#1921 Update default values of connectionTimeout to format smart cards
Closed: Fixed None Opened 8 years ago by mrniranjan.

Unable to format blank smartcard , Formatting fails with error
"Formatting of smart card failed. Error: The smart card Manager has lost the
connection to the Smart Card Server

Steps to Reproduce:

1. Configure TMS subsystems in separate Tomcat system (CA,KRA,TKS,TPS)
2. Insert a blank token on RHEL6 workstation, specify the phoneHome url
 http://dhcp201-123.englab.pnq.redhat.com:20080/tps/phoneHome
3. Format the card.

Actual results:

Formatting fails with error:
"Formatting of smart card failed. Error: The smart card Manager has lost the
connection to the Smart Card Server

Expected results:

Formatting should succeed

Additional info:

TPS debug logs:

[10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.loadFileSegment:
gp211.
[10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.computeAPDU:
entering..
[10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.computeAPDUMac:
data To MAC: 84%E8%80%48%3A%33%40%04%44%42%04%44%41%06%44%B4%41%04%B4%43%07%33%
68%20%F0%06%68%10%A1%02%43%03%44%30%06%B4%44%41%03%43%10%04%44%31%03%4B%20%05%4
4%B4%40%05%44%B4%10%
[10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.computeAPDUMac:
computed MAC: 46%FB%22%45%34%5F%D5%18%
[10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.computeAPDU:
Before encryption data value: 33%40%04%44%42%04%44%41%06%44%B4%41%04%B4%43%07%3
3%68%20%F0%06%68%10%A1%02%43%03%44%30%06%B4%44%41%03%43%10%04%44%31%03%4B%20%05
%44%B4%40%05%44%B4%10%
[10/Feb/2016:00:16:05][http-bio-20080-exec-6]: Util.encryptData: dataToEnc: 32%
33%40%04%44%42%04%44%41%06%44%B4%41%04%B4%43%07%33%68%20%F0%06%68%10%A1%02%43%0
3%44%30%06%B4%44%41%03%43%10%04%44%31%03%4B%20%05%44%B4%40%05%44%B4%10%80%00%00
%00%00%
[10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.computeAPDU: After
encryption data value: 06%EE%A9%ED%4F%0C%65%8B%E3%B4%70%3F%8F%92%63%B7%F9%E3%CF
%E0%45%6A%0D%87%B1%4E%30%A5%54%9F%9C%AB%D8%13%3D%37%49%71%09%7C%A7%19%B7%A8%12%
E9%87%9F%C1%57%B6%AF%D9%7B%E7%CD%
[10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.computeAPDU:
Successfully encrypted apdu data.
[10/Feb/2016:00:16:05][http-bio-20080-exec-6]: TPSMessage.write: Writing: s=239
&msg_type=9&pdu_size=69&pdu_data=%84%E8%80%48%40%06%EE%A9%ED%4F%0C%65%8B%E3%B4%
70%3F%8F%92%63%B7%F9%E3%CF%E0%45%6A%0D%87%B1%4E%30%A5%54%9F%9C%AB%D8%13%3D%37%4
9%71%09%7C%A7%19%B7%A8%12%E9%87%9F%C1%57%B6%AF%D9%7B%E7%CD%46%FB%22%45%34%5F%D5
%18
[10/Feb/2016:00:16:05][http-bio-20080-exec-6]: TPSSession.process() about to
call read on connection : org.dogtagpki.tps.TPSConnection@462923ba
[10/Feb/2016:00:16:05][http-bio-20080-exec-6]: TPSMessage read()
[10/Feb/2016:00:16:25][http-bio-20080-exec-6]: TPSSession.process: Exception
reading from the client: java.net.SocketTimeoutException: Read timed out
[10/Feb/2016:00:16:25][http-bio-20080-exec-6]: TPS_Processor.HandleAPDURequest
failed ReadMsg: java.net.SocketTimeoutException: Read timed out
[10/Feb/2016:00:16:25][http-bio-20080-exec-6]: TPSSession.process: IO error
happened during processing: java.net.SocketTimeoutException: Read timed out

Per CS/DS Meeting of 02/15/2016: 10.3 Blocker

Jack Magne 2016-02-10 13:37:07 EST

The connection appears to be going down between client ad server in
the middle of an operation.

Perhaps an operation down to the card is taking too long thus causing a timeout.

In your pki-tomcat/conf/server.xml you might try establishing the following
timeout param to see if this helps...

<Connector name="Unsecure" port="8080" protocol="HTTP/1.1" redirectPort="8443"
           maxHttpHeaderSize="8192"
           acceptCount="100" maxThreads="150" minSpareThreads="25"
           enableLookups="false" connectionTimeout="80000"
           disableUploadTimeout="true"
           />

Niranjan Mallapadi Raghavender 2016-02-12 00:30:44 EST:

Increasing the connectionTimeout resolved the issue.

commit b0ee4e8ea25f8a645015ace4eb5413fb11e96f50
Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com
Date: Thu May 12 15:21:34 2016 -0700

Update default values of connectionTimeout to format smart cards

Ticket #1921

Trivial fix to add or up this connectionTimeout value to 80000 or 80 secs.
Fix already tested informally in the field by QE.

Closing:

Metadata Update from @mrniranjan:
- Issue assigned to jmagne
- Issue set to the milestone: 10.3.1

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2319

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata