[SCIM2] ITU-T E164 phone number causes org.apache.cxf.interceptor.Fault and returns it to requestor

[hauntingEcho]

attempting the following command against a local installation of IS 5.6.0 with SCIM endpoint security turned off:

curl -k -H "Content-Type: application/json" -d "{"password": "asdfasdfa","name": {"familyName": "what", "givenName":"hi"},"emails":[{"value":"a@a.aa","type":"work","primary":true}],"phoneNumbers":[{"value":"+12223334444","type":"work","primary":true}],"userName":"abc12345"}" https://localhost:9443/scim2/Users -v

gives the response:

< HTTP/1.1 500 Internal Server Error
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Content-Type: text/html;charset=utf-8
< Content-Language: en
< Content-Length: 125
< Date: Wed, 25 Jul 2018 15:29:47 GMT
< Connection: close
< Server: WSO2 Carbon Server
< 
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
<html><head><title>Error report</title></head><body><h1>HTTP Status 500 - org.apache.cxf.interceptor.Fault</h1></body></html

and the wso2 server console output logs:

[2018-07-25 10:29:47,495] ERROR {org.apache.catalina.core.StandardWrapperValve} -  Servlet.service() for servlet [SCIM2Servlet] in context with path [/scim2] threw exception
java.lang.RuntimeException: org.apache.cxf.interceptor.Fault
    at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:116)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:336)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
    at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)
    at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
    at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
    at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
    at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
    at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
    at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.cxf.interceptor.Fault
    at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:170)
    at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:136)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    ... 47 more
Caused by: java.lang.NullPointerException
    at org.wso2.charon3.core.utils.AttributeUtil.getAttributeValueFromString(AttributeUtil.java:64)
    at org.wso2.charon3.core.encoder.JSONDecoder.buildSimpleAttribute(JSONDecoder.java:191)
    at org.wso2.charon3.core.encoder.JSONDecoder.buildComplexValue(JSONDecoder.java:473)
    at org.wso2.charon3.core.encoder.JSONDecoder.buildComplexMultiValuedAttribute(JSONDecoder.java:218)
    at org.wso2.charon3.core.encoder.JSONDecoder.decodeResource(JSONDecoder.java:154)
    at org.wso2.charon3.core.protocol.endpoints.UserResourceManager.create(UserResourceManager.java:140)
    at org.wso2.carbon.identity.scim2.provider.resources.UserResource.createUser(UserResource.java:120)
    at sun.reflect.GeneratedMethodAccessor207.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
    at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
    ... 52 more

This should instead return an error response as described in RFC 7644 section 3.12

[hauntingEcho]

It turns out this was actually an issue with the primary flag - see #3571