Error upgrading from 5.7.0 to 6.0.5

[Kristieb]

I'm having troubles upgrading from 5.7.0 to 6.0.5.

Looks like the new version is having trouble reading some of the configuration values.

There is a message saying the Certificate configuration is invalid. When I click on Certificate information I can see the following:

java.lang.ArrayIndexOutOfBoundsException: Index 16 out of bounds for length 16 1.: com.helger.commons.text.util.TextVariableHelper._nextCharConsiderMasking(TextVariableHelper.java:69) 2.: com.helger.commons.text.util.TextVariableHelper._findStartOfVarName(TextVariableHelper.java:135) 3.: com.helger.commons.text.util.TextVariableHelper.splitByVariables(TextVariableHelper.java:175) 4.: com.helger.commons.text.util.TextVariableHelper.forEachTextAndVariable(TextVariableHelper.java:270) 5.: com.helger.commons.text.util.TextVariableHelper.getWithReplacedVariables(TextVariableHelper.java:309) 6.: com.helger.config.Config._getWithVariablesReplacedRecursive(Config.java:257) 7.: com.helger.config.Config.lambda$_getWithVariablesReplacedRecursive$2(Config.java:247) 8.: com.helger.commons.text.util.TextVariableHelper.lambda$getWithReplacedVariables$0(TextVariableHelper.java:310) 9.: com.helger.commons.text.util.TextVariableHelper.forEachTextAndVariable(TextVariableHelper.java:287) 10.: com.helger.commons.text.util.TextVariableHelper.getWithReplacedVariables(TextVariableHelper.java:309) 11.: com.helger.config.Config._getWithVariablesReplacedRecursive(Config.java:257) 12.: com.helger.config.Config.getValue(Config.java:275) 13.: com.helger.config.Config.getValue(Config.java:48) 14.: com.helger.commons.traits.IGetterByKeyTrait.getConvertedValue(IGetterByKeyTrait.java:289) 15.: com.helger.commons.traits.IGetterByKeyTrait.getAsString(IGetterByKeyTrait.java:390) 16.: com.helger.config.fallback.ConfigWithFallback.getAsStringOrFallback(ConfigWithFallback.java:114) 17.: com.helger.pd.client.PDClientConfiguration.getKeyStorePassword(PDClientConfiguration.java:210) 18.: com.helger.pd.client.PDClientConfiguration.loadKeyStore(PDClientConfiguration.java:219) 19.: com.helger.phoss.smp.ui.secure.PageSecureCertificateInformation.fillContent(PageSecureCertificateInformation.java:349) 20.: com.helger.phoss.smp.ui.secure.PageSecureCertificateInformation.fillContent(PageSecureCertificateInformation.java:65) 21.: com.helger.photon.uicore.page.AbstractWebPage.getContent(AbstractWebPage.java:162) 22.: com.helger.photon.bootstrap4.uictrls.ext.BootstrapPageRenderer.getPageContent(BootstrapPageRenderer.java:133) 23.: com.helger.photon.bootstrap4.uictrls.ext.BootstrapPageRenderer.getPageContent(BootstrapPageRenderer.java:160) 24.: com.helger.phoss.smp.ui.secure.SMPRendererSecure.getContent(SMPRendererSecure.java:227) 25.: com.helger.phoss.smp.ui.SMPLayoutHTMLProvider.fillBody(SMPLayoutHTMLProvider.java:70) 26.: com.helger.photon.core.html.AbstractSWECHTMLProvider.fillHeadAndBody(AbstractSWECHTMLProvider.java:106) 27.: com.helger.photon.core.html.AbstractHTMLProvider.createHTML(AbstractHTMLProvider.java:164) 28.: com.helger.photon.app.html.PhotonHTMLHelper.createHTMLResponse(PhotonHTMLHelper.java:117) 29.: com.helger.photon.core.servlet.AbstractApplicationXServletHandler.handleRequest(AbstractApplicationXServletHandler.java:101) 30.: com.helger.phoss.smp.servlet.SMPApplicationXServletHandler.handleRequest(SMPApplicationXServletHandler.java:81) 31.: com.helger.xservlet.handler.simple.XServletHandlerToSimpleHandler.onRequest(XServletHandlerToSimpleHandler.java:245) 32.: com.helger.xservlet.AbstractXServlet._invokeHandler(AbstractXServlet.java:345) 33.: com.helger.xservlet.AbstractXServlet.service(AbstractXServlet.java:533) 34.: javax.servlet.http.HttpServlet.service(HttpServlet.java:779) 35.: com.helger.xservlet.AbstractXServlet.service(AbstractXServlet.java:587) 36.: org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) 37.: org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) 38.: org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) 39.: org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) 40.: org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) 41.: com.helger.web.servlets.scope.AbstractScopeAwareFilter.doHttpFilter(AbstractScopeAwareFilter.java:81) 42.: com.helger.servlet.filter.AbstractHttpServletFilter.doFilter(AbstractHttpServletFilter.java:66) 43.: org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) 44.: org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) 45.: com.helger.xservlet.AbstractXFilter.doHttpFilter(AbstractXFilter.java:189) 46.: com.helger.servlet.filter.AbstractHttpServletFilter.doFilter(AbstractHttpServletFilter.java:66) 47.: org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) 48.: org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) 49.: com.helger.servlet.filter.CharacterEncodingFilter.doHttpFilter(CharacterEncodingFilter.java:187) 50.: com.helger.servlet.filter.AbstractHttpServletFilter.doFilter(AbstractHttpServletFilter.java:66) 51.: org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) 52.: org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) 53.: org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:177) 54.: org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) 55.: org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) 56.: org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) 57.: org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) 58.: org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) 59.: org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) 60.: org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) 61.: org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) 62.: org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) 63.: org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:891) 64.: org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1784) 65.: org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) 66.: org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) 67.: org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) 68.: org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 69.: java.base/java.lang.Thread.run(Thread.java:829)

