue Feb 23, 2023 · 6 comments
Open

Epass2003 not detected in fortify web component #538

rossinicolas opened this issue Feb 23, 2023 · 6 comments
Assignees
@microshine

Comments

@rossinicolas
Copy link

Hi, the Epass2003 tokens are not detected in the Fortify Web-Compent list if we setup the onlySmartcards in true.
Could you tell us what's could be the problem.

TIA
@microshine
Copy link
Collaborator

microshine commented Feb 23, 2023
edited
Loading

Do you see this token without that flag?

Fortify reads information about the token and detects if the token is removable. Fortify Web-Compent uses this information for filtering. So it's possible that your token returns another value.

Please share some information about your environment.

  • What is the version of your operating system?
  • What is the version of Fortify?
  • What PKCS11 library does Fortify use to work with your token? This information can be obtained from the logs of the application ~/.fortify/fortify.log.

@microshine microshine self-assigned this Feb 23, 2023
@rossinicolas
Copy link
Author

Do you see this token without that flag?

Fortify reads information about the token and detects if the token is removable. Fortify Web-Compent uses this information for filtering. So it's possible that your token returns another value.

Please share some information about your environment.

  • What is the version of your operating system?
    Windows 10 Pro Versión: 1903
  • What is the version of Fortify?
    1.8.4
  • What PKCS11 library does Fortify use to work with your token? This information can be obtained from the logs of the application ~/.fortify/fortify.log.
    **{"level":"info","message":"Logging status changed","source":"logging","timestamp":"2023-02-23T16:05:02.649Z","value":true} {"level":"info","message":"Create a new connection","origin":"https://myurl.com","source":"server","timestamp":"2023-02-23T16:11:47.065Z"} {"level":"info","message":"Push session to stack","origin":"https://myurl.com","source":"server","timestamp":"2023-02-23T16:11:47.067Z"} {"level":"warn","message":"Cannot parse MessageSignedProtocol","source":"server","timestamp":"2023-02-23T16:11:47.090Z"} {"authorized":true,"level":"info","message":"Initialize secure session","origin":"https://myurl.com","session":"334865dc4bbe38ceacd8342d76971f0feaeb434a508b45a99edf3a565550c694","source":"server","timestamp":"2023-02-23T16:11:47.133Z"} {"action":"server/isLoggedIn","level":"info","message":"Run action","session":"334865dc4bbe38ceacd8342d76971f0feaeb434a508b45a99edf3a565550c694","source":"server","timestamp":"2023-02-23T16:11:47.135Z"} {"action":"provider/action/info","level":"info","message":"Run action","session":"334865dc4bbe38ceacd8342d76971f0feaeb434a508b45a99edf3a565550c694","source":"server","timestamp":"2023-02-23T16:11:47.149Z"} {"level":"info","message":"Close window","name":"preferences","source":"windows","timestamp":"2023-02-23T16:14:33.286Z"} {"level":"error","message":"Server event error","source":"server","timestamp":"2023-02-23T16:14:33.840Z"} {"level":"info","message":"Closing open disposable windows","origin":"https://myurl.com:54167","source":"server","timestamp":"2023-02-23T16:14:33.840Z"} {"description":"","event":"close","level":"info","message":"Close session","reasonCode":1005,"remoteAddress":"https://myurl.com:54167","source":"server","timestamp":"2023-02-23T16:14:33.841Z"}**

