ROS vs. Linux: Making It Work

Posted in Rants by AST on Sunday, January 28th, 2007

I finally completed the convoluted identity proofing process required by the Irish Revenue Commissioners’ Revenue Online System (ROS) so that I could view/file all of the necessary tax forms for Archistry myself. The registration process/identity proofing for business customers theoretically involves the following 3 steps:

1. Application for a ROS Access Number
2. Apply for your digital certificate
3. Retrieve your digital certificate

Each one of the first two steps involves submission of details to the ROS site and waiting for a letter from Revenue with a code or password that must be used to get to the next step, so there can be a considerable amount of time involved in completing the whole process before you can actually use the service.

“For your own security”, ROS requires 2-factor authentication to enter the site as well as to submit any particular tax form. The authentication is based on the digital certificate you retrieve from ROS as well as a password you create for the certificate. This password can be subsequently changed after you initially provide it. Since you need to store this certificate locally, ROS decided that the best way to implement the authentication mechanism was using both a Java Applet and a custom package, KCrypto (not to be confused with the KDE package by the same name), that includes software from Baltimore to handle the certificate operations.

Problems arise when you aren’t running Windows or MacOS, and, according to the system requirements page even though you can execute the pre-requisite applet, Unix or Linux isn’t yet a supported platform—even though it is promised “soon”. The root of the issue is really two-fold: first, on an operating system where you just can’t throw files higgledy-piggledy anywhere you like, the applet installer doesn’t have the permissions to write the files, and the running applet doesn’t appear to make any attempt to put the certificates anywhere other than “C:\ROS”. Even if MacOS X is a supported platform, from the comments on a blog post from Tom Raftery in 2004, people are still having trouble using ROS under MacOS X in September 2006. Other people have tried using Wine to get the ROS applet to work under Linux, but they didn’t have much luck either.

What’s that? “Java is platform independent; you know, ‘write once, run anywhere’,” you say? “But, it’s a Web application,” you say?

Not quite.

Even with all those obstacles, it is possible to get it working natively under Linux if you have a little patience and can tolerate a few display glitches.

Making ROS work under Linux

NOTE: ROS does not officially support Linux, so these instructions are provided “as is” and do not imply any sort of warranty or liability by me if you have problems with your taxes if you try and use Linux to access ROS. Use at your own risk.

I’m using Firefox 2 under Linux with the JRE 1.4 plug-in. Everything works up until you attempt to install the applet as part of Step #3 for Retrieval of your Certificate. I managed to make everything work, but I had to re-trace my steps back to retrieval of the certificate because once the required libraries are installed, it kept asking me to log in. I hadn’t gotten the certificate yet, so the log in drop-down for certificates was empty.

When attempting to download and install the supporting applet, you will first encounter an error. Using information from the Java Console, you can identify exactly what the issue is. Because I wasn’t clever enough to save them, I can’t tell you exactly what they were, but you will see lots of “permission denied” errors at various points during the install. To display the Java Plug-in Console, run $JAVA_HOME/jre/bin/ControlPanel and set it to “always display” before you start trying to install the ROS applet.

At some point, you will get a message about downloading kcrypto-sun-1.4.jar. You will need to manually download this file from https://www.ros.ie/applets/kcrypto-sun-1.4.jar and copy it to: $JAVA_HOME/jre/lib/ext/.

This is the key step. Once you have done this, the applet installation will work and you should be able to start at the ROS “Home Page” and start the process of retrieving your certificate again.

Issues

Once the installation issue is solved, you will have to deal with a set of applets built using absolute positioning with the Windows control metrics. This means that there are overlaps between the controls and the height of some of the text fields will prevent you from seeing what you’re typing. Most of these aren’t anything but annoying.

As previously mentioned, your certificates will be stored in $HOME/C:/ROS/, which, while annoying, seems to work.

If I notice anything else as I use the service more, I’ll update this article with the new information. Otherwise, if you’re determined to use Linux for running your business in Ireland, I hope this article helps you get around some lazy coding on the part of the ROS team.

It is quite clear that ROS was intended first and foremost as a Windows service. Having written real cross-platform Java applications using JFC in the past, it isn’t generally too hard to do it, if that’s what you’re starting out to do and you have some understanding of the target platforms. Bolting it on later nearly always results in a number of places where people make assumptions about where things live (having a drive C: on something which isn’t Windows, for example) that could’ve been avoided with a bit more planning at the beginning.

Permalink