International-Data-Spaces-Association / IDS-testbed

Apache License 2.0
25 stars 33 forks source link

MDB issue with private key inside broker-core container #92

Open jfernandezsqs opened 2 years ago

jfernandezsqs commented 2 years ago

Currently, it is not possible to insert the Broker private key into the broker-core container. As a workaround in the IDS-testbed we are currently building a new Broker container with the correct Java Keystore inside so that it works correctly with the rest of components (DSC and DAPS). This is not the suitable way because it is tested a different container than the one that is published in the official MDB repository.

It has been tried the solution described here but it does not validate the IDS-testbed DAPS. This is the error obtained when trying to register the DSCA to the MDB.

connectora             | 2022-08-25T08:46:56,280 [https-jsse-nio-8080-exec-4] INFO - Using cached DAPS DAT. [expiration=(2022-08-25T09:41:53.000+0000)]
connectora             | 2022-08-25T08:46:56,300 [https-jsse-nio-8080-exec-4] INFO - Successfully loaded Keystore.
connectora             | 2022-08-25T08:46:56,355 [https-jsse-nio-8080-exec-4] INFO - Successfully loaded Truststore.
connectora             | 2022-08-25T08:46:56,363 [https-jsse-nio-8080-exec-4] INFO - Using cached DAPS DAT. [expiration=(2022-08-25T09:41:53.000+0000)]
connectora             | 2022-08-25T08:46:56,378 [https-jsse-nio-8080-exec-4] INFO - Sending request to https://broker-reverseproxy/infrastructure ...
broker-core            | de.fraunhofer.iais.eis.ids.component.core.TokenRetrievalException: Unable to retrieve DAPS token.
broker-core            |    at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsSecurityTokenProvider.getSecurityToken(DapsSecurityTokenProvider.java:96)
broker-core            |    at de.fraunhofer.iais.eis.ids.component.core.SecurityTokenProvider.getSecurityTokenAsDAT(SecurityTokenProvider.java:12)
broker-core            |    at de.fraunhofer.iais.eis.ids.component.core.MessageDispatcher.handle(MessageDispatcher.java:69)
broker-core            |    at de.fraunhofer.iais.eis.ids.component.core.MessageDispatcher.lambda$dispatch$2(MessageDispatcher.java:51)
broker-core            |    at java.base/java.util.Optional.map(Optional.java:265)
broker-core            |    at de.fraunhofer.iais.eis.ids.component.core.MessageDispatcher.dispatch(MessageDispatcher.java:51)
broker-core            |    at de.fraunhofer.iais.eis.ids.component.core.DefaultComponent.process(DefaultComponent.java:45)
broker-core            |    at de.fraunhofer.iais.eis.ids.component.interaction.multipart.MultipartComponentInteractor.process(MultipartComponentInteractor.java:87)
broker-core            |    at de.fraunhofer.iais.eis.ids.component.protocol.http.server.ComponentController.processMessage(ComponentController.java:237)
broker-core            |    at de.fraunhofer.iais.eis.ids.component.protocol.http.server.ComponentController.infrastructureLevelCommunication(ComponentController.java:205)
broker-core            |    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
broker-core            |    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
broker-core            |    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
broker-core            |    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
broker-core            |    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189)
broker-core            |    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
broker-core            |    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
broker-core            |    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
broker-core            |    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)
broker-core            |    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
broker-core            |    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)
broker-core            |    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
broker-core            |    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
broker-core            |    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:908)
broker-core            |    at javax.servlet.http.HttpServlet.service(HttpServlet.java:665)
broker-core            |    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
broker-core            |    at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
broker-core            |    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
broker-core            |    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-core            |    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
broker-core            |    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-core            |    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-core            |    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
broker-core            |    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
broker-core            |    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-core            |    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-core            |    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
broker-core            |    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
broker-core            |    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-core            |    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-core            |    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
broker-core            |    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
broker-core            |    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-core            |    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-core            |    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
broker-core            |    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
broker-core            |    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-core            |    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-core            |    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
broker-core            |    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
broker-core            |    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
broker-core            |    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
broker-core            |    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
broker-core            |    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
broker-core            |    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
broker-core            |    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
broker-core            |    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
broker-core            |    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
broker-core            |    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589)
broker-core            |    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
broker-core            |    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
broker-core            |    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
broker-core            |    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
broker-core            |    at java.base/java.lang.Thread.run(Thread.java:829)
broker-core            | Caused by: java.lang.NullPointerException
broker-core            |    at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsTokenRetriever.getKeyIdentifiers(DapsTokenRetriever.java:153)
broker-core            |    at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsTokenRetriever.createBearerToken(DapsTokenRetriever.java:121)
broker-core            |    at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsTokenRetriever.retrieveToken(DapsTokenRetriever.java:100)
broker-core            |    at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsSecurityTokenProvider.getSecurityToken(DapsSecurityTokenProvider.java:94)
broker-core            |    ... 63 more
broker-reverseproxy    | 172.18.0.4 - - [25/Aug/2022:08:46:57 +0000] "POST /infrastructure HTTP/1.1" 200 1506 "-" "okhttp/4.9.3"
connectora             | 2022-08-25T08:46:57,416 [https-jsse-nio-8080-exec-4] INFO - Successfully received response to request.
connectora             | 2022-08-25T08:46:57,428 [https-jsse-nio-8080-exec-4] INFO - Successfully passed SHACL-Validation.
connectora             | 2022-08-25T08:46:57,448 [https-jsse-nio-8080-exec-4] DEBUG - Received unexpected response message. [response=({reason=https://w3id.org/idsa/code/INTERNAL_RECIPIENT_ERROR, payload=Failed to retrieve own DAPS token, preventing a valid response., type=class de.fraunhofer.iais.eis.RejectionMessageImpl})]
CarlosCobAtos commented 1 year ago

I had the same error, and I solved it by changing the permissions of the certificates. When the DAPS cannot use the certificates it is because the certificate's permissions are too strict. With "chmod" instruction you should solve the bug.

jfernandezsqs commented 1 year ago

I changed the certificate permissions of the components (giving read, write and execution permissions) and have also changed line 102 of the docker-compose.yml file. I have used the following:

image: registry.gitlab.cc-asp.fraunhofer.de/eis-ids/broker-open/core:5.0.0 

With these changes it fails to register the connector at the Metadata Broker.