@rossinicolas
Copy link
Author

{"authorized":true,"level":"info","message":"Initialize secure session","origin":"https://tools.fortifyapp.com","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.712Z"} {"action":"server/isLoggedIn","level":"info","message":"Run action","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.714Z"} {"action":"provider/action/info","level":"info","message":"Run action","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.754Z"} {"action":"provider/action/getCrypto","level":"info","message":"Run action","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.787Z"} {"action":"crypto/isLoggedIn","level":"info","message":"Run action","provider":"dd1464a08e1c30e61c399faa2b650b3803650312","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.812Z"} {"crypto":"Windows CryptoAPI","level":"info","message":"crypto/isLoggedIn","source":"server-api","timestamp":"2023-02-24T15:10:49.815Z"} {"action":"provider/action/getCrypto","level":"info","message":"Run action","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.825Z"} {"action":"crypto/isLoggedIn","level":"info","message":"Run action","provider":"a7370eae6951997646c5bfedf8f3df0d8b8b698d","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.837Z"} {"crypto":"NSS Certificate DB","level":"info","message":"crypto/isLoggedIn","source":"server-api","timestamp":"2023-02-24T15:10:49.838Z"} {"action":"provider/action/getCrypto","level":"info","message":"Run action","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.856Z"} {"action":"crypto/isLoggedIn","level":"info","message":"Run action","provider":"a7370eae6951997646c5bfedf8f3df0d8b8b698d","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.868Z"} {"crypto":"NSS Certificate DB","level":"info","message":"crypto/isLoggedIn","source":"server-api","timestamp":"2023-02-24T15:10:49.869Z"} {"action":"provider/action/getCrypto","level":"info","message":"Run action","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.887Z"} {"action":"crypto/isLoggedIn","level":"info","message":"Run action","provider":"dd1464a08e1c30e61c399faa2b650b3803650312","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.901Z"} {"crypto":"Windows CryptoAPI","level":"info","message":"crypto/isLoggedIn","source":"server-api","timestamp":"2023-02-24T15:10:49.902Z"} {"action":"crypto/keyStorage/keys","level":"info","message":"Run action","provider":"dd1464a08e1c30e61c399faa2b650b3803650312","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.913Z"} {"crypto":"Windows CryptoAPI","level":"info","message":"keyStorage/keys","source":"server-api","timestamp":"2023-02-24T15:10:49.915Z"} {"action":"crypto/certificateStorage/keys","level":"info","message":"Run action","provider":"dd1464a08e1c30e61c399faa2b650b3803650312","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.927Z"} {"crypto":"Windows CryptoAPI","level":"info","message":"certStorage/keys","source":"server-api","timestamp":"2023-02-24T15:10:49.929Z"} {"action":"crypto/certificateStorage/getItem","level":"info","message":"Run action","provider":"dd1464a08e1c30e61c399faa2b650b3803650312","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:49.941Z"} {"crypto":"Windows CryptoAPI","index":"x509-e0be82aa-4e4a25fbc4755ae29f3e4124417552cfd74906a0","level":"info","message":"certStorage/getItem","source":"server-api","timestamp":"2023-02-24T15:10:49.945Z"} {"cert":{"publicKey":{"algorithm":{"hash":"SHA-256","name":"RSASSA-PKCS1-v1_5","sensitive":false,"token":true},"extractable":true,"id":"4e4a25fbc4755ae29f3e4124417552cfd74906a0","type":"public","usages":["encrypt","verify","wrapKey"]},"subjectName":"2.5.4.5=CUIL 20220677797, C=AR, CN=MESSINA Fabricio Raúl","token":true,"type":"x509"},"crypto":"Windows CryptoAPI","level":"info","message":"certStorage/getItem","source":"server-api","timestamp":"2023-02-24T15:10:50.003Z"} {"action":"crypto/certificateStorage/export","level":"info","message":"Run action","provider":"dd1464a08e1c30e61c399faa2b650b3803650312","session":"d231a62d2513074ec86168338d27a5ddeb4fa3905349fa7944fed769110863d0","source":"server","timestamp":"2023-02-24T15:10:50.021Z"} {"cert":{"publicKey":{"algorithm":{"hash":"SHA-256","name":"RSASSA-PKCS1-v1_5","sensitive":false,"token":true},"extractable":true,"id":"4e4a25fbc4755ae29f3e4124417552cfd74906a0","type":"public","usages":["encrypt","verify","wrapKey"]},"subjectName":"2.5.4.5=CUIL 20220677797, C=AR, CN=MESSINA Fabricio Raúl","token":true,"type":"x509"},"crypto":"Windows CryptoAPI","level":"info","message":"certStorage/exportCert","source":"server-api","timestamp":"2023-02-24T15:10:50.024Z"} {"level":"info","message":"Create window","name":"preferences","source":"windows","timestamp":"2023-02-24T15:10:54.201Z"} {"level":"info","message":"Check for new update","source":"update","timestamp":"2023-02-24T15:10:54.499Z"} {"error":"tunneling socket could not be established, statusCode=407","jwsLink":"https://fortifyapp.com/packages/update.jws","level":"error","message":"JWS GET error","source":"update","stack":"Error: tunneling socket could not be established, statusCode=407\n at ClientRequest.o (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:329:109106)\n at Object.onceWrapper (events.js:422:26)\n at ClientRequest.emit (events.js:315:20)\n at Socket.socketOnData (_http_client.js:547:11)\n at Socket.emit (events.js:315:20)\n at addChunk (internal/streams/readable.js:309:12)\n at readableAddChunk (internal/streams/readable.js:284:9)\n at Socket.Readable.push (internal/streams/readable.js:223:10)\n at TCP.onStreamRead (internal/stream_base_commons.js:188:23)","timestamp":"2023-02-24T15:10:54.549Z"} {"error":"Unable to connect to update server","level":"error","message":"Get info error","source":"update","stack":"UpdateError: Unable to connect to update server\n at h.getJWS (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:103:166108)\n at processTicksAndRejections (internal/process/task_queues.js:93:5)\n at async h.getUpdateInfo (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:103:166199)\n at async h.checkForUpdates (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:103:166603)","timestamp":"2023-02-24T15:10:54.550Z"} {"error":"Unable to connect to update server","level":"error","message":"Update error","source":"update","stack":"UpdateError: Unable to connect to update server\n at h.getJWS (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:103:166108)\n at processTicksAndRejections (internal/process/task_queues.js:93:5)\n at async h.getUpdateInfo (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:103:166199)\n at async h.checkForUpdates (C:\\Program Files\\Fortify\\resources\\app.asar\\out\\main.js:103:166603)","timestamp":"2023-02-24T15:10:54.550Z"}

