EBMS:0102 - FailedDecryption

[skizub21]

Hello, Not sure described below is Oxalis bug, but would appreciate if anybody could direct me to the right place to resolve.

We are trying to send test data to OpenPEPPOL TestBed using either Oxalis v4.1.1 (used in production) or v6.4.0 (which is currently in test). We are using Oxalis-standalone to transmit. In both cases getting transmission errors related to digital signatures similar to ones described in ticket #205. I was trying to use a workaround described in ticket #215 - as per @dladlk comment, which is very useful.

I'll demo on latest Oxalis version which is setup as following: Below is a response from recipient's Access Point:

To me it looks like certificates issue.

Below is a structure of our JKS keystore used by Oxalis (which is pretty-much similar to what we are using in production (v4.1.1), where everything works without any issues):

Any ideas what else could be wrong? Thank you in advance.

[dladlk]

Not sure what is exact reason...

Testbed runs Phase4 AP, and the message you get comes from https://github.com/phax/phase4/blob/master/phase4-lib/src/main/java/com/helger/phase4/error/EEbmsErrorText.java#L46C12-L46C12

It is thrown in at least 2 classes - https://github.com/phax/phase4/blob/8c9fd26be5cf23813cdc4cb6e05ce9daceaba690/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolServletMessageProcessorSPI.java#L533

and

https://github.com/phax/phase4/blob/8c9fd26be5cf23813cdc4cb6e05ce9daceaba690/phase4-lib/src/main/java/com/helger/phase4/servlet/soap/SOAPHeaderElementProcessorWSS4J.java#L318

with a comment

      // TODO we need a way to differentiate signature and decrypt
      // WSSecurityException provides no such thing
      aProcessingErrorMessagesTarget.add (EEbmsError.EBMS_FAILED_DECRYPTION.errorBuilder (aLocale)
                                                                           .errorDetail (sDetails, ex)
                                                                           .build ());

So, it could be either signature or encrypted bytes...

It looks like you need to ask Testbed support...

[skizub21]

@dladlk - many thanks. This was my initial thought so I already raised a ticket with Testbed.

The reason - later I started to think it's a certificate/keystore issue - was the fact that I was trying to send test invoice data to one of the functional (available via SMK) randomly selected endpoints available at PEPPOL Practical portal: https://peppol.helger.com/public/locale-en_US/menuitem-tools-test-endpoints and got exactly the same error. Recipient's PEPPOL ID was 9906:IT10442360961. But I'll try more IDs later.

[skizub]

I found that there were multiple header (SBDH) issues leading to the error message. Some of them were already fixed - the only one left is: errorDescription='Unable to correlate request with Document's Identifier [118e3040-51d2-11e3-8f96-0800200c9a66]' As we were always generating UUIDs for this field, I've asked Peppol Service Desk to clarify what is expected in that filed.

So as suggested initially it was not Oxalis issue thus ticket can be closed. Just one suggestion: it would be nice to add to Oxalis log an error message received as a part of RESP_IN, so there is no need to enable DEBUG mode to identify real problem.

[aaron-kumar]

Thanks for suggestion @skizub - "_Just one suggestion: it would be nice to add to Oxalis log an error message received as a part of RESPIN, so there is no need to enable DEBUG mode to identify real problem." We will work on that... Converting issue to discussion... Thanks a lot to all contributors..