Unable to format blank smartcard , Formatting fails with error "Formatting of smart card failed. Error: The smart card Manager has lost the connection to the Smart Card Server
Steps to Reproduce:
1. Configure TMS subsystems in separate Tomcat system (CA,KRA,TKS,TPS) 2. Insert a blank token on RHEL6 workstation, specify the phoneHome url http://dhcp201-123.englab.pnq.redhat.com:20080/tps/phoneHome 3. Format the card.
Actual results:
Formatting fails with error: "Formatting of smart card failed. Error: The smart card Manager has lost the connection to the Smart Card Server
Expected results:
Formatting should succeed
Additional info:
TPS debug logs: [10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.loadFileSegment: gp211. [10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.computeAPDU: entering.. [10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.computeAPDUMac: data To MAC: 84%E8%80%48%3A%33%40%04%44%42%04%44%41%06%44%B4%41%04%B4%43%07%33% 68%20%F0%06%68%10%A1%02%43%03%44%30%06%B4%44%41%03%43%10%04%44%31%03%4B%20%05%4 4%B4%40%05%44%B4%10% [10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.computeAPDUMac: computed MAC: 46%FB%22%45%34%5F%D5%18% [10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.computeAPDU: Before encryption data value: 33%40%04%44%42%04%44%41%06%44%B4%41%04%B4%43%07%3 3%68%20%F0%06%68%10%A1%02%43%03%44%30%06%B4%44%41%03%43%10%04%44%31%03%4B%20%05 %44%B4%40%05%44%B4%10% [10/Feb/2016:00:16:05][http-bio-20080-exec-6]: Util.encryptData: dataToEnc: 32% 33%40%04%44%42%04%44%41%06%44%B4%41%04%B4%43%07%33%68%20%F0%06%68%10%A1%02%43%0 3%44%30%06%B4%44%41%03%43%10%04%44%31%03%4B%20%05%44%B4%40%05%44%B4%10%80%00%00 %00%00% [10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.computeAPDU: After encryption data value: 06%EE%A9%ED%4F%0C%65%8B%E3%B4%70%3F%8F%92%63%B7%F9%E3%CF %E0%45%6A%0D%87%B1%4E%30%A5%54%9F%9C%AB%D8%13%3D%37%49%71%09%7C%A7%19%B7%A8%12% E9%87%9F%C1%57%B6%AF%D9%7B%E7%CD% [10/Feb/2016:00:16:05][http-bio-20080-exec-6]: SecureChannel.computeAPDU: Successfully encrypted apdu data. [10/Feb/2016:00:16:05][http-bio-20080-exec-6]: TPSMessage.write: Writing: s=239 &msg_type=9&pdu_size=69&pdu_data=%84%E8%80%48%40%06%EE%A9%ED%4F%0C%65%8B%E3%B4% 70%3F%8F%92%63%B7%F9%E3%CF%E0%45%6A%0D%87%B1%4E%30%A5%54%9F%9C%AB%D8%13%3D%37%4 9%71%09%7C%A7%19%B7%A8%12%E9%87%9F%C1%57%B6%AF%D9%7B%E7%CD%46%FB%22%45%34%5F%D5 %18 [10/Feb/2016:00:16:05][http-bio-20080-exec-6]: TPSSession.process() about to call read on connection : org.dogtagpki.tps.TPSConnection@462923ba [10/Feb/2016:00:16:05][http-bio-20080-exec-6]: TPSMessage read() [10/Feb/2016:00:16:25][http-bio-20080-exec-6]: TPSSession.process: Exception reading from the client: java.net.SocketTimeoutException: Read timed out [10/Feb/2016:00:16:25][http-bio-20080-exec-6]: TPS_Processor.HandleAPDURequest failed ReadMsg: java.net.SocketTimeoutException: Read timed out [10/Feb/2016:00:16:25][http-bio-20080-exec-6]: TPSSession.process: IO error happened during processing: java.net.SocketTimeoutException: Read timed out
Per CS/DS Meeting of 02/15/2016: 10.3 Blocker
Jack Magne 2016-02-10 13:37:07 EST
The connection appears to be going down between client ad server in the middle of an operation. Perhaps an operation down to the card is taking too long thus causing a timeout. In your pki-tomcat/conf/server.xml you might try establishing the following timeout param to see if this helps... <Connector name="Unsecure" port="8080" protocol="HTTP/1.1" redirectPort="8443" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" enableLookups="false" connectionTimeout="80000" disableUploadTimeout="true" />
Niranjan Mallapadi Raghavender 2016-02-12 00:30:44 EST:
Increasing the connectionTimeout resolved the issue.
commit b0ee4e8ea25f8a645015ace4eb5413fb11e96f50 Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com Date: Thu May 12 15:21:34 2016 -0700
Update default values of connectionTimeout to format smart cards Ticket #1921 Trivial fix to add or up this connectionTimeout value to 80000 or 80 secs. Fix already tested informally in the field by QE.
Closing:
Metadata Update from @mrniranjan: - Issue assigned to jmagne - Issue set to the milestone: 10.3.1
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2319
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.