[BUG] cross certificate error fetching form design data for certain DBs

[artcathcl]

For this KEEP endpoint: /design/forms?db=inttestv1nsf&raw=true

I'm getting this response:

{ "status": 500, "message": "The Address Book does not contain a cross certificate capable of validating the public key. (error code: 0x1757, raw error with all flags: 0x1757) (through reference chain: com.hcl.domino.commons.design.FormImpl[\"document\"])" }

And found this in the logs:

2022-02-06T01:51:19,208 [vert.x-eventloop-thread-3] ERROR (AbstractEventBusResponseSubscriber.java:153) - The Address Book does not contain a cross certificate capable of validating the public key. (error code: 0x1757, raw error with all flags: 0x1757) (through reference chain: com.hcl.domino.commons.design.FormImpl["document"]) com.hcl.domino.keep.exceptions.KeepException: The Address Book does not contain a cross certificate capable of validating the public key. (error code: 0x1757, raw error with all flags: 0x1757) (through reference chain: com.hcl.domino.commons.design.FormImpl["document"]) at com.hcl.domino.keep.exceptions.KeepException.fromThrowable(KeepException.java:97) ~[classes/:?] at com.hcl.domino.keep.tools.KeepUtils.getKeepException(KeepUtils.java:510) ~[classes/:?] at com.hcl.domino.keep.dbrequests.AsyncDominoJNX.lambda$null$4(AsyncDominoJNX.java:479) ~[classes/:?] at com.hcl.domino.keep.dbrequests.AsyncDominoJNX$$Lambda$1006/0x000000009802def0.run(Unknown Source) ~[?:?] at io.micrometer.core.instrument.AbstractTimer.record(AbstractTimer.java:160) ~[micrometer-core-1.6.2.jar:1.6.2] at com.hcl.domino.keep.dbrequests.AsyncDominoJNX.lambda$continueAfterCompletedPreflight$5(AsyncDominoJNX.java:468) ~[classes/:?] at com.hcl.domino.keep.dbrequests.AsyncDominoJNX$$Lambda$1003/0x000000008c011190.handle(Unknown Source) ~[?:?] at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159) ~[vertx-core-4.2.3.jar:4.2.3] at io.vertx.core.impl.ContextImpl$$Lambda$85/0x000000000c0033e0.handle(Unknown Source) ~[?:?] at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100) ~[vertx-core-4.2.3.jar:4.2.3] at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157) ~[vertx-core-4.2.3.jar:4.2.3] at io.vertx.core.impl.ContextImpl$$Lambda$84/0x000000000800a960.run(Unknown Source) ~[?:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_302] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_302] at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [netty-common-4.1.72.Final.jar:4.1.72.Final] at java.lang.Thread.run(Thread.java:826) [?:1.8.0_302]

Note the error doesn't occur ...

• if raw=false
• for another db

[artcathcl]

tips from Jesse:

• that should be an enhancement issue to make the JSON serializer skip the getDocument() method in the MixIn
• It's probably to do with a weird interaction with the signer of the design element or something
• But that property should be skipped regardless

[artcathcl]

i made another copy of the DB, and looked at the form in Domino Designer. In the original db, the form was last modified by
Jxxxxx/HCL_ICEC (xxxx is for privacy). I clicked the "sign" button, and it changed last modified to Axxxx/USA/PNPHCL (which is the user that made the DB copy). The raw=true works in that case.

[artcathcl]

Jesse says: The "document" property should be emitted, but it's translated to just the UNID and the document signer. The trouble comes with the second part, where the server tries to decide the cryptographic signature but can't verify it. This would happen if you e.g. copy a database from some other organization and don't sign it

I've added a check in the JSON serialization in the current develop branch of JNX. In the mean time, though, you should be able to alleviate it by signing the database as the server in Domino Administrator

https://github.com/HCL-TECH-SOFTWARE/domino-jnx/commit/59b07f37fb6fd943a0701b7fb929575fe1d27bb0