I had a look at the updated sample configuration properties and change the properties starting with pdclient to match: https://github.com/phax/phoss-smp/blob/master/docker/example-config-dir/application.properties

pdclient.keystore.type = ${smp.keystore.type} pdclient.keystore.path = ${smp.keystore.path} pdclient.keystore.key.alias = ${smp.keystore.key.alias} pdclient.keystore.password = ${smp.keystore.password} pdclient.keystore.key.password = ${smp.keystore.key.password}

However it's still showing the same error above. Everything else seems to be configured correctly still.

[phax]

@Kristieb Can you please send me the source property file that caused that issue? It's clearly a bug "somewhere" in the variable resolution code :-/

[Kristieb]

@phax pasted the content of the application.properties below. Remove the actual passwords.

# Global flags for initializer
# For production debug should be false and production should be true
global.debug = true
global.production = false
global.debugjaxws = false

## Application Configuration
# Type (JKS or PKCS12)
pdclient.keystore.type = ${smp.keystore.type}
# The path should be absolute for docker configuration
# Put the .p12 file in the same directory as this file (depends on the docker config)
pdclient.keystore.path = ${smp.keystore.path}
pdclient.keystore.key.alias = ${smp.keystore.key.alias}

#DO NOT COMMIT THE REAL PASSWORD!
pdclient.keystore.password = ${smp.keystore.password}
pdclient.keystore.key.password = ${smp.keystore.key.password}

## SMP Configuration
# The backend to be used. Can either be "sql" or "xml". Any other value will result in a startup error
smp.backend = xml

## Keystore data

# Type (JKS or PKCS12)
smp.keystore.type = pkcs12
# The path should be absolute for docker configuration
# Put the .p12 file in the same directory as this file (depends on the docker config)
smp.keystore.path = /config/smp-test-complete.p12
smp.keystore.key.alias = smp-test
#DO NOT COMMIT THE REAL PASSWORD!
smp.keystore.password = password
smp.keystore.key.password = password

# This default truststore handles 2010 and 2018 PKIs
#smp.truststore.type     = jks
#smp.truststore.path     = truststore/complete-truststore.jks
#smp.truststore.password = peppol

# Force all paths (links) to be "/" instead of the context path
# This is helpful if the web application runs in a context like "/smp" but is proxied to a root path
smp.forceroot = true

# If this property is specified, it will overwrite the automatically generated URL
# for all cases where absolute URLs are necessary
# This might be helpful when running on a proxied Tomcat behind a web server
smp.publicurl = http://smp-test.payreq.com/

## Write to SML? true or false
sml.enabled=false
# Is an SML needed in the current scenario - show warnings if true
sml.required=true
# The SMP ID also used in the SML!
sml.smpid=PAU000363

# SML connection timeout milliseconds
#sml.connection.timeout.ms = 5000

# SML request timeout milliseconds
#sml.request.timeout.ms = 20000

# Enable PEPPOL Directory integration?
#todo: change to true in prod
smp.directory.integration.enabled=true
smp.directory.hostname=https://test-directory.peppol.eu

# Use PEPPOL identifiers (with all constraints) or simple, unchecked identifiers?
# Possible values are "peppol", "simple" and "bdxr"
smp.identifiertype=peppol

smp.rest.type=peppol
smp.rest.log.exceptions=true

# Central directory where the data should be stored.
# This should be absolute in production.
webapp.datapath = /home/git/conf

# Should all files of the application checked for readability?
# This should only be set to true when datapath is a relative directory inside a production version
webapp.checkfileaccess = false

# Is it a test version? E.g. a separate header is shown
webapp.testversion = true

# Use slow, but fancy dynamic table on the start page?
webapp.startpage.dynamictable = false

# Participant list is enabled by default
webapp.startpage.participants.none = false

# Don't show content of extensions by default on start page
webapp.startpage.extensions.show = false

# The name of the Directory implementation
webapp.directory.name = PEPPOL Directory

# Don't show content of extensions by default in service groups
webapp.servicegroups.extensions.show = false

[phax]

The problem is most likely a solo "$" in one of your passwords. That is an error in variable resolution code that will be fixed for the next iteration. The only workaround I can current offer is not to use the $ sign in your passwords. Sorry for the inconvenience caused :(

[phax]

Will be fixed in the 6.0.6 version

[phax]

v6.0.6 is now available: https://github.com/phax/phoss-smp/releases/tag/phoss-smp-parent-pom-6.0.6

[Kristieb]

Thank you for resolving the issue the certificate is now being picked up.