Problem with Cert-Issuer


#1

Hi,

I’m following the README on the Cert-Issuer github page with the exact same steps.
These are the commands I’m using.

issuer=bitcoin-cli getnewaddress
sed -i.bak “s//$issuer/g” /etc/cert-issuer/conf.ini
bitcoin-cli dumpprivkey $issuer > /etc/cert-issuer/pk_issuer.txt

  • Note: I didn’t change the conf.ini. I’m using everything exactly as it is on github*

cp /cert-issuer/examples/data-testnet/unsigned_certificates/bc9bdbb5-d734-4242-9edc-d1bc3f8f7a6e.json /etc/cert-issuer/data/unsigned_certificates/

  • I’m using a sample certificate *

bitcoin-cli generate 101
bitcoin-cli getbalance
bitcoin-cli sendtoaddress $issuer 5
cert-issuer -c /etc/cert-issuer/conf.ini

And here on that last command I’m getting the following (huge) error list:

bash-4.3# cert-issuer -c /etc/cert-issuer/conf.ini
WARNING:root:Your app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
INFO:root:Processing 1 certificates
INFO - Processing 1 certificates
INFO:root:Processing 1 certificates under work path=/etc/cert-issuer/work
INFO - Processing 1 certificates under work path=/etc/cert-issuer/work
INFO:root:Signing certificates...
INFO - Signing certificates...
INFO:root:Set cost constants to recommended_tx_fee=0.000600,min_per_output=0.000028,satoshi_per_byte=250
INFO - Set cost constants to recommended_tx_fee=0.000600,min_per_output=0.000028,satoshi_per_byte=250
INFO:root:Total cost will be 133500 satoshis
INFO - Total cost will be 133500 satoshis
INFO:root:Preparing certificate batch
INFO - Preparing certificate batch
Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/usr/lib/python3.5/site-packages/urllib3/connectionpool.py", line 345, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3.5/site-packages/urllib3/connectionpool.py", line 844, in _validate_conn
    conn.connect()
  File "/usr/lib/python3.5/site-packages/urllib3/connection.py", line 326, in connect
    ssl_context=context)
  File "/usr/lib/python3.5/site-packages/urllib3/util/ssl_.py", line 325, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.5/ssl.py", line 377, in wrap_socket
    _context=self)
  File "/usr/lib/python3.5/ssl.py", line 752, in __init__
    self.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/requests/adapters.py", line 440, in send
    timeout=timeout
  File "/usr/lib/python3.5/site-packages/urllib3/connectionpool.py", line 630, in urlopen
    raise SSLError(e)
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 4072, in _retrieve_context_urls
    remote_doc = load_document(url)
  File "/usr/lib/python3.5/site-packages/cert_issuer/certificate_handler.py", line 20, in cached_document_loader
    doc = jsonld_document_loader(url)
  File "/usr/lib/python3.5/site-packages/cert_schema/schema_tools/document_loader.py", line 30, in jsonld_document_loader
    data = load_document(url)
  File "/usr/lib/python3.5/site-packages/cert_schema/schema_tools/document_loader.py", line 17, in load_document
    url, headers={'Accept': 'application/ld+json, application/json'}
  File "/usr/lib/python3.5/site-packages/requests/api.py", line 72, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/sessions.py", line 502, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3.5/site-packages/requests/sessions.py", line 612, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 813, in expand
    input_, {}, options['documentLoader'], options['base'])
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 4079, in _retrieve_context_urls
    code='loading remote context failed', cause=cause)
pyld.jsonld.JsonLdError: ('Dereferencing a URL did not result in a valid JSON-LD context.',)
Type: jsonld.ContextUrlError
Code: loading remote context failed
Details: {'url': 'https://openbadgespec.org/v2/context.json'}
Cause: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 4072, in _retrieve_context_urls
    remote_doc = load_document(url)
  File "/usr/lib/python3.5/site-packages/cert_issuer/certificate_handler.py", line 20, in cached_document_loader
    doc = jsonld_document_loader(url)
  File "/usr/lib/python3.5/site-packages/cert_schema/schema_tools/document_loader.py", line 30, in jsonld_document_loader
    data = load_document(url)
  File "/usr/lib/python3.5/site-packages/cert_schema/schema_tools/document_loader.py", line 17, in load_document
    url, headers={'Accept': 'application/ld+json, application/json'}
  File "/usr/lib/python3.5/site-packages/requests/api.py", line 72, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/sessions.py", line 502, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3.5/site-packages/requests/sessions.py", line 612, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 1125, in to_rdf
    expanded = self.expand(input_, options)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 817, in expand
    'jsonld.ExpandError', cause=cause)
pyld.jsonld.JsonLdError: ('Could not perform JSON-LD expansion.',)
Type: jsonld.ExpandError
Cause: ('Dereferencing a URL did not result in a valid JSON-LD context.',)
Type: jsonld.ContextUrlError
Code: loading remote context failed
Details: {'url': 'https://openbadgespec.org/v2/context.json'}
Cause: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 4072, in _retrieve_context_urls
    remote_doc = load_document(url)
  File "/usr/lib/python3.5/site-packages/cert_issuer/certificate_handler.py", line 20, in cached_document_loader
    doc = jsonld_document_loader(url)
  File "/usr/lib/python3.5/site-packages/cert_schema/schema_tools/document_loader.py", line 30, in jsonld_document_loader
    data = load_document(url)
  File "/usr/lib/python3.5/site-packages/cert_schema/schema_tools/document_loader.py", line 17, in load_document
    url, headers={'Accept': 'application/ld+json, application/json'}
  File "/usr/lib/python3.5/site-packages/requests/api.py", line 72, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/sessions.py", line 502, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3.5/site-packages/requests/sessions.py", line 612, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 813, in expand
