search

FraunhoferISST / DataspaceConnector

This is an IDS Connector reference implementation.
https://www.isst.fraunhofer.de/de/geschaeftsfelder/datenwirtschaft/technologien/Dataspace-Connector.html
Apache License 2.0
103 stars 80 forks source link

rejectionReason: MALFORMED_MESSAGE after including IDS-Certificate #67

Closed AngWickert closed 3 years ago

AngWickert commented 3 years ago

I've problems with including the IDS-Certificate. Done steps:

  1. added new certificate to conf-directory
  2. modified application.properties:
    server.ssl.key-store=classpath:conf/connector.p12
  3. changed deployMode und keystore in config.json: "ids:connectorDeployMode" : { "@id" : "idsc:PRODUCTIVE_DEPLOYMENT" }, "ids:keyStore" : { "@id" : "file:///conf/ieeconnector.p12" }

Starting the connector works without problems. On making a Description Request to another Connector, I get the answer

"ids:rejectionReason" : { "@id" : "idsc:MALFORMED_MESSAGE" }, "ids:securityToken" : { "@type" : "ids:DynamicAttributeToken", "@id" : "https://w3id.org/idsa/autogen/dynamicAttributeToken/60027237-5eff-465f-afeb-71dfd7769086", "ids:tokenValue" : "rejected!", "ids:tokenFormat" : { "@id" : "idsc:JWT" } }, "ids:senderAgent" : { "@id" : "https://w3id.org/idsa/autogen/baseConnector/42d834ec-855b-456e-8cac-009d5d56593a" }, "ids:correlationMessage" : { "@id" : "https://INVALID" }, and the text Token could not be parsed!JWT strings must contain exactly 2 period characters. Found: 0

The console produce following error:

2020-11-26 09:47:20 ERROR TokenManagerService:164 - Error retrieving token: Unexpected code Response{protocol=http/1.1, code=400, message=Bad Request, url=https://daps.aisec.fraunhofer.de/v2/token}

Where is the problem?

brianjahnke commented 3 years ago

Hello,

to reproduce your problem we will need the following information:

AngWickert commented 3 years ago

this is the Answer ob Gerd Brost, who have generated the certificate:

Die Frage nach „Type“ ist mir jetzt etwas unklar. Es ist ein X.509 Zertifikat, aber das sieht man, wenn man es aus dem Keystore ausgeben lässt. Und die enthaltenen Felder auch. Ausgestellt wurde es von mir, generiert von einer Demo-CA. Das ist unsere IDS-Test-CA, die natürlich nicht die Garantien einer kommerziellen CA hat.

ronjaquensel commented 3 years ago

The problem was the system time of the system the connector was running on. The DAT request was signed with an invalid timestamp and thus rejected by the DAPS. For information on how to solve this problem have a look at the FAQ.