search

aws / aws-sdk-java

The official AWS SDK for Java 1.x. The AWS SDK for Java 2.x is available here: https://github.com/aws/aws-sdk-java-v2/
https://aws.amazon.com/sdkforjava
Apache License 2.0
4.11k stars 2.83k forks source link

KMS: Getting com.fasterxml.jackson.databind.exc.InvalidDefinitionException with Java 17 #2767

Closed gsinghlulu closed 2 years ago

gsinghlulu commented 2 years ago

Describe the bug

When calling decrypt with private key that user do not have access to, getting com.fasterxml.jackson.databind.exc.InvalidDefinitionException instead of AccessDeniedException.

Here's the stacktrace

com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Failed to call `setAccess()` on Method 'setCause' due to `java.lang.reflect.InaccessibleObjectException`, problem: Unable to make final void java.lang.Throwable.setCause(java.lang.Throwable) accessible: module java.base does not "opens java.lang" to unnamed module @129a8472
at [Source: UNKNOWN; byte offset: #UNKNOWN]
at com.fasterxml.jackson.databind.exc.InvalidDefinitionException.from(InvalidDefinitionException.java:67) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.DeserializationContext.reportBadDefinition(DeserializationContext.java:1904) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCache2(DeserializerCache.java:268) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCacheValueDeserializer(DeserializerCache.java:244) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.deser.DeserializerCache.findValueDeserializer(DeserializerCache.java:142) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.DeserializationContext.findRootValueDeserializer(DeserializationContext.java:642) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.ObjectMapper._findRootDeserializer(ObjectMapper.java:4805) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.ObjectMapper._readValue(ObjectMapper.java:4650) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2831) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.ObjectMapper.treeToValue(ObjectMapper.java:3295) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.amazonaws.transform.JsonErrorUnmarshaller.unmarshall(JsonErrorUnmarshaller.java:61) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.doLegacyUnmarshall(JsonErrorResponseHandler.java:185) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.unmarshallException(JsonErrorResponseHandler.java:147) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.createException(JsonErrorResponseHandler.java:131) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.handle(JsonErrorResponseHandler.java:94) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.handle(JsonErrorResponseHandler.java:40) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AwsErrorResponseHandler.handleAse(AwsErrorResponseHandler.java:58) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:45) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:27) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1801) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.doInvoke(AWSKMSClient.java:7223) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:7190) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:7179) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.executeDecrypt(AWSKMSClient.java:1775) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.decrypt(AWSKMSClient.java:1744) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.llm.transactions.crypto.CipherProvider.buildCipher(CipherProvider.java:85) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.crypto.CipherProvider.getCipher(CipherProvider.java:69) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.decryptor.ATGCreateOrderDecryptor.decryptATGOrderData(ATGCreateOrderDecryptor.java:66) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.service.DynamoDBService.saveOrderInfo(DynamoDBService.java:57) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.streams.processor.RetryableCreateOrderStreamProcessor.retryPostPurchaseTopic(RetryableCreateOrderStreamProcessor.java:124) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.streams.processor.RetryableCreateOrderStreamProcessor.process(RetryableCreateOrderStreamProcessor.java:70) ~[classes!/:stage-112adf1-683]
at org.apache.kafka.streams.processor.internals.ProcessorNode.process(ProcessorNode.java:146) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.ProcessorContextImpl.forwardInternal(ProcessorContextImpl.java:253) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.ProcessorContextImpl.forward(ProcessorContextImpl.java:232) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.ProcessorContextImpl.forward(ProcessorContextImpl.java:191) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.SourceNode.process(SourceNode.java:84) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamTask.lambda$process$1(StreamTask.java:731) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.metrics.StreamsMetricsImpl.maybeMeasureLatency(StreamsMetricsImpl.java:769) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamTask.process(StreamTask.java:731) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.TaskManager.process(TaskManager.java:1193) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamThread.runOnce(StreamThread.java:753) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamThread.runLoop(StreamThread.java:583) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamThread.run(StreamThread.java:555) ~[kafka-streams-3.0.0.jar!/:na]
2022-05-10 11:37:42.780 ERROR 1 --- [-StreamThread-1] c.l.t.decryptor.ATGCreateOrderDecryptor : KAFKA_ATG_STREAM_LISTENER_ERROR Error while decrypting the data. ErrorOrderNumber=pv15056760210
com.amazonaws.AmazonServiceException: Unable to unmarshall exception response with the unmarshallers provided (Service: AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 9b4cc746-7a66-4d31-8edc-3f8f3d477464; Proxy: null)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1819) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.doInvoke(AWSKMSClient.java:7223) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:7190) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:7179) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.executeDecrypt(AWSKMSClient.java:1775) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.decrypt(AWSKMSClient.java:1744) ~[aws-java-sdk-kms-1.11.997.jar!/:na]

Using following version Java 17 com.amazonaws:aws-java-sdk-kms:jar:1.11.997 com.fasterxml.jackson.core:jackson-databind:jar:2.13.1

Expected Behavior

Expecting AccessDeniedException to be thrown

Current Behavior

throwing com.fasterxml.jackson.databind.exc.InvalidDefinitionException

Reproduction Steps

Use a encrypted string that is encrypted using a private key inaccessible to he user

Possible Solution

No response

Additional Information/Context

No response

AWS Java SDK version used

1.11.997

JDK version used

17

Operating System and version

Any

gsinghlulu commented 2 years ago

Seems like a jackson issue, but wondering if it can be workaround. https://github.com/FasterXML/jackson-databind/issues/3275

debora-ito commented 2 years ago

@gsinghlulu is this still an issue with the SDK? I see a fix for https://github.com/FasterXML/jackson-databind/issues/3275 was made.

github-actions[bot] commented 2 years ago

It looks like this issue has not been active for more than five days. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please add a comment to prevent automatic closure, or if the issue is already closed please feel free to reopen it.