Is your test also calling SecureConnection(true) on the bus attachment after Claim so that the ECDSA session is established? Otherwise the manager bus will try to continue with the existing ECHDE_NULL session and the method calls will fail.
From: George Tang [mailto:[email protected]] Sent: Saturday, October 22, 2016 9:38 AM To: Kevin Kane <[email protected]> Cc: allseen-core <[email protected]> Subject: Re: [Allseen-core] ER_PERMISSION_DENIED Hi Kevin, The logs contain a call to installMembership on the manager bus. Are there any other reasons for not having a sendMemberships call? When writing these tests I could not use credential accessor to get the guid of the bus to set the IssuerCN, and I could not use it to get the bus privatekey to sign the manifest. So I generated a random private key and a random guid instead. Thanks, George On Fri, Oct 21, 2016 at 10:20 AM, Kevin Kane <[email protected]<mailto:[email protected]>> wrote: I don’t see any calls to SendMemberships in the trace. This suggests your security manager bus attachment hasn’t been provisioned with an admin group membership certificate, since later the PERMISSION_MGMT source shows the peer does not match against the ACL for WITH_MEMBERSHP, which should match. Can you make sure your setup generates and installs an admin group membership certificate onto the bus attachment from which you make the Reset call? From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of George Tang Sent: Thursday, October 20, 2016 9:09 PM To: allseen-core <[email protected]<mailto:[email protected]>> Subject: [Allseen-core] ER_PERMISSION_DENIED Hi all, I am getting this error ER_PERMISSION_DENIED, when calling reset in Java. I have a feeling that some value of CertificateX509 is not being set correctly, but I don't know which value. I have the logs for a successful call to reset from the core sample test SecurityClaimApplicationTest.cc (testlog). I also have logs the call to reset from the Java bindings that fails (antlog). It would be great if someone experienced in security and certificates could take a look. Thanks, George
_______________________________________________ Allseen-core mailing list [email protected] https://lists.allseenalliance.org/mailman/listinfo/allseen-core