    input_, {}, options['documentLoader'], options['base'])
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 4079, in _retrieve_context_urls
    code='loading remote context failed', cause=cause)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 1043, in normalize
    dataset = self.to_rdf(input_, opts)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 1129, in to_rdf
    'RDF.', 'jsonld.RdfError', cause=cause)
pyld.jsonld.JsonLdError: ('Could not expand input before serialization to RDF.',)
Type: jsonld.RdfError
Cause: ('Could not perform JSON-LD expansion.',)
Type: jsonld.ExpandError
Cause: ('Dereferencing a URL did not result in a valid JSON-LD context.',)
Type: jsonld.ContextUrlError
Code: loading remote context failed
Details: {'url': 'https://openbadgespec.org/v2/context.json'}
Cause: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 4072, in _retrieve_context_urls
    remote_doc = load_document(url)
  File "/usr/lib/python3.5/site-packages/cert_issuer/certificate_handler.py", line 20, in cached_document_loader
    doc = jsonld_document_loader(url)
  File "/usr/lib/python3.5/site-packages/cert_schema/schema_tools/document_loader.py", line 30, in jsonld_document_loader
    data = load_document(url)
  File "/usr/lib/python3.5/site-packages/cert_schema/schema_tools/document_loader.py", line 17, in load_document
    url, headers={'Accept': 'application/ld+json, application/json'}
  File "/usr/lib/python3.5/site-packages/requests/api.py", line 72, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/sessions.py", line 502, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3.5/site-packages/requests/sessions.py", line 612, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 813, in expand
    input_, {}, options['documentLoader'], options['base'])
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 4079, in _retrieve_context_urls
    code='loading remote context failed', cause=cause)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 1125, in to_rdf
    expanded = self.expand(input_, options)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 817, in expand
    'jsonld.ExpandError', cause=cause)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/usr/bin/cert-issuer", line 11, in <module>
    load_entry_point('cert-issuer==2.0b10', 'console_scripts', 'cert-issuer')()
  File "/usr/lib/python3.5/site-packages/cert_issuer/__main__.py", line 17, in cert_issuer_main
    issue_certificates.main(parsed_config)
  File "/usr/lib/python3.5/site-packages/cert_issuer/issue_certificates.py", line 74, in main
    tx_id = issuer.issue_certificates()
  File "/usr/lib/python3.5/site-packages/cert_issuer/issuer.py", line 129, in issue_certificates
    self.certificate_batch_handler.validate_batch()
  File "/usr/lib/python3.5/site-packages/cert_issuer/certificate_handler.py", line 52, in validate_batch
    self.certificate_handler.validate_certificate(metadata)
  File "/usr/lib/python3.5/site-packages/cert_issuer/certificate_handler.py", line 138, in validate_certificate
    detect_unmapped_fields=True)
  File "/usr/lib/python3.5/site-packages/cert_schema/schema_tools/schema_validator.py", line 152, in normalize_jsonld
    normalized = jsonld.normalize(json_ld, options=options)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 258, in normalize
    return JsonLdProcessor().normalize(input_, options)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 1047, in normalize
    'jsonld.NormalizeError', cause=cause)
pyld.jsonld.JsonLdError: ('Could not convert input to RDF dataset before normalization.',)
Type: jsonld.NormalizeError
Cause: ('Could not expand input before serialization to RDF.',)
Type: jsonld.RdfError
Cause: ('Could not perform JSON-LD expansion.',)
Type: jsonld.ExpandError
Cause: ('Dereferencing a URL did not result in a valid JSON-LD context.',)
Type: jsonld.ContextUrlError
Code: loading remote context failed
Details: {'url': 'https://openbadgespec.org/v2/context.json'}
Cause: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 4072, in _retrieve_context_urls
    remote_doc = load_document(url)
  File "/usr/lib/python3.5/site-packages/cert_issuer/certificate_handler.py", line 20, in cached_document_loader
    doc = jsonld_document_loader(url)
  File "/usr/lib/python3.5/site-packages/cert_schema/schema_tools/document_loader.py", line 30, in jsonld_document_loader
    data = load_document(url)
  File "/usr/lib/python3.5/site-packages/cert_schema/schema_tools/document_loader.py", line 17, in load_document
    url, headers={'Accept': 'application/ld+json, application/json'}
  File "/usr/lib/python3.5/site-packages/requests/api.py", line 72, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/sessions.py", line 502, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3.5/site-packages/requests/sessions.py", line 612, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3.5/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 813, in expand
    input_, {}, options['documentLoader'], options['base'])
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 4079, in _retrieve_context_urls
    code='loading remote context failed', cause=cause)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 1125, in to_rdf
    expanded = self.expand(input_, options)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 817, in expand
    'jsonld.ExpandError', cause=cause)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 1043, in normalize
    dataset = self.to_rdf(input_, opts)
  File "/usr/lib/python3.5/site-packages/pyld/jsonld.py", line 1129, in to_rdf
    'RDF.', 'jsonld.RdfError', cause=cause)

Can someone help me understand why or how to solve this?

Thanks!
Gabriel


#2

This is a problem with the openbadge’s context SSL. I am adding a fix to use only preloaded contexts, to avoid this. The openbadgespec site was down for a couple of days, and now that it’s up, we are also seeing this SSL error.


#3

Thanks for your answer.
I will be waiting for the update.

Regards,
Gabriel


#4

Hi Gabalo,
I just committed this fix. Please let me know if you have any problems with it. Thanks,
Kim