Expired Example DAPS Certificate

Krieke commented 1 year ago

Can it be that the example DAPS certificate isstbroker-keystore.jks is expired.

When following the Installation Guide and using the postman collection to illustrate all core functions of the IDS Metadata Broker a Failed to retrieve own DAPS token, preventing a valid response. --I0t5EPCGhkIvABxUmgBpde6wWW4k54-- is noticed.

I also find it strange that a DAPS issue is reported when one has configured the DAPS_VALIDATE_INCOMING=false in the docker-compose.yml

The output on the console:

broker-localhost-broker-reverseproxy-1  | 172.21.0.1 - - [09/Mar/2023:03:34:14 +0000] "POST /infrastructure HTTP/1.1" 200 1475 "-" "PostmanRuntime/7.29.2"
broker-localhost-broker-core-1          | de.fraunhofer.iais.eis.ids.component.core.TokenRetrievalException: Unable to retrieve DAPS token.
broker-localhost-broker-core-1          |   at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsSecurityTokenProvider.getSecurityToken(DapsSecurityTokenProvider.java:96)
broker-localhost-broker-core-1          |   at de.fraunhofer.iais.eis.ids.component.core.SecurityTokenProvider.getSecurityTokenAsDAT(SecurityTokenProvider.java:12)
broker-localhost-broker-core-1          |   at de.fraunhofer.iais.eis.ids.component.core.MessageDispatcher.handle(MessageDispatcher.java:69)
broker-localhost-broker-core-1          |   at de.fraunhofer.iais.eis.ids.component.core.MessageDispatcher.lambda$dispatch$2(MessageDispatcher.java:51)
broker-localhost-broker-core-1          |   at java.base/java.util.Optional.map(Optional.java:265)
broker-localhost-broker-core-1          |   at de.fraunhofer.iais.eis.ids.component.core.MessageDispatcher.dispatch(MessageDispatcher.java:51)
broker-localhost-broker-core-1          |   at de.fraunhofer.iais.eis.ids.component.core.DefaultComponent.process(DefaultComponent.java:45)
broker-localhost-broker-core-1          |   at de.fraunhofer.iais.eis.ids.component.interaction.multipart.MultipartComponentInteractor.process(MultipartComponentInteractor.java:87)
broker-localhost-broker-core-1          |   at de.fraunhofer.iais.eis.ids.component.protocol.http.server.ComponentController.processMessage(ComponentController.java:237)
broker-localhost-broker-core-1          |   at de.fraunhofer.iais.eis.ids.component.protocol.http.server.ComponentController.infrastructureLevelCommunication(ComponentController.java:205)
broker-localhost-broker-core-1          |   at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
broker-localhost-broker-core-1          |   at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
broker-localhost-broker-core-1          |   at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
broker-localhost-broker-core-1          |   at java.base/java.lang.reflect.Method.invoke(Method.java:566)
broker-localhost-broker-core-1          |   at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189)
broker-localhost-broker-core-1          |   at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
broker-localhost-broker-core-1          |   at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
broker-localhost-broker-core-1          |   at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
broker-localhost-broker-core-1          |   at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)
broker-localhost-broker-core-1          |   at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
broker-localhost-broker-core-1          |   at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)
broker-localhost-broker-core-1          |   at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
broker-localhost-broker-core-1          |   at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
broker-localhost-broker-core-1          |   at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:908)
broker-localhost-broker-core-1          |   at javax.servlet.http.HttpServlet.service(HttpServlet.java:665)
broker-localhost-broker-core-1          |   at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
broker-localhost-broker-core-1          |   at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-localhost-broker-core-1          |   at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-localhost-broker-core-1          |   at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
broker-localhost-broker-core-1          |   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-localhost-broker-core-1          |   at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
broker-localhost-broker-core-1          |   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-localhost-broker-core-1          |   at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
broker-localhost-broker-core-1          |   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-localhost-broker-core-1          |   at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
broker-localhost-broker-core-1          |   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
broker-localhost-broker-core-1          |   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
broker-localhost-broker-core-1          |   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
broker-localhost-broker-core-1          |   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
broker-localhost-broker-core-1          |   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
broker-localhost-broker-core-1          |   at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
broker-localhost-broker-core-1          |   at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
broker-localhost-broker-core-1          |   at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
broker-localhost-broker-core-1          |   at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589)
broker-localhost-broker-core-1          |   at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
broker-localhost-broker-core-1          |   at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
broker-localhost-broker-core-1          |   at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
broker-localhost-broker-core-1          |   at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
broker-localhost-broker-core-1          |   at java.base/java.lang.Thread.run(Thread.java:829)
broker-localhost-broker-core-1          | Caused by: java.io.IOException: Unable to retrieve DAPS token (response code: 400) 
broker-localhost-broker-core-1          |  Response: {"error":"invalid_client","error_description":"Error decoding JWT: No verification key available"}
broker-localhost-broker-core-1          |   at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsTokenRetriever.acquireAccessTokenFromDaps(DapsTokenRetriever.java:190)
broker-localhost-broker-core-1          |   at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsTokenRetriever.retrieveToken(DapsTokenRetriever.java:101)
broker-localhost-broker-core-1          |   at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsSecurityTokenProvider.getSecurityToken(DapsSecurityTokenProvider.java:94)
broker-localhost-broker-core-1          |   ... 63 more

tharindupr commented 11 months ago

Were you able to resolve this issue? If so, please let me know how. Thanks

Krieke commented 11 months ago

Hi @tharindupr, due to change in projects I didn't spend any additional time on this. So if you are not able to reproduce you can close the ticket.

tharindupr commented 11 months ago

@Krieke At the moment, I'm facing the same issue. The strange thing is the issue occurs even though the DAPS validation is turned off.

Krieke commented 11 months ago

@tharindupr indeed, see my initial comment. I hope someone can find the time to help you with this.

International-Data-Spaces-Association / metadata-broker-open-core

Expired Example DAPS Certificate #130