Getting error 'not_allowed' when trying to getCertificate.

[seweryn-piorkowski]

When trying to call this function I see this error.
Any ideas?

import { hwcrypto } from '../hwcrypto/hwcrypto';

const signEstonianIdCard = (offerId: string) => {
    hwcrypto.getCertificate({ lang: 'en' }).then(function (certificate) {
      const hash = hexToPem(certificate.hex);
      hwcrypto
        .sign(certificate, { type: 'SHA-256', hex: hash }, { lang: 'en' })
        .then(
          function (signature: any) {
            request('customer', 'person')
              .get()
              .then((res) => {
                request('loans', 'sign/contract').post({
                  offerId,
                  userId: res.data.personDetails.idPerson,
                  signatureHash: signature.hex,
                  signingParty: 'applicant',
                });
              });
          },
          function (error: any) {
            console.log(`Signing failed:  ${error.message}`);
          }
        );
    });
  };

// Prepared function for easier exports 
export const hwcrypto = function hwcrypto() {
    "use strict";
    var _debug = function(x) {};
    _debug("hwcrypto.js activated");
    window.addEventListener = window.addEventListener || window.attachEvent;
    function hasPluginFor(mime) {
        return navigator.mimeTypes && mime in navigator.mimeTypes;
    }
[...]

fields.getCertificate = function(options) {
        if (typeof options !== "object") {
            _debug("getCertificate options parameter must be an object");
            return Promise.reject(new Error(INVALID_ARGUMENT));
        }
        if (options && !options.lang) {
            options.lang = "en";
        }
        return _autodetect().then(function(result) {
            // removed if statements because it was throwing errors on dev environment 
            return _backend.getCertificate(options).then(function(certificate) {
                if (certificate.hex && !certificate.encoded) certificate.encoded = _hex2array(certificate.hex);
                return certificate;
            });
        });
    };

[weilah]

I'm also getting the same error. I noticed that this happens only with the latest version of the DigiDocPlugi. I'll try later do debug it and post my findings

[weilah]

It looks like the Chrome token signing extension at some point is not getting the event properly (it is undefined) for the event listener marked with the comment 'Forward the message from page.js to background.js'

[weilah]

any chance that this gets fixed? I'm still not sure where the fix has to be applied though. Whether in hwcrypto.js or in the chrome extension.

[martinpaljak]

That would be the extension.

[metsma]

Not allowed means that you are using http not https

[weilah]

Hey @metsma and @martinpaljak thanks for your help and time.

I'm actually using https.
In fact the whole process works when using filter: 'SIGN' in the getCertificate call and it breaks if I use filter: 'AUTH'.

I was able to reproduce the problem in the demo page: https://hwcrypto.github.io/demo/
but it seems that the radio button to select either SIGN or AUTH is not there anymore?

[weilah]

I meant this radio button here from the demo page (https://github.com/hwcrypto/hwcrypto.js/blob/master/demo/sign.html):

<li><b>CERTIFICATE</b>:
     <input type="radio" name="filter" value="SIGN" checked>SIGN
     <input type="radio" name="filter" value="AUTH">AUTH
</li>

maybe you can try to reproduce the same error on your end? The scenario would look as follows:
-Get the last chrome extension of the ID toke signing
-Set the filter to 'AUTH' for the getCertificate function (hwcrypto.js)
-Execute the sign function (hwcrypto.js) with the certificate gotten in the previous call. It is actually the sign function which breaks.

[metsma]

Auth is now disabled

open-eid/chrome-token-signing#194

[weilah]

oh, I see. Thanks @metsma. Any plans to enable this in the near future?
Excuse me, I'm not sure if I'm getting the whole picture... Auth is now disabled in the extension? or is it disable in the hwcrypto.js library because the extension is broken? I saw that @martinpaljak is also involved in the chrome token extension

Maybe you can help me better understand this ecosystem. In any case thanks!

[metsma]

There is web-eid.eu in development and uses different solution for auth

[weilah]

hey @metsma will the hwcrypto library integrate with the web-eid.eu project?

[metsma]

web-eid will have at some extent backwards compatibility with hwcrypto.js (not auth support)

[weilah]

Gotcha! thanks for the fast response.
Do you have a clue on what are going to be the options to authenticate using javascript? As far as I know hwcrypto was the only javascript library to do so.

[weilah]

nvm, I think I found it:

https://github.com/web-eid/web-eid.js#quickstart