libresign icon indicating copy to clipboard operation
libresign copied to clipboard
verified publisher icon LibreSign

Identification Document cannot be validated in Libresign

Open kevinkuan1969 opened this issue 2 years ago • 10 comments

Describe the bug

Created new account together with new identification document. The user account is assigned to group with option 'Allow request to sign'.
The new identification document is then flow to admin user with 'authorized groups that can request to sign documents'.

At the admin screen below: click the file to validate, the error message displayed image

image

Environment information (please complete the following information):**

  • Ubuntu 22.04
  • Browser Windows Edge
  • LibreSign Version 7.1.1
  • Nextcloud Server Version - 27.1.3
  • Logs (get the entries from nextcloud.log related with LibreSign i.e tail -f data/nextcloud.log|grep libresign)

kevinkuan1969 avatar Nov 13 '23 12:11 kevinkuan1969

Hi @kevinkuan1969 Can you share the logs in the time that you received this message?

vitormattos avatar Nov 15 '23 11:11 vitormattos

Error | libresign | [{"file":"\/var\/www\/nextcloud\/lib\/private\/Files\/View.php","line":528,"function":"basicOperation","class":"OC\\Files\\View","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/Files\/Filesystem.php","line":545,"function":"file_exists","class":"OC\\Files\\View","type":"->"},{"file":"\/var\/www\/nextcloud\/apps\/files_versions\/lib\/Storage.php","line":189,"function":"file_exists","class":"OC\\Files\\Filesystem","type":"::"},{"file":"\/var\/www\/nextcloud\/apps\/files_versions\/lib\/Listener\/FileEventsListener.php","line":202,"function":"store","class":"OCA\\Files_Versions\\Storage","type":"::"},{"file":"\/var\/www\/nextcloud\/apps\/files_versions\/lib\/Listener\/FileEventsListener.php","line":108,"function":"write_hook","class":"OCA\\Files_Versions\\Listener\\FileEventsListener","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/EventDispatcher\/ServiceEventListener.php","line":86,"function":"handle","class":"OCA\\Files_Versions\\Listener\\FileEventsListener","type":"->"},{"file":"\/var\/www\/nextcloud\/3rdparty\/symfony\/event-dispatcher\/EventDispatcher.php","line":251,"function":"__invoke","class":"OC\\EventDispatcher\\ServiceEventListener","type":"->"},{"file":"\/var\/www\/nextcloud\/3rdparty\/symfony\/event-dispatcher\/EventDispatcher.php","line":73,"function":"callListeners","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/EventDispatcher\/EventDispatcher.php","line":94,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/EventDispatcher\/EventDispatcher.php","line":106,"function":"dispatch","class":"OC\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/Files\/Node\/HookConnector.php","line":112,"function":"dispatchTyped","class":"OC\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/legacy\/OC_Hook.php","line":105,"function":"write","class":"OC\\Files\\Node\\HookConnector","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/Files\/View.php","line":1270,"function":"emit","class":"OC_Hook","type":"::"},{"file":"\/var\/www\/nextcloud\/lib\/private\/Files\/View.php","line":1144,"function":"runHooks","class":"OC\\Files\\View","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/Files\/View.php","line":680,"function":"basicOperation","class":"OC\\Files\\View","type":"->"},{"file":"\/var\/www\/nextcloud\/lib\/private\/Files\/Node\/File.php","line":73,"function":"file_put_contents","class":"OC\\Files\\View","type -- | -- | --

kevinkuan1969 avatar Nov 18 '23 09:11 kevinkuan1969

Error | libresign | OC\Files\View::basicOperation(): Argument #2 ($path) must be of type string, null given, called in /var/www/nextcloud/lib/private/Files/View.php on line 528 -- | -- | --

kevinkuan1969 avatar Nov 18 '23 09:11 kevinkuan1969

Also saw another error log before the event happened. But check at the local browser, it worked well.

Error | PHP | fsockopen(): Unable to connect to 127.0.0.1:8888 (Connection refused) at /var/www/nextcloud/apps/libresign/lib/Handler/CfsslHandler.php#237 -- | -- | --

image

kevinkuan1969 avatar Nov 18 '23 09:11 kevinkuan1969

Sounds that this error isn't really from LibreSign:

Error | libresign | OC\Files\View::basicOperation(): Argument https://github.com/LibreSign/libresign/issues/2 ($path) must be of type string, null given, called in /var/www/nextcloud/lib/private/Files/View.php on line 528 -- | -- | --

But, maybe, because didn't made the right error handling to catch the possible errors when manipulate a file, would be possible that this error be throw by LibreSign.

Did you split the row from your log file in two messages? The first message is a backtrace, have not an error message and the second message is only the error message.

vitormattos avatar Nov 18 '23 14:11 vitormattos

And, the question about CFSSL, is a bit strange that you can access the CFSSL server in your browser using 127.0.0.1. Is your server installed on your personal computer?

I put at the code to use the localhost IP to make only be possible access the CFSSL server from Nextcloud server.

Have a flow to use CFSSL in the code:

https://github.com/LibreSign/libresign/blob/main/lib/Handler/CertificateEngine/CfsslHandler.php#L161-L175

  1. Check if CFSSL server is UP, if true, all is OK and will return from this flow
  2. get the path of CFSSL from settings of LibreSign
  3. get the config path of CFSSL that have the root certificate files fom settings of LibreSign
  4. start the CFSSL server in background
  5. check if the CFSSL server is UP trying to do a socket connection to IP and port of CFSSL a time by second during 4 seconds.

Is at this point that you get the error

Looking at this point of code, the command to run the CFSSL server in background have not a check if was executed with success. I think that have problems when try to start the CFSSL server in your environment and would be good to try to run the command handmade in terminal of your server to verify if all is ok or if will return an error.

As a follow up of this problem, will be necessary to put a check at this point to verify if the command was executed with success but this change will only come in the next version of LibreSign. I send a comment about next version here:

  • https://github.com/LibreSign/libresign/issues/1959

A new feature that will come in the next version is that will be possible to choose between CFSSL or OpenSSL to issue the root certificate. With this, will be possible to don't use CFSSL and if you have problems with CFSSL, only changing to OpenSSL engine to generate the root certificate, will solve your problem.

vitormattos avatar Nov 18 '23 14:11 vitormattos

Thank you very much @vitormattos for your reply.

And, the question about CFSSL, is a bit strange that you can access the CFSSL server in your browser using 127.0.0.1. Is your server installed on your personal computer?

We installed everything in 1 PC using Ubuntu 23.10 and the latest version of Nextcloud 27.1.3. Discovered the error of CFSSL (fsockopen(): Unable to connect to 127.0.0.1:8888 (Connection refused) ) when immediately after reboot or OS system is ready. In this case, do not think it is related to above issue of not getting the Identification Document signed.

In term of the logs for the above issue, there are two separate items which the print-screen as below:

image

image

kevinkuan1969 avatar Nov 19 '23 05:11 kevinkuan1969

Hi! Could you test again at the newest release of LibreSign?

vitormattos avatar Apr 24 '24 16:04 vitormattos