@microshine
Copy link
Collaborator

I don't see any logs about PKCS#11 providers. Looks like you took incorrect parts from the log file.

There must be information like this

{"atr":"3bfc1300008131fe15597562696b65794e454f7233e1","level":"info","message":"New token was added to the reader","reader":"Yubico Yubikey NEO OTP+U2F+CCID","source":"pcsc","timestamp":"2023-02-15T13:39:56.821Z"}
{"atr":"3bfc1300008131fe15597562696b65794e454f7233e1","level":"info","message":"Token was added to the reader","name":"Yubico Yubikey NEO OTP+U2F+CCID","reader":"Yubico Yubikey NEO OTP+U2F+CCID","source":"provider","timestamp":"2023-02-15T13:39:58.118Z"}
{"level":"info","library":"/usr/local/lib/libykcs11.dylib","message":"Loading PKCS#11 library","source":"provider","timestamp":"2023-02-15T13:39:58.119Z"}
{"level":"info","message":"Looking for slot","slots":1,"source":"provider","timestamp":"2023-02-15T13:39:59.422Z"}
{"level":"info","message":"Use ConfigTemplateBuilder","source":"provider","timestamp":"2023-02-15T13:40:00.051Z"}
{"cryptokiVersion":{"major":2,"minor":40},"firmwareVersion":{"major":1,"minor":0},"level":"info","library":"/usr/local/lib/libykcs11.dylib","libraryVersion":{"major":2,"minor":30},"manufacturerId":"Yubico (www.yubico.com)","message":"PKCS#11 library information","source":"provider","timestamp":"2023-02-15T13:40:00.052Z"}
{"id":"e96f0bd16bf92e3b4f1f6139ed6bc858bdb70eec6716530e2038c6ea17d4b5aa","level":"info","library":"/usr/local/lib/libykcs11.dylib","message":"Crypto provider was added to the list","name":"Yubico Yubikey NEO OTP+U2F+CCID","reader":"Yubico Yubikey NEO OTP+U2F+CCID","source":"provider","timestamp":"2023-02-15T13:40:00.053Z"}

@rossinicolas
Copy link
Author

@microshine that info isn't the second log sended?

@microshine
Copy link
Collaborator

No, if you search for the keyword "library", you will see that there are no matches in your logs.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@microshine microshine

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@microshine @rossinicolas